Researchers uncover a new Iranian malware used in recent cyberattacks
thehackernews.com/2021/04/researchers-uncover-new-iranian-malware.html An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. APT34 (aka OilRig) is known for its reconnaissance campaigns aligned with the strategic interests of Iran, primarily hitting financial, government, energy, chemical, and telecommunications industries in the Middle East. Aside from gathering basic information about the victim’s machine, the backdoor establishes connections with a remote server to await additional commands that allow it to download files from the server, upload arbitrary files, and execute shell commands, the results of which are posted back to the server.
EU joutui taas kyberiskun kohteeksi “valvotaan ympäri vuorokauden”
www.tivi.fi/uutiset/tv/8e9b421c-477e-4192-bc4f-5a685c6b0919 Euroopan komissio kertoo joutuneensa maaliskuussa kyberiskun kohteeksi. Tietoturvaloukkauksella oli vaikutusta myös moniin muihin EU-instituutioihin, Bleeping Computer kirjoittaa. “Työskentelemme läheisesti EU:n cert-tiimin (computer emergency response team), EU-instituutioiden sekä kyseessä olevien it-ratkaisujen toimittajien kanssa tapauksen selvittämiseksi”, komission edustaja sanoo. “Merkittävästä tietomurrosta” ei toistaiseksi ole havaintoa, mutta tutkimusten kerrotaan olevan vasta alkuvaiheessa.
Indian defense chief admits China’s cyber-weapons would disrupt large number of systems’ whenever Beijing presses the button
www.theregister.com/2021/04/08/india_admits_china_outmatches_cyber_defences/ The highest-ranked officer in India’s armed forces has admitted that China has cyber-war capabilities that can overwhelm his nation’s defenses and suggested that only cross-forces collaboration will get India to parity with its giant neighbor. Asked about capability gaps between India and China, general Rawat admitted India is behind China in several military fields, then added: “The biggest differential lies in the field of cyber.”
Australian Minister’s Phone Hacked as Report Reveals Hong Kong Link
www.bloomberg.com/news/articles/2021-03-24/australian-minister-in-phishing-attack-as-report-reveals-hk-link A second senior Australian government minister has revealed his mobile phone was hacked through the Telegram messaging app, with a media report saying the phishing scam was aimed at revealing contact details of pro-democracy activists in Hong Kong.
REvil ransomware now changes password to auto-login in Safe Mode
www.bleepingcomputer.com/news/security/revil-ransomware-now-changes-password-to-auto-login-in-safe-mode/ A recent change to the REvil ransomware allows the threat actors to automate file encryption via Safe Mode after changing Windows passwords.
(Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor
www.welivesecurity.com/2021/04/08/are-you-afreight-dark-watch-out-vyveva-new-lazarus-backdoor/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Securit… ESET researchers have discovered a previously undocumented Lazarus backdoor used to attack a freight logistics company in South Africa, which they have dubbed Vyveva. The backdoor consists of multiple components and communicates with its C&C server via the Tor network. So far, we were able to find its installer, loader and main payload a backdoor with a TorSocket DLL. The previously unknown attack was discovered in June 2020.
Another supply-chain attack? Android maker Gigaset injects malware into victims’ phones via poisoned update
www.theregister.com/2021/04/07/gigaset_supply_chain_malware_android_phones/ Android smartphones from Gigaset have been infected by malware direct from the manufacturer in what appears to be a supply-chain attack. The Trojan, once downloaded and installed on a victim’s device via a poisoned software update from the vendor, is capable of opening browser windows, fetching more malicious apps, and sending people text messages to further spread the malware, say researchers and users.
Belden says health benefits data stolen in 2020 cyberattack
www.bleepingcomputer.com/news/security/belden-says-health-benefits-data-stolen-in-2020-cyberattack/ Belden is a US-based manufacturer of network connectivity devices, including routers, firewalls, switches, cabling, and connectors. Belden generated $2.5 billion in revenue for 2019 and employs approximately 9, 000 people. In November 2020, Belden disclosed they had suffered a cyberattack where threat actors gained access and copied “some current and former employee data, as well as limited company information regarding some business partners.”. In a new disclosure released yesterday, Belden says their investigation has revealed that the threat actors accessed further data during this attack.
Tech support scammers lure victims with fake antivirus billing emails
www.bleepingcomputer.com/news/security/tech-support-scammers-lure-victims-with-fake-antivirus-billing-emails/ The emails pretend to be billing notices from Norton Lifelock, Microsoft, and McAfee that state the recipient will be charged between $350 to $399 for a three-year subscription unless they call to cancel the subscription. The threat actors constantly change the email subjects, but they all pretend to be a billing subscription from a well-known security security company. When users call into the included phone numbers, the scammers will install various remote access software that threat actors will use to install malware on the computer.
Belgian police seize 28 tons of cocaine after ‘cracking’ Sky ECC’s chat app encryption
www.theregister.com/2021/04/08/sky_ecc_drugs/ Sky ECC was a subscription-based end-to-end encrypted messaging app made by Sky Global and bundled on Google, Apple, Nokia, and BlackBerry handsets stripped of their GPS units, cameras, and microphones the idea being that you could chat via text with other users without fear of being snooped on. European police pulled off a combined operation and shut down Sky Global and swooped on it users and distributors.
Microsoft releases a cyberattack simulator – Shall we play a game?
www.bleepingcomputer.com/news/security/microsoft-releases-a-cyberattack-simulator-shall-we-play-a-game/ Microsoft has released an open-source cyberattack simulator that allows security researchers and data scientists to create simulated network environments and see how they fare against AI-controlled cyber agents.
Windows 10 hacked again at Pwn2Own, Chrome and Zoom also fall
www.bleepingcomputer.com/news/security/windows-10-hacked-again-at-pwn2own-chrome-and-zoom-also-fall/ Contestants hacked Microsoft’s Windows 10 OS twice during the second day of the Pwn2Own 2021 competition, together with the Google Chrome web browser and the Zoom video communication platform.
How Vulnerability Management Can Stop a Data Breach
securityintelligence.com/posts/vulnerability-management-stop-data-breach/ Vulnerability management may not be the sexiest topic. But, while buzzier topics are certainly important, vulnerability management may just be the key to an effective data security strategy. According to a Ponemon Institute report, 42% of nearly 2, 000 surveyed IT and security workers indicated that they had suffered a data breach in the last two years that could be blamed squarely on unpatched vulnerabilities.