Russian hackers had months-long access to Denmark’s central bank
www.bleepingcomputer.com/news/security/russian-hackers-had-months-long-access-to-denmarks-central-bank/ Russian state hackers compromised Denmark’s central bank (Danmarks Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected.
The “WayBack” Campaign: a Large Scale Operation Hiding in Plain Sight
yoroi.company/research/the-wayback-campaign-a-large-scale-operation-hiding-in-plain-sight/ Yoroi Malware ZLAB is reporting extensively on a large scale operation by an actor that has been active since 2019 and targeting Italian and European organizations.
REvil ransomware’s new Linux encryptor targets ESXi virtual machines
www.bleepingcomputer.com/news/security/revil-ransomwares-new-linux-encryptor-targets-esxi-virtual-machines/ The REvil ransomware operation is now using a Linux encryptor that targets and encrypts Vmware ESXi virtual machines.
Tesorion announces a free decryptor for Lorenz ransomware
www.tesorion.nl/en/posts/lorenz-ransomware-analysis-and-a-free-decryptor/ Report from security researchers at Tesorion give some insight into encryption used by the Lorenz ransomware. Decryptor available for download from nomoreransom.org.
700 million LinkedIn records for sale on hacker forum
www.privacysharks.com/exclusive-700-million-linkedin-records-for-sale-on-hacker-forum-june-22nd-2021/ After 500 million LinkedIn users were affected by data scraping in April, it happened again. The information includes full names, gender, email addresses, phone numbers, and industry information.
NCSC UK – Device Security Guidance for public sector and large organisations
www.ncsc.gov.uk/blog-post/securing-your-devices-future National Cyber Security Centre UK has published “Device Security Guidance” for organisations on how to choose, configure and use devices securely
An unpatched security vulnerability affecting Google’s Compute Engine platform could be abused by an attacker to take over virtual machines over the network
Microsoft’s Halo game development servers breached by a security researcher
www.bleepingcomputer.com/news/security/microsofts-halo-dev-site-breached-using-dependency-hijacking/ Microsoft has had trouble with npm dependency confusion earlier this year, this time another researcher found out that the problem still exists because some packages have dependencies not present on npmjs-registry.
Remote code execution vulnerability in Microsoft Intune management extension
www.nixu.com/blog/remote-code-execution-vulnerability-microsoft-intune-managed-windows-devices Aapo Oksman, a Senior Security Specialist at Nixu Corporation, found a critical bug in the Microsoft Intune Management Extension (IME) that allows for a remote attacker in privileged network position to execute arbitrary code with system privileges on the Windows operating system enrolled into Intune running IME.