Security incidents from 7-13 August 2021

 An abbreviated synopsis of recent international news in the field of information security.



The week ended with an incredibly wide range of information In the period


Juniper Threat Labs found evidence that it was already actively The information security investigator Tenable Evan Grant published on 3 August 2021 some details of a number of routers' vulnerabilities from several telecommunications operators, including Verizon and O2. Juniper Threat Labs specialists discovered just two days later that one of them (CVE-2021-20090) was already being harassed.


Cybercrimen are now targeting Windows systems for Magniber ransomware and arm themselves with infamous PrintNightmare vulnerabilities. In Windows Print Spooler, Windows drivers and the Windows Point and Print feature, PrintNightMore is the vulnerabilities of the classes (CVE-2021-1675, CVE-2021-34527 and CVE-2021-36958). Researchers from CrowdStrike revealed that Magniber ransomware operators currently use PrintNightmare vulnerabilities in victims assaults in South Korea.


For Microsoft Exchange installations with uncontrolled vulnerabilities, cybercriminals actively monitor the Web. The scans started following the Black Hat convention in Las Vegas last week introduction of fresh data regarding the vulnerabilities.


Several botnet complaints occurred at once throughout the reporting period. Splunk specialists have therefore stated that the Crypto botnet operators have resumed their operations. With Remote Desktop Protocol (RDP) enabled, cyber thieves are attacking Windows Server virtual servers inside Amazon web services. Once weak virtual machines have been detected, attackers attack brute force. If they succeed, hackers install crypto-monetary tools for Monero mining.


Cybersecurity experts at Uptycs discovered that hackers utilise a Golang-language worm to install a cryptominer on victim devices. To enhance its bitcoin mining algorithm, Cryptominer changes CPU settings on hacked Linux servers. According to experts, it's the first time attackers alter a processor to deactivate the CPU hardware prefetcher function by changing Model-Specific Registers.


Taiwanese NAS maker Synology has warned consumers about a nefarious campaign where botnet operators of StealthWorker assault NAS systems and ransomware infect them. The synology NAS devices affected by these assaults are used to


Microsoft warned about multiple malware operations simultaneously. She warned in particular of a Many attacks started in July 2020, the analysts said. Attackers encourage victims to transmit their


A new malicious BazaCall campaign was also disclosed by Microsoft Security Intelligence team. The campaign employs e-mails and malware Scammers


The attack on the international The attack led to more than $ 600 million of crypto-currency transfer from an unknown hacker into However, immediately after that, somebody The hacker said his aim was for the Poly Network to expose its


Hackers hacked and withdrew On their Telegram channel, DAO Maker representatives Representatives of the DAO Maker ensured that DAO toks


Traditionally, cyber ransomware assaults have not been without. The The firm was assaulted with LockBit malware.


Gigabyte has also been targeted The hacker organisation RansomExx said that 112 terabytes of data were stolen during the attack. Attackers threaten to post them online if they are not paid by Gigabyte.


The developer and publisher of the computer game Crytek announced that in October 2020 it fell victim to ransomware Egregor. The hackers encrypted the networks of the firm, stolen confidential data from files and published them on the darknet site. In August 2021, Crytek only sent the appropriate users notices.


The ransomware eCh0raix has obtained encryption of QNAP and the connected storage network Synology (NAS). The first malware identified in June, 2016, was ECh0raix, also called QNAPCrypt. QNAP NAS devices were targeted in waves by ransomware. In June 2019 the first "wave" occurred, and in June 2020 the second "wave." In 2019 eCh0raix encrypted Synology-based devices using brute force pre-hacking. Now, the ransomware feature encrypts both families of the device.


On the hacker forum, a strange global key was provided for decrypting files encrypted during an assault on consumers by the ransomware REvil. Note that, by means of a null-day vulnerability in Kaseya VSA remote control software, the REvil team targeted managed service providers around the world on 2 July this year. After the assault, the Ransomware asked for a universal tool for 70 million dollars that would recover all Kaseya clients' encrypted files. The REvil organisation, however, inexplicably stopped existed then and its wallets and its infrastructure were disabled. On the 22nd of July, Kaseya had received and begun distributing its Universal Decrypter from a mystery "third party." On one of the hacker forums this week, a strange master key was shared.


The main feature of the Ransomware group El Cometa, previously SynAck, was published in June 2017 and early 2021, for those who were the victims. As SynAck officials indicated, they chose to provide a master key in order to recover ransomware encrypted files during previous operations as they want to concentrate on new ones. The gang started a new operation named El Cometa at the end of last month.


Not without weekly data leaks. Hackers therefore submitted confidential papers for sale from the Lithuanian Ministry of Foreign Affairs. The assailants seized the Ministry of Foreign Affairs' communication with the Baltic Republic's embassies outside Lithuania and with the Embassies of other nations. This fact is being investigated.


After a copy of the internal resource data base has been offered on sale on a subway forum, the European Commission is probing the hacking of its Cybersecurity Atlas project. The stolen material was sold in an underground forum by an unknown attacker and claimed that they had access to the full Cybersecurity Atlas database. The seller wants the transaction to be completed by the Discord Messeger.


In a hostile campaign begun in January 2019, a Chinese cybercriminal gang assaulted Israeli organisations. In order to masquerade themselves as Iranian criminals, Hackers often used counterfeit flags. The assaults were targeted by Israeli government organisations, IT firms and telecoms carriers, according to specialists at information security companies Mandiant. Attackers, who are monitored by the UNC215 code name, are frequently affected by companies that are vulnerable via Microsoft SharePoint servers.


This week, malware was targeted by users of social networks and instant messengers. In the Telegram Messenger for example, FatalRAT is spread. The FatalRAT remote access trojan robs Russian data as well as impacts the device security system where the messenger is installed. The harmful software performs remote assaults and spreads inside.


Information security specialists at Zimperium found a new malware campaign targeting Android users. FlyTrap is a malware application in which Facebook accounts are hacked by collecting session cookies. Over 10,000 people have already been victimised by malware in 140 countries all over the world.

Post a Comment

Previous Post Next Post

POST ADS1

POST ADS 2