PuzzleMaker attacks exploit Windows zero-day, Chrome vulnerabilities. According to Kaspersky, a wave of “highly targeted attacks” on several organizations was traced that utilized a chain of zero-day exploits in the Google Chrome browser and Microsoft Windows systems over April 14 and 15, 2021. The attackers have been named PuzzleMaker. The first exploit in the chain, while not confirmed, appears to be CVE-2021-21224, a V8 type confusion vulnerability in the Google Chrome browser prior to 90.0.4430.85.
Malicious actors are actively mass scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw, which the company addressed late last month. Mass scanning activity detected from 104.40.252.159 checking for VMware vSphere hosts vulnerable to remote code execution.
The Qlocker ransomware gang has shut down their operation after earning $350,000 in a month by exploiting vulnerabilities in QNAP NAS devices. Starting on April 19th, QNAP NAS device owners worldwide suddenly discovered that their device’s files were replaced by password-protected 7-zip archives.
Mozilla Thunderbird email client could have been abused to impersonate senders. The vulnerability, tracked as CVE-2021-29956, has been given a low severity rating by the company and exists in versions 78.8.1 to 78.10.1 of its email client. Thankfully though, it has now been patched by the developer who introduced it in the first place while trying to add extra protection to the secret keys used by Thunderbird.
Researchers from Ruhr-University Bochum have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document’s visible content by displaying malicious content over the certi fi ed content without invalidating its signature. The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents under different permission levels.
Babuk ransomware readies ‘shut down’ post, plans to open source malware. After just a few months of activity, the operators of Babuk ransomware briefly posted a short message about their intention to quit the extortion business after having achieved their goal. Unlike other gangs that chose to release decryption keys or even return the collected ransoms, Babuk’s final gesture is to pass the torch to others.
Pradeo team has come across an advanced mobile attack campaign that uses a phishing technique to steal victims’ credit card details and infects them with a malware that impersonates the Android Google Chrome app. The malware uses victims’ devices as a vector to send thousands of phishing SMS. Pradeo’s researchers qualified it as a Smishing trojan.
Microsoft has released an open-source tool called Counterfit that helps developers test the security of artificial intelligence (AI) systems. Microsoft has published the Counterfit project on GitHub and points out that a previous study it conducted found most organizations lack the tools to address adversarial machine learning.
Microsoft has fixed a bug that could allow a threat actor to create specially crafted downloads that crash Windows 10 simply by opening the folder where they are downloaded. Microsoft has classified this bug as a DDoS vulnerability and is tracking it as CVE-2021-28312 with the title ‘Windows NTFS Denial of Service Vulnerability.’
Nato holds Locked Shields 2021 – cyber war games with hackers targeting fictional island nation. The drills involving 30 countries are meant to test Nato’s defences during a global pandemic that is making the world more dependent on virtual systems. Hackers targeted vaccine developers during the Covid-19 crisis and the US government was the target of a major cyber attack, which was discovered last year.
A joint advisory from the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) warn that the Russian Foreign Intelligence Service (SVR) is exploiting five vulnerabilities in attacks against U.S.
Security researchers from Intel 471 told about EtterSilent, a flexible malicious document builder used by hackers to implement their criminal schemes. First advertised on a well-known Russian cybercrime forum, the seller offered two types of weaponized Microsoft Office documents (maldocs) to users: one that exploits a known vulnerability in Microsoft Office (CVE-2017-8570) and another that uses a malicious macro.
