Kaspersky – APT annual review 2021
securelist.com/apt-annual-review-2021/105127/ In the Global Research and Analysis Team at Kaspersky, we track the ongoing activities of more than 900 advanced threat actors and activity clusters. For this annual review, we have tried to focus on what we consider to be the most interesting trends and developments of the last 12 months. This is based on our visibility in the threat landscape and it’s important to note that no single vendor has complete visibility into the activities of all threat actors.
8-year-old HP printer vulnerability affects 150 printer models
www.bleepingcomputer.com/news/security/8-year-old-hp-printer-vulnerability-affects-150-printer-models/ Researchers have discovered several vulnerabilities affecting at least 150 multi-function (print, scan, fax) printers made by Hewlett Packard. Since the flaws discovered by F-Secure security researchers Alexander Bolshev and Timo Hirvonen date back to at least 2013, they’ve likely exposed a large number of users to cyberattacks for a notable amount of time. HP has released fixes for the vulnerabilities in the form of firmware updates for two of the most critical flaws on November 1, 2021.
Detecting SILENT CHOLLIMA’s Custom Tooling
www.crowdstrike.com/blog/how-falcon-overwatch-detected-silent-chollima-custom-tooling/ OverWatch threat hunters detected a burst of suspicious reconnaissance activity in which the threat actor used the Smbexec tool under a Windows service account. Originally designed as a penetration testing tool, Smbexec enables covert execution by creating a Windows service that is then used to redirect a command shell operation to a remote location over Server Message Block (SMB) protocol. This approach is valuable to threat actors, as they can perform command execution under a semi-interactive shell and run commands remotely, ultimately making the activity less likely to trigger automated detections.
Understanding the Adversary: How Ransomware Attacks Happen
securityintelligence.com/posts/how-ransomware-attacks-happen/ IBM Security X-Force Incident Response (IR) has responded to hundreds of ransomware incidents across every geography and industry. As we have taken time to analyze these incidents, a clear pattern has emerged. Although we observe dozens of ransomware groups in operation across the globe, many with multiple affiliate groups working under them, most ransomware actors tend to follow a similar attack flow and set of standard operating procedures.
Hackers all over the world are targeting Tasmania’s emergency services
blog.malwarebytes.com/hacking-2/2021/11/hack-tasmania/ Emergency servicesunder which the police, fire, and emergency medical services departments fallis an infrastructure vital to any country or state. But when those services come under threat from either physical or cyber entities, it’s as good as putting the lives of citizens at risk as well.
DNA testing firm discloses data breach affecting 2.1 million people
www.bleepingcomputer.com/news/security/dna-testing-firm-discloses-data-breach-affecting-21-million-people/ DNA Diagnostics Center (DDC), an Ohio-based DNA testing company, has disclosed a hacking incident that affects 2102436 persons.
AT&T takes action against DDoS botnet that hijacked VoIP servers
therecord.media/att-takes-action-against-ddos-botnet-that-hijacked-voip-servers/ AT&T is investigating and has taken steps to mitigate a botnet that infected more than 5, 700 VoIP servers located inside its network, a spokesperson has told The Record earlier today. All the infected devices were EdgeMarc Enterprise Session Border Controllers, a type of Voice-over-IP server designed to balance and reroute internet telephony traffic from smaller enterprise customers to upstream mobile providers. According to Netlab, a network security division of Chinese tech giant Qihoo 360, a threat actor used an old exploit (CVE-2017-6079) to hack into unpatched EdgeMarc servers and install a modular malware strain named EwDoor.
Traficom etsii keinoja kansainvälisten huijaussoittojen estämiseksi
www.epressi.com/tiedotteet/telekommunikaatio/traficom-etsii-keinoja-kansainvalisten-huijaussoittojen-estamiseksi.html Liikenne- ja viestintävirasto Traficom valmistelee yhteistyössä Suomessa toimivien teleoperaattoreiden kanssa keinoja estää huijauspuheluissa yleiseksi muodostunut soittajan numeron väärentäminen. Tavoitteena on kansainvälisten rikollisten toiminnan vaikeuttaminen ja estäminen.
Rights groups petition Israel’s top court over Omicron phone tracking
www.reuters.com/world/middle-east/rights-groups-petition-israels-top-court-over-omicron-phone-tracking-2021-11-29/ Rights groups petitioned Israel’s top court on Monday to repeal new COVID-19 measures that authorise the country’s domestic intelligence service to use counter-terrorism phone tracking technology to contain the spread of the Omicron virus variant. Announcing the emergency measures on Saturday, Prime Minister Naftali Bennett said the phone tracking would be used to locate carriers of the new and potentially more contagious variant in order to curb its transmission to others.
How Decryption of Network Traffic Can Improve Security
threatpost.com/decryption-improve-security/176613/ Strong encryption is critical to protecting sensitive business and personal data. Google estimates that 95 percent of its internet traffic uses the encrypted HTTPS protocol, and most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. This is a significant step forward for data integrity and consumer privacy. However, organizations with a commitment to data privacy aren’t the only ones who see value in obscuring their digital footprint in encrypted traffic. Cybercriminals have been quick to weaponize encryption as a means to hide their malicious activity in otherwise benign traffic.