Cybersecurity News
- The Qlocker ransomware gang has shut down their operation after earning $350,000 in a month by exploiting vulnerabilities in QNAP NAS devices. Starting on April 19th, QNAP NAS device owners worldwide suddenly discovered that their device’s files were replaced by password-protected 7-zip archives.
- Mozilla Thunderbird email client could have been abused to impersonate senders. The vulnerability, tracked as CVE-2021-29956, has been given a low severity rating by the company and exists in versions 78.8.1 to 78.10.1 of its email client. Thankfully though, it has now been patched by the developer who introduced it in the first place while trying to add extra protection to the secret keys used by Thunderbird.
- Researchers from Ruhr-University Bochum have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document’s visible content by displaying malicious content over the certi fi ed content without invalidating its signature. The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents under different permission levels.
- Microsoft warns of fake ransomware StrRAT that is actually a potent malware. The malware is a potent data-stealing trojan. Yet, it masks itself as ransomware to fool victims and make money. StrRAT is under active distribution via phishing emails that include a malicious attachment. Downloading this attachment lets the malware connect with the server to download the actual payload.
Cybersecurity Blog Posts
- Dan Kaplan told about 6 Key MSSP obstacles that can be solved with automated and integrated security operations. To stand apart from rivals, providers must overcome six key modern challenges: increasing customer acquisition costs, lack of centralized visibility, multiple delivery models, meeting SLA commitments, round-the-clock operations, personnel turnover.
- Darren Mar-Elia has written a post about active directory security and abusing display specifiers. He told about display specifiers that can be abused by attackers and gave some advice how to defend against display specifier abuse.
- Eclypsium experts shared their opinion about perspectives on the 2021 cybersecurity executive order.
Research and analytics
- According to Elliptic research, in total, just over $ 90 million in Bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets. 99 organisations have been infected with the DarkSide malware – suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million.
- New Privacera survey finds securing sensitive data conflicts with data science priorities. 58% of survey respondents reporting a conflict of interest between analytics and security. An analytical teams’ productivity is adversely impacted by security requirements, often resulting in a never-ending, and difficult to resolve, stream of IT tickets requesting access to sensitive data.
- After examining 23 Android applications, Check Point Research noticed mobile app developers potentially exposed the personal data of over 100 million users through a variety of misconfigurations of third party cloud services. Personal data included emails, chat messages, location, passwords and photos, which, in the hands of malicious actors could lead to fraud, identity-theft and service swipes.
- Vectra has published Office 365 Security Takeaways E-Book. This e-Book contains analysis and findings from a global survey of IT security professionals as well as key takeaways on how to protect the organization. 71% have suffered an average of 7 account takeovers of authorized users during the last 12 months.
- The PerimeterX Automated Fraud Benchmark Report uncovers hidden trends and provides unique insights into automated fraud gleaned from billions of anonymized online interactions by real users and bots across hundreds of the world’s largest shopping sites.
- Mandiant Threat Research has observed an increase in compromises of internet-accessible OT assets over the past several years. In their blog post they discussed previously undisclosed compromises and place them in context alongside publicly known incidents. They observed more low sophistication threat activity leveraging broadly known tactics, techniques, and procedures (TTPs), and commodity tools to access, interact with, or gather information from internet exposed assets.
- State of Security 2021 Global research published by Splunk defines post-COVID security challenges, from remote work vulnerabilities to supply chain attacks. The global survey finds that the challenges of a post-COVID, post-SolarWinds world have security and IT leaders scrambling for new strategies. 78% of security and IT leaders worry that they’ll be hit by a SolarWinds-style attack and 88% of organizations say they’re increasing security spending — and 35% say “significantly.”
- Richard Stiennon have listed Top 20 Fastest Growing Cybersecurity Companies in Q1 2021.
Major Cyber Incidents
- European Company Ardagh Group has been hit by a cyberattack recently and is said to be on road to recovery. A source from the Glass and Metal-based packaging giant said that the attack was of a malware variant, but failed to acknowledge it as a ransomware attack as the investigation was still going on the issue.
- One of the world’s biggest cyber insurance companies, AXA, was hit with a ransomware attack at its offices in Asia this weekend by noted ransomware gang Avaddon. Members of the Avaddon group wrote on its dark website that it has already taken three terabytes of data from AXA Group and that the files include information like passports, contracts, payments to customers, bank account information, files from hospitals about fraud investigations and medical reports that had sensitive information about patients.
- A cyber attack on Irish health service computer systems happened recently and Irish patients’ data stolen by hackers appeared online. The health service has temporarily shut down its IT system to protect it after the attack. The Health Service Executive (HSE) said it had taken the precaution of closing down its systems to further protect them and assess the situation.
- Indonesian authorities blocked access to the well-known hacker RAID forum, trying to prevent the spread of confidential data of the country’s residents. An announcement appeared on the forum about the sale of personal data of 279 million Indonesians. The leak included names, national IDs, tax registration information, mobile phone numbers, and for some citizens, photographs and salary information are also provided.
- Audio equipment company Bose revealed that it was hit with a ransomware attack. The attack exposed employee SSNs and financial information. The company was forced to notify New Hampshire officials after employees in the state had their information accessed.
- Air India disclosed a data breach after personal information belonging to roughly 4.5 million of its customers was leaked two months following the hack of Passenger Service System provider SITA in February 2021.