Health authorities in 40 countries targeted by COVID19 vaccine scammers
www.welivesecurity.com/2021/08/18/health-authorities-40-countries-targeted-covid19-vaccine-scammers/ INTERPOL has issued a global warning about organized crime groups targeting governments with bogus offers peddling COVID-19 vaccines. The warning was issued to all of INTERPOL’s 194 member countries after the international law enforcement agency registered roughly 60 cases from 40 countries.
Does Abandoning Embassy in Kabul Pose Cybersecurity Risks?
www.databreachtoday.co.uk/does-abandoning-embassy-in-kabul-pose-cybersecurity-risks-a-17309 It’s unlikely that the U.S. abandoning its embassy and other facilities in Afghanistan poses cyber risks, thanks to the emergency planning that was in place, some security experts say. “Realistically, any cybersecurity impacts from the rapid evacuation are minimal to nonexistent, ” says Jake Williams, a former member of the U.S. National Security Agency’s elite hacking team and co-founder and CTO at BreachQuest. “However, this is only because of lots of planning and practice with equipment and document destruction. Even if the situation on the ground moved faster than anticipated, these facilities would have prioritized lists of what to destroy first.”
Trend-spotting email techniques: How modern phishing emails hide in plain sight
www.microsoft.com/security/blog/2021/08/18/trend-spotting-email-techniques-how-modern-phishing-emails-hide-in-plain-sight/ This blog shines a light on techniques that are prominently used in many recent email-based attacks. We’ve chosen to highlight these techniques based on their observed impact to organizations, their relevance to active email campaigns, and because they are intentionally designed to be difficult to detect.
Dogged Persistence – The Name of the Game for One DDoS Attacker
blogs.akamai.com/2021/08/dogged-persistence-the-name-of-the-game-for-one-ddos-attacker.html DDoS attacks are relatively easy to launch from a number of online booter services, and the availability of cryptocurrencies for payment has made it easy to remain anonymous. Attackers can try their hand at DDoS for little effort and money, and in relative safety. They give it a go, try a few things (vector, endpoint, and scale changes), and for those with effective defenses, the attacker eventually burns out. Every now and then, however, we do see extreme examples of DDoS attacker persistence. This was the case starting late last month (July 2021). What made this particular series of DDoS events notable is not only the determination, but also the attack vector sizes targeting multiple IPs across several of the customer’s subnets.
Cobalt Strike: Detect this Persistent Threat
www.intezer.com/blog/malware-analysis/cobalt-strike-detect-this-persistent-threat/ This blog explains Cobalt Strike and practical steps to take if you believe that you are being targeted by Cobalt Strike or already compromised. We will demonstrate some real world examples of Cobalt Strike delivery and steps to detect each.
Wanted: Disgruntled Employees to Deploy Ransomware
krebsonsecurity.com/2021/08/wanted-disgruntled-employees-to-deploy-ransomware/ Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.
Ransomware: This amateur attack shows how clueless criminals are trying to get in on the action
www.zdnet.com/article/ransomware-this-amateur-attack-shows-how-clueless-criminals-are-trying-to-get-in-on-the-action/ Researchers dissect an email from an attacker asking people to help install ransomware on their company’s network for a cut of the profit. But while this campaign isn’t very successful, it shows how appealing ransomware has become.
US Census Bureau hacked in January 2020 using Citrix exploit
www.bleepingcomputer.com/news/security/us-census-bureau-hacked-in-january-2020-using-citrix-exploit/ US Census Bureau servers were breached on January 11, 2020, by hackers who exploited a Citrix ADC zero-day vulnerability as the US Office of Inspector General (OIG) disclosed in a recent report. “The purpose of these servers was to provide the Bureau with remote-access capabilities for its enterprise staff to access the production, development, and lab networks. According to system personnel, these servers did not provide access to 2020 decennial census networks, ” the OIG said.
Cisco won’t fix zero-day RCE vulnerability in end-of-life VPN routers
www.bleepingcomputer.com/news/security/cisco-won-t-fix-zero-day-rce-vulnerability-in-end-of-life-vpn-routers/ In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers will not be patched because the devices have reached end-of-life. “The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process.” The company asks customers who are still using these router models to migrate to newer Cisco Small Business RV132W, RV160, or RV160W Routers that still receive security updates. Additionally, Cisco says that its Product Security Incident Response Team (PSIRT) is not aware of any public proof-of-concept exploits for this zero-day or any threat actors exploiting the bug in the wild.
New Google Chrome Security Warning: 7 Serious Flaws Confirmed
www.forbes.com/sites/daveywinder/2021/08/19/new-google-chrome-security-warning-7-serious-flaws-confirmed/ Google has confirmed a whole new bunch of alarmingly serious security vulnerabilities in Chrome 92, just two weeks after the last batch of flaws was fixed. To the best of my knowledge, and having asked around the cybersecurity community, there is no evidence of in-the-wild exploitation of any of these vulnerabilities.
Malicious Campaign Targets Latin America: The seller, The operator and a curious link
blog.talosintelligence.com/2021/08/rat-campaign-targets-latin-america.html Cisco Talos recently observed a new set of campaigns targeting Latin American countries. These campaigns use a multitude of infection components to deliver two widely popular commodity malware and remote access trojans (RATs): njRAT and AsyncRAT.