Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?
On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy.
Microsoft Patch Tuesday, April 2021 Edition
Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server -- the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windows flaw that is actively being exploited in the wild.
ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users
Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that's popular in North America. The stolen data includes customer email addresses, phone numbers, license plate numbers, hashed passwords and mailing addresses.
Are You One of the 533M People Who Got Facebooked?
Ne'er-do-wells leaked personal data -- including phone numbers -- for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. Meanwhile, if you're a Facebook product user and want to learn if your data was leaked, there are easy ways to find out.
Ransom Gangs Emailing Victim Customers for Leverage
Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim's customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.
Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial systems to denial-of-service (DoS) attacks, data leaks, and remote code execution. All OpENer commits and versions prior to February 10, 2021, are affected, although there are no known public exploits that
US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack
The U.S. and U.K. on Thursday formally attributed the supply chain attack of IT infrastructure management company SolarWinds with "high confidence" to government operatives working for Russia's Foreign Intelligence Service (SVR). "Russia's pattern of malign behaviour around the world – whether in cyberspace, in election interference or in the aggressive operations of their intelligence services
1-Click Hack Found in Popular Desktop Apps — Check If You're Using Them
Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble.
Malware Variants: More Sophisticated, Prevalent and Evolving in 2021
A malicious program intended to cause havoc with IT systems—malware—is becoming more and more sophisticated every year. The year 2021 is no exception, as recent trends indicate that several new variants of malware are making their way into the world of cybersecurity. While smarter security solutions are popping up, modern malware still eludes and challenges cybersecurity experts. The evolution
YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs
Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into seemingly legitimate Google sites that install a Remote Access Trojan (RAT) capable of carrying out a wide range of attacks. The attack works by leveraging searches for business forms such as invoices, templates, questionnaires, and receipts as a stepping stone toward infiltrating the systems.
Security and privacy experts have heavily criticized an attempt by the UK, US and Australian governments to strong arm Facebook into halting its roll-out of
The UK’s local authorities are facing an unprecedented barrage of cyber-threats, amounting to almost 800 every hour in the first half of 2019, according to
Speaking at the Virus Bulletin 2019 conference in London, members of the Cyber Threat Alliance discussed the benefits of sharing intelligence. Led by moderator and Cyber Threat Alliance COO
Despite the main infections taking place two and half years ago, a large number of computers remain vulnerable to the WannaCry ransomware. Speaking to Infosecurity at the Virus
Morals and ethics should be considered when it comes to making decisions in cybersecurity. Speaking at the Virus Bulletin 2019 conference in London, Ivan Kwiatkowski, security researcher
EA Games has leaked the personal data of 1600 gamers who registered to take part in a competition via the company’s website. Contenders signing up for
A former employee of American Express is under investigation by the police for allegedly accessing customer information with the intent to commit fraud. The exact details of
Ireland is cementing its reputation as an international security hub after four companies announced 400 new cybersecurity jobs in the Emerald Isle in the past
AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool
Original release date: March 18, 2021 | Last revised: April 15, 2021SummaryUpdated April 15, 2021: The U.S. Government attributes this activity to the Russian Foreign Intelligence Service (SVR). […]
AA21-076A: TrickBot Malware
Original release date: March 17, 2021 | Last revised: March 24, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the […]
AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities
Original release date: March 3, 2021 | Last revised: April 14, 2021SummaryNote: This Alert was updated April 13, 2021, to provide further guidance. Cybersecurity and Infrastructure Security […]
AA21-055A: Exploitation of Accellion File Transfer Appliance
Original release date: February 24, 2021 | Last revised: February 25, 2021SummaryThis joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia, New […]
AA21-048A: AppleJeus: Analysis of North Korea’s Cryptocurrency Malware
Original release date: February 17, 2021 | Last revised: April 15, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the […]
Vulnerability Summary for the Week of April 5, 2021
Original release date: April 12, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apple -- ipad_os An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. 2021-04-02 7.5 CVE-2021-1794 MISC apple -- ipad_os An out-of-bounds write was […]
Vulnerability Summary for the Week of March 29, 2021
Original release date: April 5, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info arubanetworks -- instant A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 220.127.116.11-18.104.22.168 and below; Aruba Instant 6.5.x: 22.214.171.124 and below; Aruba Instant 8.3.x: 126.96.36.199 and below; Aruba Instant 8.5.x: 188.8.131.52 and […]
Vulnerability Summary for the Week of March 22, 2021
Original release date: March 29, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apache -- ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. 2021-03-22 7.5 CVE-2021-26295 MLIST CONFIRM MLIST MLIST MLIST apache -- spamassassin In Apache […]
Vulnerability Summary for the Week of March 15, 2021
Original release date: March 22, 2021 | Last revised: March 24, 2021  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- creative_cloud_desktop _application Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged […]
Vulnerability Summary for the Week of March 8, 2021
Original release date: March 15, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info arubanetworks -- airwave A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 184.108.40.206. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A […]
WordPress Releases Security and Maintenance Update
Original release date: April 16, 2021WordPress versions 4.7-5.7 are affected by multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected […]
CISA and CNMF Analysis of SolarWinds-related Malware
Original release date: April 15, 2021CISA and the Department of Defense (DoD) Cyber National Mission Force (CNMF) have analyzed additional SolarWinds-related malware variants—referred to as […]
High-Level Admin of FIN7 Cybercrime Group Sentenced to 10 Years in Prison
Fedir Hladyr pleaded guilty in 2019 to conspiracy to commit wire fraud and conspiracy to commit computer hacking.
Security Gaps in IoT Access Control Threaten Devices and Users
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.
How the Biden Administration Can Make Digital Identity a Reality
A digital identity framework is the answer to the US government's cybersecurity dilemma.
Software Developer Arrested in Computer Sabotage Case
Officials say Davis Lu placed malicious code on servers in a denial-of-service attack on his employer.
Google Brings 37 Security Fixes to Chrome 90
The latest version of Google Chrome also introduces HTTPS as the browser's default protocol.
Spring cleaning? Don’t forget about your digital footprint
Here are some quick and easy tips to help you clean up your cyber-clutter and keep your digital footprint tidy The post Spring cleaning? Don’t forget about your digital footprint appeared first on WeLiveSecurity
One in six people use pet’s name as password
Other common and easily hackable password choices include the names of relatives and sports teams, a UK study reveals The post One in six people use pet’s name as password appeared first on WeLiveSecurity
FBI removes web shells from compromised Exchange servers
Authorities step in to thwart attacks leveraging the recently-disclosed Microsoft Exchange Server vulnerabilities The post FBI removes web shells from compromised Exchange servers appeared first on WeLiveSecurity
WhatsApp flaw lets anyone lock you out of your account
An attacker can lock you out of the app using just your phone number and without requiring any action on your part The post WhatsApp flaw lets anyone lock you out of your account appeared first on WeLiveSecurity
Clubhouse in the spotlight after user records posted online
Reports of another trove of scraped user data add to the recent woes of popular social media platforms The post Clubhouse in the spotlight after user records posted online appeared first on WeLiveSecurity
BazarLoader Malware Abuses Slack, BaseCamp Clouds
Two cyberattack campaigns are making the rounds using unique social-engineering techniques.
iOS Kids Game Morphs into Underground Crypto Casino
A malicious ‘Jungle Run’ app tricked security protections to make it into the Apple App Store, scamming users out of money with a casino-like functionality.
NSA: 5 Security Bugs Under Active Nation-State Cyberattack
Widely deployed platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware are all in the crosshairs of APT29, bent on stealing credentials and more.
Mandiant Front Lines: How to Tackle Exchange Exploits
Matt Bromiley, senior principal consultant with Mandiant, offers checklists for how small- and medium-sized businesses (SMBs) can identify and clear ProxyLogon Microsoft Exchange infections.
Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period
The zero-day flaw research group has revised its disclosure of the technical details of vulnerabilities in the hopes of speeding up the release and adoption of fixes.