Russia arrests top cybersecurity executive in treason case
www.reuters.com/technology/moscow-office-group-ib-cybersecurity-firm-searched-by-police-company-2021-09-29/ Ilya Sachkov, 35, who founded Group IB, one of Russia’s most prominent cyber security firms, was arrested on Tuesday, the RTVI TV channel reported as law enforcement officers carried out searches at the Moscow offices of the firm.
DarkHalo after SolarWinds: the Tomiris connection
securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/ Tomiris is a backdoor written in Go whose role is to continuously query its C2 server for executables to download and execute on the victim system.
New GriftHorse malware has infected more than 10 million Android phones
therecord.media/new-grifthorse-malware-has-infected-more-than-10-million-android-phones/ Security researchers have found a massive malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020 and is making millions of dollars for its operators on a monthly basis.. see also
FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal
www.trendmicro.com/en_us/research/21/i/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-404.html Trend Micro detected a new campaign using a recent version of the known FormBook malware, an infostealer that has been around since 2016. Several analyses have been written about FormBook in the last few years, including the expanded support for macOS.
Conti Ransomware Expands Ability to Blow Up Backups
threatpost.com/conti-ransomware-backups/175114/ The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software.
Vaccine passport app leaks users personal data
blog.malwarebytes.com/privacy-2/2021/09/vaccine-passport-app-leaks-users-personal-data/ Security and privacy advocates may have cause to worry after all: Portpass, a vaccine passport app in Canada, has been found to have been exposing the personal data of its users for an unknown length of time.
Bandwidth CEO confirms outages caused by DDoS attack
www.zdnet.com/article/bandwidth-ceo-confirms-outages-caused-by-ddos-attack/ Voice over Internet Protocol (VoIP) services company Bandwidth.com has confirmed that it was suffering from outages after reports emerged on Monday night that the service was dealing from a DDoS attack.
Microsoft, CISA and NSA offer security tools and advice, but will you take it?
blog.malwarebytes.com/opinion/2021/09/microsoft-cisa-and-nsa-offer-orgs-security-tools-and-advice-but-will-those-that-need-it-the-most-be-the-ones-that-use-it/ Microsoft offers to help you with patching Exchange servers, CISA offers an insider threat tool, and together with the NSA they offer advice on how to choose and harden your VPN.
CISA RELEASES NEW TOOL TO HELP ORGANIZATIONS GUARD AGAINST INSIDER THREATS
www.cisa.gov/news/2021/09/28/cisa-releases-new-tool-help-organizations-guard-against-insider-threats The Cybersecurity and Infrastructure Security Agency (CISA) released an Insider Risk Mitigation Self-Assessment Tool today, which assists public and private sector organizations in assessing their vulnerability to an insider threat.
Story of the creds-leaking Exchange Autodiscover flaw the one Microsoft wouldn’t fix even after 5 years
www.theregister.com/2021/09/27/microsoft_exchange_autodiscover/ Microsoft Exchange clients like Outlook have been supplying unprotected user credentials if you ask in a particular way since at least 2016. Though aware of this, Microsoft’s advice continues to be that customers should communicate only with servers they trust.
The Rise of One-Time Password Interception Bots
krebsonsecurity.com/2021/09/the-rise-of-one-time-password-interception-bots/ In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords.. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.
Cybercriminals top LOLBins
www.kaspersky.com/blog/most-used-lolbins/42180/ Cybercriminals have long used legitimate programs and operating system components to attack Microsoft Windows users, a tactic known as Living off the Land. . In doing so, theyre attempting to kill several birds with one cyberstone, reducing the cost of developing a malware toolkit, minimizing their operating system footprint, and disguising their activity among legitimate IT actions.
Facebook open-sources internal tool used to detect security bugs in Android apps
therecord.media/facebook-open-sources-internal-tool-used-to-detect-security-bugs-in-android-apps/ Facebook has open-sourced Mariana Trench, one of its internal security tools, used by its security teams for finding and fixing bugs in Android and Java applications.