18 October 2021
- Telegram bot SMSRanger helps cybercriminals steal one-time passwords. Attackers use a bot to send automatic messages to people, allegedly on behalf of a bank, PayPal, etc.Cybercriminals have armed themselves with a new, simplified attack tool based on scripts from the Telegram messenger that allows them to create bots to steal credentials with a one-time password, intercept control of user accounts and steal bank funds.
- Victims of ransomware attacks in USA would be required to report payments to their hackers within 48 hours under a proposal from Democratic Senator Elizabeth Warren and Democratic Representative Deborah Ross.
- U.S. National Security Agency warned organizations and companies about a new TLS attack called Application Layer Protocol Content Confusion Attack (ALPACA). The NSA has urged organizations to follow technical guidelines and protect servers from scenarios where attackers can access and decrypt encrypted web traffic.
- Microsoft specialists released data on the attack, which the corporation called the most powerful in history. According to them, the DDoS attack was recorded back in August 2021. It was directed against a large European company that is a client of the Microsoft Azure cloud service.
21 September 2021
- A team of researchers have devised a new method for protecting SSDs from ransomware attacks. It can detect ransomware, stop it in its tracks, and even recover stolen data in a matter of seconds. The cost should only be a minor increase in the SSD’s latency. SSD-Insider works by recognizing certain patters in SSD activity that are known to indicate ransomware.
- Cybercriminals recreate Cobalt Strike in Linux. The new malware strain has gone unnoticed by detection tools. A re-implementation of Cobalt Strike has been “written from scratch” to attack Linux systems. Dubbed Vermilion Strike, Intezer said that the new variation leans on Cobalt Strike functionality, including its command-and-control (C2) protocol, its remote access functionality, and its ability to run shell instructions.
- The dark web servers for the REvil ransomware operation have suddenly turned back on after an almost two-month absence. It is unclear if this marks their ransomware gang’s return or the servers being turned on by law enforcement.The REvil ransomware gang, aka Sodinokibi, used a zero-day vulnerability in the Kaseya VSA remote management software to encrypt approximately 60 managed service providers (MSPs) and over 1,500 of their business customers.
03 September 2021
- Researchers at Huntress Labs estimate that over the past few days, about 2,000 Microsoft Exchange mail servers have been compromised and infected with backdoors, because their owners have not installed patches to fix ProxyShell vulnerabilities.
- An industrial energy management system made by Delta Electronics is affected by several vulnerabilities whose exploitation could have serious consequences in a real world environment, according to the researcher who discovered the flaws. The existence of the vulnerabilities affecting Delta’s DIAEnergie product was disclosed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the researcher who identified them, Michael Heinzl.
- Cisco has addressed an almost maximum severity authentication bypass Enterprise NFV Infrastructure Software (NFVIS) vulnerability with public proof-of-concept (PoC) exploit code. The security flaw (tracked as CVE-2021-34746) was found in the TACACS+ authentication, authorization, and accounting (AAA) of Cisco’s Enterprise NFV Infrastructure Software, a solution designed to help virtualize network services for easier management of virtual network functions (VNFs).
- Cybercriminals are making strides towards attacks with malware that can execute code from the graphics processing unit (GPU) of a compromised system. While the method is not new and demo code has been published before, projects so far came from the academic world or were incomplete and unrefined.