Germany warns of ransomware attacks over Christmas, citing Emotet return, unpatched Exchange servers
therecord.media/germany-warns-of-ransomware-attacks-over-christmas-citing-emotet-return-unpatched-exchange-servers/ The German cybersecurity authority has told German organizations to expect ransomware and other cyber-attacks over the Christmas and end-of-year holidays, citing the return of the Emotet botnet and the large number of Microsoft Exchange email servers that have been left unpatched.
US State Dept employees’ phones hacked using NSO spyware
www.bleepingcomputer.com/news/security/us-state-dept-employees-phones-hacked-using-nso-spyware/ Apple has warned at least nine US Department of State employees that their iPhones have been hacked by unknown attackers using an iOS exploit dubbed ForcedEntry to deploy Pegasus spyware developed by Israeli surveillance firm NSO Group. The attacks hit US officials based in or focused on matters concerning the East African country of Uganda and took place in recent months, according to anonymous sources cited by Reuters today.
What the Internet Bug Bounty Teaches About Open-Source Software Security
securityintelligence.com/articles/open-source-software-security-bug-bounty/ The security platform HackerOne recently announced the latest version of their Internet Bug Bounty (IBB) program. The IBB strives to enhance open-source software security by pooling resources and encouraging security experts (they call themselves hackers) to find flaws in open-source software (OSS). Now, the program has introduced a new crowd-funding method. This enables more organizations to use the IBB to secure open-source needs in their software. Other program partners include Elastic, Facebook, Figma, GitHub, Shopify and TikTok. These companies, like nearly every digital brand, all depend on open-source software.
FBI: Cuba ransomware breached 49 US critical infrastructure orgs
www.bleepingcomputer.com/news/security/fbi-cuba-ransomware-breached-49-us-critical-infrastructure-orgs/ “The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors, ” the federal law enforcement agency said.
Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify
www.trendmicro.com/en_us/research/21/l/vulnerabilities-exploited-for-monero-mining-malware-delivered-via-gitHub-netlify.html Earlier this year, a security flaw identified as CVE-2021-41773 was disclosed to Apache HTTP Server Project, a path traversal and remote code execution (RCE) flaw in Apache HTTP Server 2.4.49. If this vulnerability is exploited, it allows attackers to map URLs to files outside the directories configured by Alias-like directives. However, when we looked at the malicious samples abusing this vulnerability, we found more of these exploits being abused to target different gaps in products and packages for malicious mining of Monero. In this blog, we look into the abuse of GitHub and Netlify repositories and platforms for hosting cryptocurrency-mining tools and scripts.
A mysterious threat actor is running hundreds of malicious Tor relays
therecord.media/a-mysterious-threat-actor-is-running-hundreds-of-malicious-tor-relays/ Since at least 2017, a mysterious threat actor has run thousands of malicious servers in entry, middle, and exit positions of the Tor network in what a security researcher has described as an attempt to deanonymize Tor users. Tracked as KAX17, the threat actor ran at its peak more than 900 malicious servers part of the Tor network, which typically tends to hover around a daily total of up to 9, 000-10, 000.
How Criminals Are Using Synthetic Identities for Fraud
www.darkreading.com/edge-articles/how-criminals-are-using-synthetic-identities-for-fraud Synthetic identity fraud was already a problem before the COVID-19 pandemic shifted spending and work online, but it is becoming a bigger problem now as criminals take advantage of looser rules around credit and the sheer amount of personal information exposed via data breaches.
Stealthy WIRTE’ Gang Targets Middle Eastern Governments
threatpost.com/wirte-middle-eastern-governments/176688/ A threat actor tracked as WIRTE has been assaulting Middle East governments since at least 2019 using “living-off-the-land” techniques and malicious Excel 4.0 macros.
How to Detect DNS Tunneling in the Network?
www.catonetworks.com/blog/how-to-detect-dns-tunneling-in-the-network/ In the past several years, we have seen multiple malware samples using DNS tunneling to exfiltrate data. APT groups also used DNS tunneling in a malware campaign to target government organizations in the Middle East. We will present a few techniques you can use to detect DNS tunneling in your network.
Tracking a P2P network related to TA505
research.nccgroup.com/2021/12/01/tracking-a-p2p-network-related-with-ta505/ For the past few months NCC Group has been closely tracking the operations of TA505 and the development of their various projects (e.g. Clop). During this research we encountered a number of binary files that we have attributed to the developer(s) of Grace’ (i.e. FlawedGrace). These included a remote administration tool (RAT) used exclusively by TA505.
Vuoden Tivi-vaikuttaja on Milja Köpsi Mimmit koodaa -ohjelma nousi muutosvoimaksi
www.tivi.fi/uutiset/tv/b8a06701-a608-4fdd-a8ca-12f2e24c2daa Mimmit koodaa on supermenestys. Sen perjantaiwebinaareihin osallistuu viidestäkymmenestä pariin sataan naista, ja pari kertaa vuodessa järjestettäviin isommissa verkkotapahtumissa heitä on yli tuhat. Yritysten järjestämissä workshopeissa on yrityksestä riippuen kymmenestä osallistujasta ylöspäin, jopa viiteenkymmeneen asti. Parhaimmillaan jonossa on ollut jopa 800 naista.