Australian govt warns of escalating LockBit ransomware attacks
www.bleepingcomputer.com/news/security/australian-govt-warns-of-escalating-lockbit-ransomware-attacks/ The Australian Cyber Security Centre (ACSC) warns of an increase of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021. According to the agency, LockBit victims also report threats of having data stolen during the attacks leaked online, a known and popular tactic among ransomware gangs to coerce their targets into paying the ransoms.
Anti-Piracy Firm Asks Google to Block 127.0.0.1
torrentfreak.com/anti-piracy-firm-asks-google-to-block-127-0-0-1-210808/ Ukrainian TV channel TRK has sent a rather bizarre takedown request to Google. The company’s anti-piracy partner Vindex asked the search engine to remove a search result that points to 127.0.0.1. Tech-savvy people will immediately recognize that the anti-piracy company apparently found copyright-infringing content on its own server.
Apple fixes AWDL bug that could be used to escape air-gapped networks
therecord.media/apple-fixed-awdl-bug-that-could-be-used-to-escape-air-gapped-networks/ Apple has fixed a vulnerability in its Apple Wireless Direct Link (AWDL) technology that could have been abused by threat actors to escape and steal data from air-gapped networks. Silently patched earlier this spring, in April with the release of iOS 14.5, iPadOS 14.5, watchOS 7.4, and Big Sur 11.3 the vulnerability was publicly disclosed for the first time earlier this week in a blog post by Mikko Kenttälä, a Finish security researcher and the founder and CEO of SensorFu.
Actively exploited bug bypasses authentication on millions of routers
www.bleepingcomputer.com/news/security/actively-exploited-bug-bypasses-authentication-on-millions-of-routers/ Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. The vulnerability tracked as CVE-2021-20090 is a critical path traversal vulnerability (rated 9.9/10) in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication. Vulnerable devices include dozens of router models from multiple vendors and ISPs, including Asus, British Telecom, Deutsche Telekom, Orange, O2 (Telefonica), Verizon, Vodafone, Telstra, and Telus.