Linux malware authors use Ezuri Golang crypter for zero detection
www.bleepingcomputer.com/news/security/linux-malware-authors-use-ezuri-golang-crypter-for-zero-detection/ Multiple malware authors are using the “Ezuri” crypter and memory loader to make their code undetectable to antivirus products. Source code for Ezuri, written in Golang, is available on GitHub for anyone to use.
December 2020’s Most Wanted Malware: Emotet Returns as Top Malware Threat
blog.malwarebytes.com/reports/2021/01/funke-media-group-suffers-nationwide-ransomware-attack-in-germany/ Our latest Global Threat Index for December 2020 has revealed that the Emotet trojan has returned to first place in the top malware list, impacting 7% of organizations globally, following a spam campaign which targeted over 100, 000 users per day during the holiday season.
Funke Media Group suffers nationwide ransomware attack in Germany
www.zdnet.com/article/cybersecurity-hack-the-army-bug-bounty-challenge-asks-hackers-to-find-vulnerabilities-in-u-s-military-networks/ On December 22, Germany’s third largest publisher fell victim to a cyberattack that affected systems in offices all around the country. The Funke Media Group publishes dozens of newspapers, like Berliner Morgenpost, Hamburger Abendblatt, and Bergedorfer Zeitung, as well as magazines, several local radio stations, and online news portals. It reaches over 3 million readers on a daily basis.
Mozilla Releases Security Updates for Firefox, Firefox for Android, and Firefox ESR
us-cert.cisa.gov/ncas/current-activity/2021/01/07/mozilla-releases-security-updates-firefox-firefox-android-and Mozilla has released security updates to address a vulnerability in Firefox, Firefox for Android, and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.
Google Releases Security Updates for Chrome
us-cert.cisa.gov/ncas/current-activity/2021/01/07/google-releases-security-updates-chrome Google has released Chrome version 87.0.4280.141 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
Hack the Army bug bounty challenge asks hackers to find vulnerabilities in military networks
www.zdnet.com/article/cybersecurity-hack-the-army-bug-bounty-challenge-asks-hackers-to-find-vulnerabilities-in-u-s-military-networks/ Hackers are being invited to uncover cybersecurity vulnerabilities in the computer systems used by the US military as part of the ‘Hack the Army’ bug county challenge.
CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise
us-cert.cisa.gov/ncas/current-activity/2021/01/06/cisa-updates-emergency-directive-21-01-supplemental-guidance-and CISA has released Emergency Directive (ED) 21-01 Supplemental Guidance version 3: Mitigate SolarWinds Orion Code Compromise, providing guidance that supersedes Required Action 4 of ED 21-01 and Supplemental Guidance versions 1 and 2.
Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020
www.zdnet.com/article/cobalt-strike-and-metasploit-accounted-for-a-quarter-of-all-malware-c-c-servers-in-2020 Cobalt Strike and Metasploit, two penetration testing toolkits usually employed by security researchers, have been used to host more than a quarter of all the malware command and control (C&C) servers that have been deployed in 2020, threat intelligence firm Recorded Future said in a report today. Lisäksi:
Feds Issue Recommendations for Maritime Cybersecurity
threatpost.com/feds-recommendations-maritime-cybersecurity/162804/ The White House has released cybersecurity guidance for securing the Maritime Transportation System (MTS), which operates along 25, 000 miles of coastal and inland waterways in the United States.
Twitter locks Trump out of his account for at least 12 hours
techcrunch.com/2021/01/06/twitter-locks-trump-out-of-his-account-for-at-least-12-hours/ In a reversal of its long standing policy, Twitter has locked the President of the United States’ Twitter account and forced the removal of three offending tweets.