Ukraine links members of Gamaredon hacker group to Russian FSB
www.bleepingcomputer.com/news/security/ukraine-links-members-of-gamaredon-hacker-group-to-russian-fsb/ SSU and the Ukrainian secret service say they have identified five members of the Gamaredon hacking group, a Russian state-sponsored operation known for targeting Ukraine since 2014. This Gamaredon hacking group, tracked as Armageddon by the SSU, is allegedly operated under the FSB (Russian Federal Security Service) and is believed to be responsible for over 5, 000 attacks in Ukraine since the operation began. The five men accused of taking part in these attacks were identified by SSU investigators who claim to have unequivocal evidence of their involvement, coming from communication interceptions. also:
Jos näet tämän ilmoituksen verkkopankissa, olet välittömässä vaarassa
www.is.fi/digitoday/tietoturva/art-2000008381329.html Kehotus odottaa minuuttikaupalla on merkki valepankista, joka on rakennettu varastamaan rahasi.
GitLab servers are being exploited in DDoS attacks in excess of 1 Tbps
therecord.media/gitlab-servers-are-being-exploited-in-ddos-attacks-in-excess-of-1-tbps/ Threat actors are exploiting a security flaw in GitLab self-hosted servers to assemble botnets and launch gigantic distributed denial of service (DDoS) attacks, with some in excess of 1 terabit per second (Tbps). The DDoS attacks, disclosed today by Damian Menscher, a Security Reliability Engineer at Google Cloud responsible for Google’s DDoS defenses, are exploiting CVE-2021-22205, a vulnerability that GitLab patched back in April 2021.
Phishing emails deliver spooky zombie-themed MirCop ransomware
www.bleepingcomputer.com/news/security/phishing-emails-deliver-spooky-zombie-themed-mircop-ransomware/ A new phishing campaign pretending to be supply lists infects users with the MirCop ransomware that encrypts a target system in under fifteen minutes. The email body contains a hyperlink to a Google Drive URL, which, if clicked, downloads an MHT file (webpage archive) onto the victim’s machine. When the MHT file iis opened, it will download a RAR archive containing a.NET malware downloader. The RAR archive contains an EXE file, which uses VBS scripts to drop and execute the MirCop payload onto the infected system.
Critical RCE Vulnerability Reported in Linux Kernel’s TIPC Module
thehackernews.com/2021/11/critical-rce-vulnerability-reported-in.html Cybersecurity researchers have disclosed a security flaw in the Linux Kernel’s Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. There is currently no evidence of in-the-wild abuse and it should also be noted that while the module is included with major distributions, it has to be loaded for the protocol to be enabled — and so only builds with this feature active may be vulnerable to exploit. also:
Cisco fixes hard-coded credentials and default SSH key issues
www.bleepingcomputer.com/news/security/cisco-fixes-hard-coded-credentials-and-default-ssh-key-issues/ Cisco has released security updates to address critical security flaws allowing unauthenticated attackers to log in using hard-coded credentials or default SSH keys to take over unpatched devices.
Hungarian Official: Government Bought, Used Pegasus Spyware
www.usnews.com/news/world/articles/2021-11-04/hungarian-official-government-bought-used-pegasus-spyware A senior official with Hungary’s ruling party has acknowledged for the first time that the government has purchased a powerful spyware tool, which was allegedly used to target the digital devices of several journalists, businesspeople and an opposition politician.
Deep Dive into a Fresh Variant of Snake Keylogger Malware
www.fortinet.com/blog/threat-research/deep-dive-into-a-fresh-variant-of-snake-keylogger-malware Snake Keylogger is a malware developed using.NET. It first appeared in late 2020 and focused on stealing sensitive information from a victim’s device, including saved credentials, the victim’s keystrokes, screenshots of the victim’s screen, and clipboard data. In this threat research blog you will learn how the Snake Keylogger variant is downloaded and executed through a captured Excel sample, what techniques this variant uses to protect it from being analyzed, what sensitive information it steals from a victim’s machine, and how it submits that collected data to the attacker.
Win one for privacy Swiss providers don’t have to talk
www.welivesecurity.com/2021/11/03/win-one-privacy-swiss-providers-dont-have-talk/ Security and privacy get a leg up in Proton’s legal challenge against data retention and disclosure obligations
Malware signed by Slovenian companies
connect.geant.org/2021/10/29/malware-signed-by-slovenian-companies One of the measures that protects us against malicious code is digital code signing. If the operating system cannot find the code author’s digital signature verified by a trusted certificate authority, it rejects the installation of the application. The user must then perform a more or less arduous task of manually approving the exception. By doing so, the user inadvertently accepts the responsibility for installing unknown software. Computer virus creators have adapted quickly and started obtaining code-signing certificates, also in the guise of Slovenian companies.
BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities
us-cert.cisa.gov/ncas/current-activity/2021/11/04/braktooth-proof-concept-tool-demonstrates-bluetooth On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept (PoC) tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakToothoriginally disclosed in August 2021is a family of security vulnerabilities in commercial Bluetooth stacks. An attacker could exploit BrakTooth vulnerabilities to cause a range of effects from denial-of-service to arbitrary code execution.
Researchers Scan the Web to Uncover Malware Infections
www.darkreading.com/security-monitoring/researchers-scan-the-web-to-uncover-malware-infections Dozens of companies and universities regularly scan the Internet to gather data on connected devices, but some firms are looking deeper to uncover the extent of detectable malware infections.