26 July 2021
- Websites run by the ransomware gang REvil suddenly became unreachable, sparking widespread speculation that the group had been knocked offline. The Russia-linked cybercrime ring has collected tens of millions of dollars in ransom payments in return for restoring computer systems it has hacked. In recent weeks it claimed responsibility for a sprawling ransomware outbreak that affected an estimated 800 to 1,500 businesses worldwide.
- Kaspersky researchers recently came across unusual APT activity observed in South East Asia and dates back to at least October 2020. Most of the early sightings were in Myanmar, but it now appears the attackers are much more active in the Philippines, where there are more than 10 times as many known targets. Further analysis revealed that the underlying actor, dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.
- Human rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a recent report that they found spyware made by Israeli surveillance firm NSO Group deployed on iPhones running Apple’s latest iOS release, hacked using zero-day zero-click iMessage exploits.
- Microsoft spent $ 500 million to buy the popular cloud security company RiskIQ.
29 June 2021
- Thousands of instances of VMware vCenter Servers with two recently disclosed vulnerabilities in them remain publicly accessible on the Internet three weeks after the company urged organizations to immediately patch the flaws, citing their severity. The flaws, CVE-2021-21985 and CVE-2021-21986, basically give attackers a way to take complete control of systems running vCenter Server, a utility for centrally managing VMware vSphere virtual server environments.
- Researchers from Avast are warning of the rapid growth of the DirtyMoe botnet, which passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts defined DirtyMoe as a complex malware that has been designed as a modular system.
- Mayur Fartade, the Indian hacker, discovered the Instagram bug that allowed hackers to view selected media on the platform. By brute-forcing Media IDs, the attacker might have also been able to save photographs, videos, and metadata about specific media in addition to accessing user’s private images. Facebook patched the bug on April 29, and on June 15, Fartade was awarded $30000 for discovering the dangerous vulnerability.
- Researchers have seen a new variant of the IcedID banking trojan sliding in via two new spam campaigns.
15 June 2021
- PuzzleMaker attacks exploit Windows zero-day, Chrome vulnerabilities. According to Kaspersky, a wave of “highly targeted attacks” on several organizations was traced that utilized a chain of zero-day exploits in the Google Chrome browser and Microsoft Windows systems over April 14 and 15, 2021. The attackers have been named PuzzleMaker. The first exploit in the chain, while not confirmed, appears to be CVE-2021-21224, a V8 type confusion vulnerability in the Google Chrome browser prior to 90.0.4430.85.
- Malicious actors are actively mass scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw, which the company addressed late last month. Mass scanning activity detected from 220.127.116.11 checking for VMware vSphere hosts vulnerable to remote code execution.
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the availability of a new guide for cyber threat intelligence analysts on the use of the MITRE ATT&CK framework. The goal of the 20-page Best Practices for MITRE ATT&CK Mapping guide is to help analysts map attacker behaviors to the relevant ATT&CK techniques, both from cybersecurity reports and raw data.
- Security researchers have discovered a new piece of malware called SkinnyBoy that was used in spear-phishing campaigns attributed to Russian-speaking hacking group APT28.