Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof
cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/ An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author.
Critical Zoom vulnerability triggers remote code execution without user input
www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-execution-without-user-input/ A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. . Pwn2Own, organized by the Zero Day Initiative, is a contest for white-hat cybersecurity professionals and teams to compete in the discovery of bugs in popular software and services.
Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge fully owned
Using Aviary to Analyze Post-Compromise Threat Activity in M365 Environments
us-cert.cisa.gov/ncas/current-activity/2021/04/08/using-aviary-to-analyze-post-compromise-threat-activity Aviary is a new dashboard that CISA and partners developed to help visualize and analyze outputs from its Sparrow detection tool released in December 2020. Sparrow helps network defenders detect possible compromised accounts and applications in Azure/Microsoft O365 environments. . see also
US adds Chinese supercomputing companies to export blacklist
arstechnica.com/tech-policy/2021/04/us-adds-chinese-supercomputing-companies-to-export-blacklist/ The US has placed Chinese groups accused of building supercomputers to help the Chinese military on an export blacklist, the first such move by the Biden administration to make it harder for China to obtain US technology.
Nation-state cyber attacks targeting businesses are on the rise
www.zdnet.com/article/nation-state-cyber-attacks-targeting-businesses-are-on-the-rise/ Analysis of attacks over the last few years shows that the enterprise is increasingly becoming a target for significant hacking campaigns by government-backed operations. But it’s possible to try to protect your network against attacks.
Voice-Changing Software Found on APT Attackers’ Server
www.darkreading.com/threat-intelligence/voice-changing-software-found-on-apt-attackers-server/d/d-id/1340618 Security researchers believe the presence of Morph Vox Pro could indicate APT-C-23 has new plans for their phishing campaigns.
Attackers deliver legal threats, IcedID malware via contact forms
www.bleepingcomputer.com/news/security/attackers-deliver-legal-threats-icedid-malware-via-contact-forms/ Threat actors are using legitimate corporate contact forms to send phishing emails that threaten enterprise targets with lawsuits and attempt to infect them with the IcedID info-stealing malware.
Cryptomining containers caught coining cryptocurrency covertly
Windows and Linux devices are under attack by a new cryptomining worm
arstechnica.com/gadgets/2021/04/windows-and-linux-devices-are-under-attack-by-a-new-cryptomining-worm/ With new exploits and capabilities, the Sysrv botnet poses a growing threat.
What goes around comes around: hackers leak other hackers data online
A deep dive into Saint Bot, a new downloader
blog.malwarebytes.com/threat-analysis/2021/04/a-deep-dive-into-saint-bot-downloader/ In this post, we provide a detailed deep-dive of this malware, covering in-depth analysis of the threat from distribution through post-exploitation. In addition to behavioral analysis, we will explore other techniques employed across the stages of infection including obfuscation and anti-analysis techniques, process injection, and command and control infrastructure and communication.
Are text files safe?
www.kaspersky.com/blog/is-txt-file-safe/39256/ Files with the TXT extension are typically considered safe. Are they, though?. Researchers found a way to exploit a vulnerability (now patched) in the format, and they could find more. The file format isnt actually the problem; its the way programs handle TXTs.
Malicious code in APKPure app
securelist.com/apkpure-android-app-store-infected/101845/ Recently, weve found malicious code in version 3.17.18 of the official client of the APKPure app store. The app is not on Google Play, but it is itself a quite a popular app store around the world. Most likely, its infection is a repeat of the CamScanner incident, when the developer implemented a new adware SDK from an unverified source.