ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups
thehackernews.com/2021/08/shadowpad-malware-is-becoming-favorite.html ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. The American cybersecurity firm SentinelOne dubbed ShadowPad a “masterpiece of privately sold malware in Chinese espionage.”
Cybercrime Group Asking Insiders for Help in Planting Ransomware
thehackernews.com/2021/08/cybercrime-group-asking-insiders-for.html A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies’ networks as part of an insider threat scheme. The sender tells the employee that if they’re able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the presumed $2.5 million ransom.
SynAck ransomware decryptor lets victims recover files for free
www.bleepingcomputer.com/news/security/synack-ransomware-decryptor-lets-victims-recover-files-for-free/ Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free. The SynAck ransomware gang launched its operation in 2017 but rebranded as the El_Cometa gang in 2021. As part of this rebranding, the threat actors released the master decryption keys and documentation for their encryption algorithm on their Tor data leak site.
Pegasus iPhone hacks used as lure in extortion scheme
www.bleepingcomputer.com/news/security/pegasus-iphone-hacks-used-as-lure-in-extortion-scheme/ A new extortion scam is underway that attempts to capitalize on the recent Pegasus iOS spyware attacks to scare people into paying a blackmail demand. This week, a threat actor began emailing recipients, telling them that their iPhone device was hacked with a ‘zero-click’ vulnerability to install the Pegasus spyware software. The scammer says that they have been using Pegasus to monitor the recipient’s activities and have created videos of them during “the most private moments” of their lives. The email warns that if a 0.035 bitcoin (approximately $1, 600) payment is not paid, the threat actors will send the videos to the recipient’s family, friends, and business associates.
You can post LinkedIn jobs as almost ANY employer so can attackers
www.bleepingcomputer.com/news/security/you-can-post-linkedin-jobs-as-almost-any-employer-so-can-attackers/ Anyone can post a job under a company’s LinkedIn account and it appears exactly the same as a job advertised by a company. For example, if Google’s LinkedIn company page is vulnerable, we will be able to post a job on their behalf and add some parameters to redirect applicants to a new website where we can harvest [personal information and credentials] and what not usual tricks of social engineering. In tests by BleepingComputer, I used an unaffiliated LinkedIn account and was able to successfully publish a new job posting on behalf of BleepingComputer, almost anonymously. The job listing would appear authentic as if coming straight from BleepingComputer. It also did not show the user account that created the postingâ”an option set by the user who posts the job, rather than the employer.
Cloudflare says it mitigated a record-breaking 17.2M rps DDoS attack
therecord.media/cloudflare-says-it-mitigated-a-record-breaking-17-2m-rps-ddos-attack/ Internet infrastructure company Cloudflare disclosed today that it mitigated the largest volumetric distributed denial of service (DDoS) attack that was recorded to date. The attack, which took place last month, targeted one of Cloudflare’s customers in the financial industry. Cloudflare said that a threat actor used a botnet of more than 20, 000 infected devices to flung HTTP requests at the customer’s network in order to consume and crash server resources. Cloudflare said this attack peaked at 17.2 million HTTP requests/second (rps), a figure that the company described as almost three times larger than any previous volumetric DDoS attack that was ever reported in the public domain.
Cisco Small Business routers vulnerable to remote attacks, won’t get a patch
blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/cisco-small-business-routers-vulnerable-to-remote-attacks-wont-get-a-patch/ In a security advisory, Cisco has informed users that a vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The affected routers have entered the end-of-life process and so Cisco has not released software updates to fix the problem. According to the security advisory, it seems they have no plans to do so either.
