EU to Stage Large-Scale Cyberattack Exercise on Supply Chains. The aim of the six-week exercise is to stress-test Europe’s resilience, strengthen preparedness and cooperation among member states, and improve the effectiveness of a joint response.
A Safari bug has surfaced, that can leak browsing history and information related to Google account. Apple’s browser, which is the default on macOS, iOS, and iPad OS has a security issue related to IndexedDB. This is an API that is used by websites to store data on the device, and uses the same-origin policy.
AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines.
Apache has released version 2.17.0 of the patch for Log4j after discovering issues with their previous release, which came out on Tuesday. Apache said version 2.16 “does not always protect from infinite recursion in lookup evaluation” and explained that it is vulnerable to CVE-2021-45105, a denial of service vulnerability. They said the severity is “high” and gave it a CVSS score of 7.5.
Industrial and government organizations, including enterprises in the military-industrial complex and research laboratories, are the targets of a new malware botnet dubbed PseudoManyscrypt that has infected roughly 35,000 Windows computers this year alone. The name comes from its similarities to the Manuscrypt malware, which is part of the Lazarus APT group’s attack toolset, Kaspersky researchers said, characterizing the operation as a “mass-scale spyware attack campaign”.
Mozilla has fixed an issue in its Firefox browser where usernames and passwords were being recorded in the Windows Cloud Clipboard feature, in what the organization categorized as a severe security risk that could have exposed credentials to non-owners whenever users copied or cut a password.
Security researchers from Google Project Zero discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. The vulnerabilities impact Zoom Client for Meetings on Windows, macOS, Linux, iOS, and Android. The first flaw, tracked as CVE-2021-34423, is a high-severity buffer overflow vulnerability that received a CVSS base score of 7.3.
An independent security researcher discovered a way to brute force Verizon PINs online, meaning they could potentially break into Verizon customer accounts. In response, Verizon has taken the impacted web pages offline.
Business software provider Zoho urged customers today to update their Desktop Central and Desktop Central MSP installations to the latest available version. The warning comes after the company patched a critical vulnerability (tracked as CVE-2021-44515) which could allow attackers to bypass authentication and execute arbitrary code on unpatched ManageEngine Desktop Central servers. Desktop Central Cloud is not affected.
Recorded Future Expert Allan Liska has published a new free e-book to explain: why ransomware exploded in recent years, how to stop a ransomware attack in its tracks and survive with minimal damage and should you pay the ransom or not.
T&T Alien Labs™ has found new Golang malware BotenaGo written in the open source programming language Golang. Deployed with more than 30 exploits, it has the potential of targeting millions of routers and IoT devices.
The TrickBot malware operators have been using a new method to check the screen resolution of a victim system to evade detection of security software and analysis by researchers. Last year, the TrickBot gang added a new feature to their malware that terminated the infection chain if a device was using non-standard screen resolutions of 800×600 and 1024×768. In a new variation spotted by threat researchers, the verification code has been added to the HTML attachment of the malspam delivered to the potential victim.
A new analysis of website fingerprinting (WF) attacks aimed at the Tor web browser has revealed that it’s possible for an adversary to glean a website frequented by a victim, but only in scenarios where the threat actor is interested in a specific subset of the websites visited by users.
The Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in “time-sensitive financial events” such as corporate mergers and acquisitions to make it easier to extort their victims. In a private industry notification published on Monday, the FBI said ransomware operators would use the financial information collected before attacks as leverage to force victims to comply with ransom demands.
The BlackMatter ransomware operation, which came to prominence earlier this year following the demise of the DarkSide ransomware gang, is allegedly shutting down due to “pressure from the authorities.” The group announced plans to shut down in a message posted on its ransomware-as-a-service (RaaS) portal, where other criminal groups typically register in order to get access to the BlackMatter ransomware strain.
Academic researchers have released details about a new attack method they call “Trojan Source” that allows injecting vulnerabilities into the source code of a software project in a way that human reviewers can’t detect. The researchers showed that one way this can be achieved is by using Unicode controls for bidirectional text (e.g. LRI -left-to-right isolate, and RLI -right-to-left isolate) to dictate the direction in which the content is displayed.