Trickbot trojan, poor security led to FireEye intrusion: claims
https://www.itwire.com/security/trickbot-trojan,-poor-security-led-to-fireeye-intrusion-claims.html
iTWire - Trickbot trojan, poor security led to FireEye intrusion: claims 11. Dec 2020 Trickbot trojan, poor security led to FireEye intrusion: claims 11. Dec 2020 US payments processor TSYS hit by Windows Conti ransomware 11. Dec 2020 We're all in the cloud, but how do ... |
---
Unauthorized Access of FireEye Red Team Tools
Unauthorized Access of FireEye Red Team Tools | FireEye Inc Overview. A highly sophisticated state-sponsored adversary stole FireEye Red Team tools. Because we believe that an adversary possesses these tools, and we do not know whether the attacker intends to use the stolen tools themselves or publicly disclose them, FireEye is releasing hundreds of countermeasures with this blog post to enable the broader security community to protect themselves ... |
---
Taking Action Against Hackers in Bangladesh and Vietnam
https://about.fb.com/news/2020/12/taking-action-against-hackers-in-bangladesh-and-vietnam/
Taking Action Against Hackers in Bangladesh and Vietnam - About Facebook Today, we’re sharing actions we took against two separate groups of hackers — APT32 in Vietnam and a group based in Bangladesh — removing their ability to use their infrastructure to abuse our platform, distribute malware and hack people’s accounts across the internet. about.fb.com |
---
Operation StealthyTrident: corporate software under attack
https://www.welivesecurity.com/2020/12/10/luckymouse-ta428-compromise-able-desktop/
Operation StealthyTrident: corporate software under attack | WeLiveSecurity LuckyMouse, TA428, HyperBro, Tmanger and ShadowPad linked in the Mongolian supply-chain attack Operation StealthyTrident. |
---
[PDF] From Zero to Sixty The Story of North Korea’s Rapid Ascent to Becoming a Global Cyber Superpower
---
US Cyber Command and Australian IWD to develop shared cyber training range
https://securityaffairs.co/wordpress/111988/cyber-warfare-2/us-cyber-command-iwd-cyber-range.html
US Cyber Command and Australian IWD to develop shared cyber training range--Security Affairs US Cyber Command and the Information Warfare Division (IWD) of the Australian Defense Force to develop a virtual cyber training platform.
The United States and Australia have signed a first-ever cyber agreement to develop a virtual cyber training platform, the project will be designed by the U.S. Cyber Command (USCYBERCOM) and the Information Warfare Division […] securityaffairs.co |
---
OpenSSL is affected by a ‘High Severity’ security flaw, update it now
https://securityaffairs.co/wordpress/112085/security/openssl-tls-ssl-toolkit-flaw.html
OpenSSL is affected by a ‘High Severity’ security flaw, update it now--Security Affairs The OpenSSL Project warned of a ‘high-severity’ security vulnerability in the TLS/SSL toolkit that exposes users to denial-of-service (DoS) attacks. The flaw is a null pointer dereference, successful exploitation could trigger denial-of-service conditions ... securityaffairs.co |
---
Foxconn electronics giant hit by ransomware, $34 million ransom
Foxconn electronics giant hit by ransomware, $34 million ransom Foxconn electronics giant suffered a ransomware attack at a Mexican facility over the Thanksgiving weekend, where attackers stole unencrypted files before encrypting devices. Foxconn is the ... |
---
LockBit Ransomware operators hit Swiss helicopter maker Kopter
https://securityaffairs.co/wordpress/111998/cyber-crime/lockbit-ransomware-kopter.html
LockBit Ransomware operators hit Swiss helicopter maker Kopter--Security Affairs LockBit ransomware operators have compromised the systems at the helicopter maker Kopter and published them on their darkweb leak site.
The helicopter maker Kopter was hit by LockBit ransomware, the attackers compromised its internal network and encrypted the company’s files. Kopter Group is Switzerland-based company that was founded in 2007 that was acquired by Leonardo in April […] securityaffairs.co |
---
Attack on Vermont Medical Center is costing the hospital $1.5M a day
https://securityaffairs.co/wordpress/112133/hacking/vermont-medical-center-cyberattack.html
Attack on Vermont Medical Center is costing the hospital $1.5M a day--Security Affairs The attack that hit the University of Vermont Medical Center at the end of October is costing the hospital about $1.5 million a day.
In October, ransomware operators hit the Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network. The ransomware attack took place on October 28 and disrupted services at the UVM Medical Center […] securityaffairs.co |
---
More than 20 million Gionee phones secretly implanted with Trojan Horses to make money
More than 20 million Gionee phones secretly implanted with Trojan Horses to make money - Gizmochina Recently, the China Judgment Document Network published a verdict on the illegal control of computer information systems found to have been executed on Gionee phones. According to the court ... |
---
Expert published PoC exploit code for Kerberos Bronze Bit attack
https://securityaffairs.co/wordpress/112156/hacking/kerberos-bronze-bit-attack.html
Expert published PoC exploit code for Kerberos Bronze Bit attack--Security Affairs The proof-of-concept exploit code for the Kerberos Bronze Bit attack was published online, it allows intruders to bypass authentication and access sensitive network services
The proof-of-concept exploit code for the Kerberos Bronze Bit attack, tracked as CVE-2020-17049, was published online this week. The hacking technique could be exploited by attackers to bypass the Kerberos authentication […] securityaffairs.co |
---
Finnish customs take down sipulimarket on the dark web with Europol support
Finnish Customs take down Sipulimarket on the dark web with Europol support | Europol Today the Finnish Customs (Tulli) have shut down the Sipulimarket dark web marketplace and seized all its content. This latest hit against the dark web was done in close cooperation with the Polish Provincial Police Headquarters in Wroclaw (Komenda Wojewódzka Policji we Wroclawiu) and Europol’s European Cybercrime Centre (EC3) and Eurojust. |
---
Alert (AA20-345A) Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
https://us-cert.cisa.gov/ncas/alerts/aa20-345a
Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data | CISA This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). us-cert.cisa.gov |
---
Cyberattack on the European Medicines Agency
https://www.ema.europa.eu/en/news/cyberattack-european-medicines-agency
Cyberattack on the European Medicines Agency | European Medicines Agency - ema.europa.eu European Medicines Agency Domenico Scarlattilaan 6 1083 HS Amsterdam The Netherlands. Tel: 31 (0)88 781 6000. For delivery address, see: How to find us |
---
"Important, Spoofing" - zero-click, wormable, cross-platform remote code execution in Microsoft Teams
https://github.com/oskarsve/ms-teams-rce
GitHub - oskarsve/ms-teams-rce Below is the original bug report sent to MSRC Summary. A Remote Code Execution vulnerability has been identified in MS Teams desktop which can be triggered by a novel XSS (Cross-Site Scripting) injection in teams.microsoft.com. github.com |
---
Crooks hide software skimmer inside CSS files
https://securityaffairs.co/wordpress/112117/malware/skimmer-inside-css-files.html
hackers hide the software skimmer inside CSS files--Security Affairs The code used by the attackers is a common keystroke logger, since the company disclosed its discovery the code has been taken offline. “We found a handful of victim stores with this injection method,” SanSec founder Willem de Groot told ZDNet. “However, the infrastructure has been in place since September and was previously used for several dozen more traditional attacks. securityaffairs.co |
---
Interview with Massimiliano Brolli, Head of TIM Red Team Research
Interview with Massimiliano Brolli, Head of TIM Red Team Research--Security Affairs Interview with Massimiliano Brolli, Head of TIM Red Team Research, which is a team of experts that focus on zero-day hunting. For some time now we have been witnessing a series of undocumented vulnerabilities issued by a TIM IT Security laboratory called Red Team Research RTR, which already has 31 new CVEs to date in about a year. securityaffairs.co |
---
njRAT RAT operators leverage Pastebin C2 tunnels to avoid detection
https://securityaffairs.co/wordpress/112147/cyber-crime/njrat-rat-pastebin-c2.html
njRAT RAT operators leverage Pastebin C2 tunnels to avoid detection--Security Affairs Threat actors behind the njRAT Remote Access Trojan (RAT) are leveraging active Pastebin Command and Control Tunnels to avoid detection.
Researchers from Palo Alto Networks’ Unit 42 reported that operators behind the njRAT Remote Access Trojan (RAT), aka Bladabindi, are leveraging Pastebin Command and Control tunnels to avoid detection. “In observations collected since October 2020, […] securityaffairs.co |
---
Watchcom discovers new Cisco Jabber vulnerabilities
https://watchcom.no/nyheter/nyhetsarkiv/cisco-jabber-vulnerabilities-resurface/
Cisco Jabber vulnerabilities resurface
watchcom.no |
---
Unauthenticated Command Injection bug opens D-Link VPN routers to hack
https://securityaffairs.co/wordpress/112077/hacking/d-link-vpn-routers-flaws.html
Unauthenticated Command Injection bug opens D-Link routers to hack--Security Affairs An unauthenticated command injection vulnerability could be exploited by threat actors to compromise D-Link VPN routers.
Security researchers at Digital Defense discovered three vulnerabilities in D-Link VPN routers, including command injection flaws, and an authenticated crontab injection flaw. The experts initially discovered the flaws in DSR-250 router family running firmware version 3.17 ... securityaffairs.co |
---
Critical remote code execution fixed in PlayStation Now
https://securityaffairs.co/wordpress/112049/hacking/playstation-now-rce.html
Critical remote code execution fixed in PlayStation Now--Security Affairs The bugs affected PS Now version 11.0.2 and earlier on systems running Windows 7 SP1 or later. Since the launch in 2014, PlayStation Now reached more than 2.2 million subscribers [PDF] at the end of April 2020. Hakimian reported the bugs to Sony on May 13, 2020, through PlayStation’s official bug bounty program operated via bug bounty platform HackerOne. securityaffairs.co |
---
QNAP fixed eight flaws that could allow NAS devices takeover
https://securityaffairs.co/wordpress/112041/security/qnap-nas-flaws.html
QNAP fixed eight flaws that could allow NAS devices takeover--Security Affairs The list of vulnerabilities addressed by QNAP is available here, it includes XSS and command injection issues. The flaws fixed by the vendor are rated as medium and high severity security. The high-severity vulnerabilities tracked as CVE-2020-2495, CVE-2020-2496, CVE-2020-2497, and CVE-2020-2498 are cross-side-scripting flaws that could allow remote attackers to inject malicious code in File ... securityaffairs.co |
---
Cisco fixes exploitable RCEs in Cisco Security Manager
https://securityaffairs.co/wordpress/112023/security/cisco-security-manager-flaws.html
Cisco fixes exploitable RCEs in Cisco Security Manager--Security Affairs These flaws impact CSM releases 4.22 and earlier. The IT firm addressed two of the 12 vulnerabilities, tracked as CVE-2020-27125 and CVE-2020-27130. “A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system.” reads the description for CVE-2020-27125. “The vulnerability is due to insufficient protection ... securityaffairs.co |
---
Samsung fixes critical Android bugs in December 2020 updates
Samsung fixes critical Android bugs in December 2020 updates This week Samsung has started rolling out Android's December security updates to mobile devices to patch critical security vulnerabilities in the operating system. This comes after Android had ... |
---
Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering
https://securityaffairs.co/wordpress/112074/cyber-crime/alexander-vinnik-sentence-france.html
Russian Alexander Vinnik sentenced in Paris to five years in prison--Security Affairs The man went on trial in Paris for having defrauded nearly 200 victims across the world of 135M euros using ransomware. Alexander Vinnik allegedly headed the Bitcoin exchange BTC-e, he is charged with different hacking crimes in Russia, France, and the United States. The French court acquitted Vinnik of charges of extortion and association with a cybercrime organization. securityaffairs.co |
---
Individual Pleads Guilty to Participating in Internet-of-Things Cyberattack in 2016
An individual, formerly a juvenile, pleaded guilty to committing acts of federal juvenile delinquency in relation to a cyberattack that caused massive disruption to the Internet in October 2016. |