Latest cybersecurity news, analysis, articles, alerts, and threat actors.

Views expressed in this cybersecurity-intelligence update are those of the reporters and correspondents.

Accessed on 09 December 2021, 1953 UTC.

Source:  Email subscription to “Cyware.com.”

https://cyware.com/cyber-security-news-articles

Please click link or scroll down to read your selections.

Filter Alerts by

Latest Cybersecurity News And Articles

 

SideCopy APT Targets Indian and Afghan Governments

Researchers discovered that the SideCopy APT group targeted government officials in India and Afghanistan via the new AuTo data stealer for cyberespionage. Hackers use ActionRAT and AuTo Stealer malware in this campaign. Government entities are suggested to invest more in security and stay vig … Read More

Revived Cerber Targets Confluence and GitLab Servers

Cerber ransomware is active again with new attack tactics. This time it has been observed targeting remote code execution vulnerabilities in Atlassian Confluence and GitLab servers.

Microsoft Seizes Malicious Domains Used by Nickel

The Nickel group was using several malicious domains for intelligence gathering from multiple government agencies, think tanks, and human rights organizations worldwide. 

KAX17 Runs Rogue Relays to Expose Tor Users

Researchers stumbled across a mischievous threat actor, dubbed KAX17, running over 900 malicious servers allegedly to deanonymize Tor users. Most of the Tor relay servers used by the group were located in data centers worldwide and were configured as entry and middle points. The recent findings sho … Read More

Over 300,000 MikroTik Devices Found Vulnerable to Remotely Exploitable Vulnerabilities

The most affected devices are located in China, Brazil, Russia, Italy, Indonesia, with the U.S. coming in at number eight, cybersecurity firm Eclypsium said in a report shared with The Hacker News.

US Food Importer Firm Atalanta Suffers Ransomware Attack

Upon becoming aware of the malicious activity, Atalanta engaged third-party specialists and began to remediate the situation, including conducting a forensic investigation into the incident.

Critical web security flaws in Kaseya Unitrends backup appliances remediated after researchers’ disclosure

Each of the flaws (rated with a CVSS score of 9.8) posed a remote code execution risk to Kaseya Unitrends Backup Appliance running vulnerable versions of the software, ranging from 10.0.x-10.5.4.

Half of Websites Still Using Legacy Crypto Keys

The internet is becoming more secure overall, but slightly more than half of websites’ digital keys are still generated via legacy encryption algorithms, according to new research.

Flaws in Tonga’s top-level domain left Google, Amazon, Tether web services vulnerable to takeover

Palisade researchers discovered an SQL injection vulnerability on the registrar website, abuse of which could enable attackers to obtain the plaintext DNS master passwords for ‘.to’ domains.

SSRF vulnerability patched in Jamf Pro mobile security platform

A vulnerability in Jamf Pro, a popular MDM platform for Apple devices, allowed attackers to stage SSRF attacks on the application’s servers, security researchers at Assetnote have found.

An analysis of the life cycle of phishing and scam pages

According to a study by Kaspersky, the classification of links based on the number of hours the pages survived shows the bulk of phishing pages were only active for less than 24 hours.

Backdoored chat app for crims was sold with tech supoprt

The app, named An0m, was revealed in June 2021 when Australia’s Feds (AFP), the FBI, and European authorities revealed they’d combined to convince crims the software allowed secure communications.

MANGA aka Dark Mirai-based Campaign Targets New TP-Link Router RCE Vulnerability

FortiGuard Labs found a malware sample being distributed in the wild targeting TP-link wireless routers. It leverages a recently post-authenticated RCE vulnerability released barely two weeks prior.

What to Do When a Ransomware Group Disappears

In some cases, police or federal agencies take control of the attacker’s servers. In other cases, the ransomware groups get scared and abandon their efforts, possibly from heightened media attention.

Microsoft Vancouver Leaking Website Credentials via Overlooked DS_STORE File

Back in September, while gathering intelligence on an IoT search engine, CyberNews researchers stumbled upon a DS_STORE file that was apparently stored on a web server owned by Microsoft Vancouver.

US Cyber Command head confirms direct actions against ransomware gangs

General Paul M. Nakasone explained that his agency is working hand-in-hand with the NSA, FBI, and other federal entities while during a talk at the Reagan National Defense Forum.

December 9, 2021

Everyone is burned out. That’s becoming a security nightmare

Cybersecurity workers and other employees within organizations are suffering from a high level of burnout that is putting organizations at greater risks from cyberattacks and data breaches.

Malicious NPM Packages Being Used to Hijack Discord Servers

A series of malicious packages in the Node.js package manager (npm) code repository are looking to harvest Discord tokens, which can be used to take over unsuspecting users’ accounts and servers.

December 9, 2021

When Scammers Get Scammed, They Take It to Cybercrime Court

To file a complaint with the cybercriminal court in one large underground forum, the user is required to open a thread, and then provide the username of the defendant and their contact information.

Top blockchain security attacks, hacks and issues

The next-gen Web3 opportunity is not just about empowering people through distributed governance — technical, social, and economic — but about better securing the entire ecosystem in the process.

December 9, 2021

Businesses fear rise of third-party attacks, as ransomware impact grows

Some 84% of organizations believe supply chain attacks can become a major threat within the next three years, with 48% in APAC reporting at least one such attack in the past year.

Report: Chinese Hackers Targeted Southeast Asian Nations

Insikt said it determined that the high-profile military and government organizations in Southeast Asia had been compromised over the last nine months by hackers using custom malware families.

December 8, 2021

With 18,378 vulnerabilities reported in 2021, NIST records fifth straight year of record numbers

The figure set a record for the fifth straight year in a row. The number of high severity vulnerabilities fell slightly, with 3,646 high-risk vulnerabilities this year compared to 4,381 in 2020.

CS Energy foiled a ransomware attack

“If the attack had been successful, 3500 megawatts of power would have been taken out of the grid, enough for between 1.4 and three million homes.” reported the website News.com.au.

For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts.

Thanks for joining us today.

Russ Roberts

https://cyber-security-intelligence.org