Here’s the latest cybersecurity news-articles from “Cyware.com.”
Views expressed in this cybersecurity news update are those of the reporters and correspondents.
Accessed on 22 August 2021, 1338 UTC.
Content provided by “Cyware.com.”
Please click link or scroll down to read your selections.
U.S. State Department reportedly hit by a cyberattack in recent weeks
As per reports, the U.S. State Department was hit by a cyberattack, and notifications of a potentially serious breach were made by the Department of Defense Cyber Command.
OPAD: A New Adversarial Attack Targeting Artificial Intelligence
Researchers discovered a new adversarial attack, OPAD, that can gull AI technologies to modify the appearance of real 3D objects. One of the critical factors of such an attack is that no physical access is required for the objects. The successful demonstration of OPAD shows the possibility of … Read More
Singapore real estate firm breached by ALTDOS
The stolen data reportedly includes 969 databases from ACSystem, NewOrangeTee, OT_Analytics, OT_Leave, and ProjInfoListing, ranging from corporate/financial records to customer private personal and financial information.
New analysis of Diavol ransomware reinforces the link to TrickBot gang
In July, researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been developed by Wizard Spider, the cybercrime gang behind the TrickBot botnet.
North Korean Hacker Group Uses Browser Exploits
The security experts of the cybersecurity firm, Volexity have recently reported an attack through which the North Korean Hacker Group using browser exploits to deploy the customer malware on the website.
LockFile ransomware uses PetitPotam attack to hijack Windows domains
At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide.
AT&T denies data breach after hacker auctions 70 million user database
AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers.
Google Docs Scams Still Pose a Threat
In research presented at the Defcon security conference this month, a researcher found workarounds that attackers could potentially use to get past Google’s enhanced Workspace protections.
Google shares details of unpatched Windows AppContainer vulnerability
Google Project Zero researcher James Forshaw shared details of a Windows AppContainer vulnerability after Microsoft backtracked on its previous stance of not fixing the flaw and announcing to address it soon.
Internet Systems Consortium (ISC) fixes High-Severity DoS flaw in BIND DNS Software
The Internet Systems Consortium (ISC) has released security updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2021-25218, that affects its BIND DNS software.
SynAck ransomware decryptor lets victims recover files for free
Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free. As part of this rebranding, the threat actors released the master decryption keys on their Tor data leak site.
Pegasus iPhone hacks used as lure in extortion scheme
This week, a threat actor began emailing recipients, telling them that their iPhone device was hacked with a ‘zero-click’ vulnerability to install the Pegasus spyware software.
ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups
ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017.
Cloud load balancer snafu leads to 3D printer user printing on a stranger’s kit
Just over 70 of The Spaghetti Detective’s users were able to control others’ 3D printing devices as a result – something the service said it doesn’t normally allow to happen.
Cloudflare says it mitigated a record-breaking 17.2M rps DDoS attack
Cloudflare said this attack peaked at 17.2 million HTTP requests/second (rps), a figure that the company described as almost three times larger than any previously reported volumetric DDoS attack.
High-Severity DoS Vulnerability Patched in BIND DNS Software
The Internet Systems Consortium (ISC) this week publicly announced the availability of patches for a high-severity denial-of-service (DoS) vulnerability affecting its BIND DNS software.
Kerberos Authentication Spoofing: Don’t Bypass the Spec
The authentication protocols used by security systems must be flawless. But there’s no such thing as a flawless system, and implementation errors can lead to hazardous security vulnerabilities.
Windows EoP Bug Detailed by Google Project Zero
Microsoft decided to address this EoP bug, reaching out to Project Zero to let the researchers know that it had decided to work on the issue despite initially stating that it was “out of scope.”
After Europe, Flubot Malware Campaign Hits Australians via Scam Text Messages
FluBot is a type of malware targeting Android users, but iPhone users can also receive messages. It tells the receiver they missed a call or have a new voicemail, providing a fake link to listen.
Update: T-Mobile probe into breach finds more customers hit, tally now at 53 mln
T-Mobile said on Friday that an ongoing investigation revealed that hackers accessed information of an additional 5.3 million customers, bringing the total number to more than 53 million.
Human Rights Alliance Karapatan Faces Weeks-long DDOS Attacks
Qurium reported that the attackers launched billions of “malicious web requests” comprising application-layer web floods, which is a form of DDoS (Distributed Denial of Service) attack.
The shipping supply chain is stressed from Covid. That makes it ripe for hackers.
Shipping ports have become significantly more reliant on robotic operations and digitized inventory rather than human labor, making them particularly easy to disrupt through cyberattacks.
Social Housing Group Suffers Outage and Data Breach After Ransomware Attack
The organizations confirmed that no data of tenants or staff were accessed, but a ‘small amount’ of data was compromised, which resulted in the systems being taken offline as a precautionary measure.
US States Snag $240M to Combat Unemployment Fraud
As states look to modernize outdated systems used to process claims, cybersecurity is a key concern, said Matt Pincus, the director of government affairs at the National Association of State CIOs.
Attackers rapidly adopting new techniques to target users
Phishing attacks have not only increased in volume between Q1 and Q2 but have also become more advanced, with campaigns becoming more customized to launch targeted attacks against users.