Blog

Cybersecurity Digest #30: 26/07/2021 – 6/08/2021

Cybersecurity news

More

Cybersecurity Digest #29: 12/07/2021 – 23/07/2021

Cybersecurity News

  • Websites run by the ransomware gang REvil suddenly became unreachable, sparking widespread speculation that the group had been knocked offline. The Russia-linked cybercrime ring has collected tens of millions of dollars in ransom payments in return for restoring computer systems it has hacked. In recent weeks it claimed responsibility for a sprawling ransomware outbreak that affected an estimated 800 to 1,500 businesses worldwide.
  • Kaspersky researchers recently came across unusual APT activity observed in South East Asia and dates back to at least October 2020. Most of the early sightings were in Myanmar, but it now appears the attackers are much more active in the Philippines, where there are more than 10 times as many known targets. Further analysis revealed that the underlying actor, dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.
  • Human rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a recent report that they found spyware made by Israeli surveillance firm NSO Group deployed on iPhones running Apple’s latest iOS release, hacked using zero-day zero-click iMessage exploits.
  • Microsoft spent $ 500 million to buy the popular cloud security company RiskIQ.

More

Cybersecurity Digest #28: 28/06/2021 – 09/11/2021

Cybersecurity News

More

Cybersecurity Digest #27: 14/06/2021 – 25/06/2021

Cybersecurity News

More

Cybersecurity Digest #26: 31/05/2021 – 11/06/2021

Cybersecurity News

  • PuzzleMaker attacks exploit Windows zero-day, Chrome vulnerabilities. According to Kaspersky, a wave of “highly targeted attacks” on several organizations was traced that utilized a chain of zero-day exploits in the Google Chrome browser and Microsoft Windows systems over April 14 and 15, 2021. The attackers have been named PuzzleMaker. The first exploit in the chain, while not confirmed, appears to be CVE-2021-21224, a V8 type confusion vulnerability in the Google Chrome browser prior to 90.0.4430.85.
  • Malicious actors are actively mass scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw, which the company addressed late last month. Mass scanning activity detected from 104.40.252.159 checking for VMware vSphere hosts vulnerable to remote code execution.
  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the availability of a new guide for cyber threat intelligence analysts on the use of the MITRE ATT&CK framework. The goal of the 20-page Best Practices for MITRE ATT&CK Mapping guide is to help analysts map attacker behaviors to the relevant ATT&CK techniques, both from cybersecurity reports and raw data.
  • Security researchers have discovered a new piece of malware called SkinnyBoy that was used in spear-phishing campaigns attributed to Russian-speaking hacking group APT28.

More