Attackers scan for vulnerable VMware servers after PoC exploit release
www.bleepingcomputer.com/news/security/attackers-scan-for-vulnerable-vmware-servers-after-poc-exploit-release/ After security researchers have developed and published proof-of-concept (PoC) exploit code targeting a critical vCenter remote code execution (RCE) vulnerability, attackers are now actively scanning for vulnerable Internet-exposed VMware servers. Lisäksi:
Health Website Leaks 8 Million COVID-19 Test Results
threatpost.com/health-website-leaks-covid-19-test/164274/ A teenaged ethical hacker discovered a flawed endpoint associated with a health-department website in the state of Bengal, which exposed personally identifiable information related to test results.
Dutch Research Council (NWO) confirms ransomware attack, data leak
www.bleepingcomputer.com/news/security/dutch-research-council-nwo-confirms-ransomware-attack-data-leak/ The recent cyberattack that forced the Dutch Research Council (NWO) to take its servers offline and suspend grant allocation processes was caused by the DoppelPaymer ransomware gang.
Överbelastningsattack mot Bank-ID orsakade stora störningar
tekniksmart.se/overbelastningsattack-mot-bank-id-orsakade-stora-storningar/ En överbelastningsattack mot Bank-ID under tisdagskvällen gjorde att tjänsten delvis låg nere eller var mycket långsam för användarna. Attacken och störningarna bekräftades av Finansiell ID-Teknik till bland annat SVT Nyheter och TT.
North Korean hackers target defense industry with custom malware
www.bleepingcomputer.com/news/security/north-korean-hackers-target-defense-industry-with-custom-malware/ A North Korean-backed hacking group has targeted the defense industry with custom backdoor malware dubbed ThreatNeedle since early 2020 with the end goal of collecting highly sensitive information.
Malicious Mozilla Firefox Extension Allows Gmail Takeover
threatpost.com/malicious-mozilla-firefox-gmail/164263/ A newly uncovered cyberattack is taking control of victims’ Gmail accounts, by using a customized, malicious Mozilla Firefox browser extension called FriarFox. Lisäksi:
Google’s Password Checkup tool rolling out to Android devices
www.welivesecurity.com/2021/02/24/google-password-checkup-android-devices Google is extending its Password Checkup feature to Android in a bid to help people make their online accounts more secure. Originally introduced as an extension for the Google Chrome web browser two years ago, the tool was later integrated into Chrome for desktop before making its way into the browser’s versions for Android and iOS.
Samsung Investigation Part 1: TEEs, TrustZone and TEEGRIS
www.riscure.com/blog/samsung-investigation-part1 The goal of our investigation was to assess how strong Samsung’s TEE OS is and whether it can be compromised to obtain runtime control and extract all protected assets, allowing, e.g. decryption of user data. We did not consider a full exploit chain and instead focused on the TEE only, assuming an attacker already in control of the Android environment.