Latest cybersecurity news, analysis, articles, alerts, and threat actors.
Views expressed in this cybersecurity-intelligence update are those of the reporters and correspondents.
Accessed on 09 December 2021, 1953 UTC.
Source: Email subscription to “Cyware.com.”
Please click link or scroll down to read your selections.
Latest Cybersecurity News And Articles
SideCopy APT Targets Indian and Afghan Governments
Researchers discovered that the SideCopy APT group targeted government officials in India and Afghanistan via the new AuTo data stealer for cyberespionage. Hackers use ActionRAT and AuTo Stealer malware in this campaign. Government entities are suggested to invest more in security and stay vig … Read More
Revived Cerber Targets Confluence and GitLab Servers
Cerber ransomware is active again with new attack tactics. This time it has been observed targeting remote code execution vulnerabilities in Atlassian Confluence and GitLab servers.
Microsoft Seizes Malicious Domains Used by Nickel
The Nickel group was using several malicious domains for intelligence gathering from multiple government agencies, think tanks, and human rights organizations worldwide.
KAX17 Runs Rogue Relays to Expose Tor Users
Researchers stumbled across a mischievous threat actor, dubbed KAX17, running over 900 malicious servers allegedly to deanonymize Tor users. Most of the Tor relay servers used by the group were located in data centers worldwide and were configured as entry and middle points. The recent findings sho … Read More
Over 300,000 MikroTik Devices Found Vulnerable to Remotely Exploitable Vulnerabilities
The most affected devices are located in China, Brazil, Russia, Italy, Indonesia, with the U.S. coming in at number eight, cybersecurity firm Eclypsium said in a report shared with The Hacker News.
US Food Importer Firm Atalanta Suffers Ransomware Attack
Upon becoming aware of the malicious activity, Atalanta engaged third-party specialists and began to remediate the situation, including conducting a forensic investigation into the incident.
Critical web security flaws in Kaseya Unitrends backup appliances remediated after researchers’ disclosure
Each of the flaws (rated with a CVSS score of 9.8) posed a remote code execution risk to Kaseya Unitrends Backup Appliance running vulnerable versions of the software, ranging from 10.0.x-10.5.4.
Half of Websites Still Using Legacy Crypto Keys
The internet is becoming more secure overall, but slightly more than half of websites’ digital keys are still generated via legacy encryption algorithms, according to new research.
Flaws in Tonga’s top-level domain left Google, Amazon, Tether web services vulnerable to takeover
Palisade researchers discovered an SQL injection vulnerability on the registrar website, abuse of which could enable attackers to obtain the plaintext DNS master passwords for ‘.to’ domains.
SSRF vulnerability patched in Jamf Pro mobile security platform
A vulnerability in Jamf Pro, a popular MDM platform for Apple devices, allowed attackers to stage SSRF attacks on the application’s servers, security researchers at Assetnote have found.
An analysis of the life cycle of phishing and scam pages
According to a study by Kaspersky, the classification of links based on the number of hours the pages survived shows the bulk of phishing pages were only active for less than 24 hours.
Backdoored chat app for crims was sold with tech supoprt
The app, named An0m, was revealed in June 2021 when Australia’s Feds (AFP), the FBI, and European authorities revealed they’d combined to convince crims the software allowed secure communications.
MANGA aka Dark Mirai-based Campaign Targets New TP-Link Router RCE Vulnerability
FortiGuard Labs found a malware sample being distributed in the wild targeting TP-link wireless routers. It leverages a recently post-authenticated RCE vulnerability released barely two weeks prior.
What to Do When a Ransomware Group Disappears
In some cases, police or federal agencies take control of the attacker’s servers. In other cases, the ransomware groups get scared and abandon their efforts, possibly from heightened media attention.
Microsoft Vancouver Leaking Website Credentials via Overlooked DS_STORE File
Back in September, while gathering intelligence on an IoT search engine, CyberNews researchers stumbled upon a DS_STORE file that was apparently stored on a web server owned by Microsoft Vancouver.
US Cyber Command head confirms direct actions against ransomware gangs
General Paul M. Nakasone explained that his agency is working hand-in-hand with the NSA, FBI, and other federal entities while during a talk at the Reagan National Defense Forum.
Everyone is burned out. That’s becoming a security nightmare
Cybersecurity workers and other employees within organizations are suffering from a high level of burnout that is putting organizations at greater risks from cyberattacks and data breaches.
Malicious NPM Packages Being Used to Hijack Discord Servers
A series of malicious packages in the Node.js package manager (npm) code repository are looking to harvest Discord tokens, which can be used to take over unsuspecting users’ accounts and servers.
When Scammers Get Scammed, They Take It to Cybercrime Court
To file a complaint with the cybercriminal court in one large underground forum, the user is required to open a thread, and then provide the username of the defendant and their contact information.
Top blockchain security attacks, hacks and issues
The next-gen Web3 opportunity is not just about empowering people through distributed governance — technical, social, and economic — but about better securing the entire ecosystem in the process.
Businesses fear rise of third-party attacks, as ransomware impact grows
Some 84% of organizations believe supply chain attacks can become a major threat within the next three years, with 48% in APAC reporting at least one such attack in the past year.
Report: Chinese Hackers Targeted Southeast Asian Nations
Insikt said it determined that the high-profile military and government organizations in Southeast Asia had been compromised over the last nine months by hackers using custom malware families.
With 18,378 vulnerabilities reported in 2021, NIST records fifth straight year of record numbers
The figure set a record for the fifth straight year in a row. The number of high severity vulnerabilities fell slightly, with 3,646 high-risk vulnerabilities this year compared to 4,381 in 2020.
CS Energy foiled a ransomware attack
“If the attack had been successful, 3500 megawatts of power would have been taken out of the grid, enough for between 1.4 and three million homes.” reported the website News.com.au.