An industrial energy management system made by Delta Electronics is affected by several vulnerabilities whose exploitation could have serious consequences in a real world environment, according to the researcher who discovered the flaws. The existence of the vulnerabilities affecting Delta’s DIAEnergie product was disclosed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the researcher who identified them, Michael Heinzl.
Cisco has addressed an almost maximum severity authentication bypass Enterprise NFV Infrastructure Software (NFVIS) vulnerability with public proof-of-concept (PoC) exploit code. The security flaw (tracked as CVE-2021-34746) was found in the TACACS+ authentication, authorization, and accounting (AAA) of Cisco’s Enterprise NFV Infrastructure Software, a solution designed to help virtualize network services for easier management of virtual network functions (VNFs).
Cybercriminals are making strides towards attacks with malware that can execute code from the graphics processing unit (GPU) of a compromised system. While the method is not new and demo code has been published before, projects so far came from the academic world or were incomplete and unrefined.
The universal decryption key for REvil’s attack on Kaseya’s customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key.
A new Android Trojan has been identified by cybersecurity firm Zimperium, which released a report explaining how the malware has been able to hit more than 10,000 victims in 144 countries. The trojan, named FlyTrap by Zimperium researchers, has been able to spread through “social media hijacking, third-party app stores, and sideloaded applications” since March.
The Joint Cybersecurity Advisory coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) provided details on the top 30 vulnerabilities primarily Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021.
Websites run by the ransomware gang REvil suddenly became unreachable, sparking widespread speculation that the group had been knocked offline. The Russia-linked cybercrime ring has collected tens of millions of dollars in ransom payments in return for restoring computer systems it has hacked. In recent weeks it claimed responsibility for a sprawling ransomware outbreak that affected an estimated 800 to 1,500 businesses worldwide.
Kaspersky researchers recently came across unusual APT activity observed in South East Asia and dates back to at least October 2020. Most of the early sightings were in Myanmar, but it now appears the attackers are much more active in the Philippines, where there are more than 10 times as many known targets. Further analysis revealed that the underlying actor, dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.
Human rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a recent report that they found spyware made by Israeli surveillance firm NSO Group deployed on iPhones running Apple’s latest iOS release, hacked using zero-day zero-click iMessage exploits.
Microsoft released out-of-band patches for Windows systems affected by two critical bugs being tracked as CVE-2021-1675 and CVE-2021-34527 and has advised admins to disable the print spooler service until patches are applied. But Microsoft’s patch for the critical PrintNightmare bug might not solve all the problems the flaw has created, say security researchers.
SolarWinds patches critical Serv-U vulnerability exploited in the wild and urges customers to patch a Serv-U remote code execution vulnerability that was exploited in the wild by “a single threat actor” in attacks targeting a limited number of customers. The vulnerability tracked as CVE-2021-35211 impacts Serv-U Managed File Transfer and Serv-U Secure FTP, and it enables remote threat actors to execute arbitrary code with privileges following successful exploitation.
