Russian state hackers use new TinyTurla malware as secondary backdoor
www.bleepingcomputer.com/news/security/russian-state-hackers-use-new-tinyturla-malware-as-secondary-backdoor/ Russian state-sponsored hackers known as the Turla APT group have been using new malware over the past year that acted as a secondary persistence method on compromised systems in the U.S., Germany, and Afghanistan. Security researchers at Cisco Talos say that TinyTurla is a “previously undiscovered” backdoor from the Turla APT group that has been used since at least 2020, slipping past malware detection systems particularly because of its simplicity.
CISA Alert (AA21-265A) – Conti Ransomware
us-cert.cisa.gov/ncas/alerts/aa21-265a The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.
Ransomware victims panicked while FBI secretly held REvil decryption key
arstechnica.com/information-technology/2021/09/ransomware-victims-panicked-while-fbi-secretly-held-revil-decryption-key/ For three weeks during the REvil ransomware attack this summer, the FBI secretly withheld the key that would have decrypted data and computers on up to 1, 500 networks, including those run by hospitals, schools, and businesses. The FBI had penetrated the REvil gang’s servers to obtain the key, but after discussing it with other agencies, the bureau decided to wait before sending it to victims for fear of tipping off the criminals, The Washington Post reports. The FBI hadn’t wanted to tip-off the REvil gang and had hoped to take down their operations, sources told the Post.
Second farming cooperative shut down by ransomware this week
www.bleepingcomputer.com/news/security/second-farming-cooperative-shut-down-by-ransomware-this-week/ Minnesota farming supply cooperative Crystal Valley has suffered a ransomware attack, making it the second farming cooperative attacked this weekend. Crystal Valley is a farm supply and grain marketing cooperative serving farmers in Minnesota and northern Iowa. Yesterday, Crystal Valley disclosed that their company was targeted with a ransomware attack on Sunday that led them to shut down IT systems, preventing payments using Visa, Mastercard, and Discover credit cards.
Microsoft Exchange Autodiscover bug leaks hundreds of thousands of domain credentials
therecord.media/microsoft-exchange-autodiscover-bug-leaks-hundreds-of-thousands-of-domain-credentials/ Security researchers have discovered a design flaw in a feature of the Microsoft Exchange email server that can be abused to harvest Windows domain and app credentials from users across the world. Discovered by Amit Serper, AVP of Security Research at security firm Guardicore, the bug resides in the Microsoft Autodiscover protocol, a feature of Exchange email servers that allows email clients to automatically discover email servers, provide credentials, and then receive proper configurations.
Hackers leak LinkedIn 700 million data scrape
therecord.media/hackers-leak-linkedin-700-million-data-scrape/ A collection containing data about more than 700 million users, believed to have been scraped from LinkedIn, was leaked online this week after hackers previously tried to sell it earlier this year in June. The collection, obtained by The Record from a source, is currently being shared in private Telegram channels in the form of a torrent file containing approximately 187 GB of archived data.
Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation
thehackernews.com/2021/09/microsoft-warns-of-wide-scale-phishing.html Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that’s involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts.
Rikolliset lähettivät laskuja johtajan nimissä
yle.fi/uutiset/3-12110248 Länsi-Uudellamaan poliisi tutkii törkeää petosta, jossa yritys joutui todennäköisesti ulkomaisten rikollisten röyhkeän huijauksen kohteeksi. Länsi-Uudellamaalla sijaitsevan yrityksen maksuliikenteestä vastaavalle henkilölle oli lähetetty sähköpostiviesti, jossa yrityksen johtoasemassa ollut henkilö oli kehottanut maksamaan noin 50 000 euroa ulkomaalaiselle tilille. Samoissa nimissä oli lähetetty myös toinen yli 100 000 euron maksupyyntö.
TikTok, GitHub, Facebook Join Open-Source Bug Bounty
threatpost.com/tiktok-github-facebook-open-source-bug-bounty/174898/ As more businesses rely on open-source software for mission-critical infrastructure, HackerOne, along with sponsors including Elastic, Facebook, Figma, GitHub, Shopify and TikTok, announced they are throwing a new round of resources behind an Internet Bug Bounty Program (IBB) to lure threat hunters’ attention to open-source supply chains.
Liettua paljasti Xiaomin kännyköiden sensuroivan käyttäjän hakuja ja kehotti ostoboikottiin suomalaisasiantuntija pitää paljastusta vakavana
yle.fi/uutiset/3-12109988 Liettuan viranomaisten mukaan Xiaomi-puhelimien sisään on rakennettu ohjelmisto, joka sensuroi Kiinalle epämiellyttäviä sanoja ja sloganeita. Suomessa Kyberturvallisuuskeskus selvittää asiaa.
VMSA-2021-0020: Questions & Answers
core.vmware.com/vmsa-2021-0020-questions-answers-faq VMware has released patches that address a new critical security advisory, VMSA-2021-0020. This needs your immediate attention if you are using vCenter Server.