Microsoft says Russia hacked at least 14 IT service providers this year
therecord.media/microsoft-says-russias-apt29-hacked-at-least-14-it-service-providers-this-year/ Microsoft said on Monday that a Russian state-sponsored hacking group known as Nobelium had attacked more than 140 IT and cloud services providers, successfully breaching 14 companies.
NOBELIUM targeting delegated administrative privileges to facilitate broader attacks
www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/ The targeted activity has been observed against organizations based in the United States and across Europe since May 2021. MSTIC assesses that NOBELIUM has launched a campaign against these organizations to exploit existing technical trust relationships between the provider organizations and the governments, think tanks, and other companies they serve. NOBELIUM is the same actor behind the SolarWinds compromise in 2020, and this latest activity shares the hallmarks of the actor’s compromise-one-to-compromise-many approach.
Mozilla blocks malicious add-ons installed by 455K Firefox users
www.bleepingcomputer.com/news/security/mozilla-blocks-malicious-add-ons-installed-by-455k-firefox-users/ Mozilla blocked malicious Firefox add-ons installed by roughly 455, 000 users after discovering in early June that they were abusing the proxy API to block Firefox updates. The add-ons (named Bypass and Bypass XM) were using the API to intercept and redirect web requests to block users from downloading updates, updating remotely configured content, and accessing updated blocklists.
New York Times Journalist Ben Hubbard Hacked with Pegasus after Reporting on Previous Hacking Attempts
citizenlab.ca/2021/10/breaking-news-new-york-times-journalist-ben-hubbard-pegasus/ New York Times journalist Ben Hubbard was repeatedly targeted with NSO Group’s Pegasus spyware over a three-year period from June 2018 to June 2021. The targeting took place while he was reporting on Saudi Arabia, and writing a book about Saudi Crown Prince Mohammed bin Salman.
Millions of Android users targeted in subscription fraud campaign
www.bleepingcomputer.com/news/security/millions-of-android-users-targeted-in-subscription-fraud-campaign/ A massive fraud campaign utilizing 151 Android apps with 10.5 million downloads was used to subscribe users to premium subscription services without their knowledge. Researchers at Avast discovered the campaign, naming it ‘UltimaSMS, ‘ and reported 80 associated apps that they found on the Google Play Store. While Google quickly removed the apps, the fraudsters likely ammassed millions of dollars in fraudulent subscription charges.
Ransomware gangs are abusing a zero-day in EntroLink VPN appliances
therecord.media/ransomware-gangs-are-abusing-a-zero-day-in-entrolink-vpn-appliances/ Multiple ransomware gangs have weaponized and are abusing a zero-day in EntroLink VPN appliances after an exploit was released on an underground cybercrime forum at the start of September 2021. The zero-day is believed to impact EntroLink PPX-AnyLink devices, popular with South Korean companies, and used as user authentication gateways and VPNs to allow employees remote access to company networks and internal resources.
Conti Ransom Gang Starts Selling Access to Victims
krebsonsecurity.com/2021/10/conti-ransom-gang-starts-selling-access-to-victims/ The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti’s malware who refuse to negotiate a ransom payment are added to Conti’s victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked.
Putinin PC otti suuren harppauksen
www.is.fi/digitoday/art-2000008357557.html Venäläinen siruyhtiö Baikal Electronics sai käsiinsä ensimmäisen erän itse suunnittelemaansa Baikal-M-suoritinta. Samalla Venäjä otti askeleen kohti omavaraista elektroniikkateollisuutta.
Microsoft Digital Defense Report shares new insights on nation-state attacks
www.microsoft.com/security/blog/2021/10/25/microsoft-digital-defense-report-shares-new-insights-on-nation-state-attacks/ The aims of nation-state cyber actorslargely espionage and disruptionremain consistent, along with their most reliable tactics and techniques: credential harvesting, malware, and VPN exploits. However, a common theme this year among the actors originating from China, Russia, North Korea, and Iran has been increased targeting of IT service providers as a way of exploiting downstream customers.
Polygon pays out record $2 million bug bounty reward for critical vulnerability
portswigger.net/daily-swig/polygon-pays-out-record-2-million-bug-bounty-reward-for-critical-vulnerability Polygon, a blockchain technology company, has paid out $2 million in bug bounty rewards for a double spend’ vulnerability that could have wreaked havoc across its network. The flaw, discovered by ethical hacker Gerhard Wagner, enabled an attacker to double the amount of cryptocurrency they intend to withdraw up to 233 times.