- 1. New Windows ‘Pingback’ malware uses ICMP for covert communication
Researchers say they have identified a novel Windows malware sample dubbed "Pingback" that leverages ICMP for C&C communications and DLL hijacking to achieve persistence on targeted Windows 64-bit systems.
- 2. U.S. Organizations Targeted by New Cybercrime Group With Sophisticated Malware
A new threat actor that appears to be financially motivated has targeted many organizations in the United States and other countries. The attacks involved three previously unseen pieces of malware tracked by FireEye as DOUBLEDRAG, DOUBLEDROP and DOUBLEBACK. DOUBLEDRAG is a downloader delivered in the first stage of the attack and which in some cases was replaced with a malicious Excel document that served as a downloader.
DOUBLEDRAG is designed to connect to a C&C server and fetch DOUBLEDROP, a memory-only dropper that deploys DOUBLEBACK, a backdoor that is apparently still under development
- 3. ATT&CK v9 Introduces Containers, Google Workspace
MITRE announced last week that the latest update to the popular ATT&CK framework introduces techniques related to containers and the Google Workspace platform. ATT&CK v9 includes another significant change that consolidates AWS, Azure, and Google Cloud Platforms into a single infrastructure-as-a-service (IaaS) platform.
- 4. Utah County’s Online Marriage System Takes Off During Pandemic
Digital marriage licenses. Zoom ceremonies. Everyday citizens becoming wedding officiants. Utah County, Utah's online marriage license system became a big hit after COVID-19 shut down most offices that issue marriage licenses.
- 5. Exclusive: Hackers Break Into Glovo, Europe’s $2 Billion Amazon Rival
A cyber crime group breached its systems and began selling access to compromised customer and courier accounts on Amazon rival Spanish delivery service Glovo, just one month after announcing it had taken in $1 billion in funding and has plans to go public in a few years.
- 6. Pulse Secure Patches Critical Zero-Day Flaw
Pulse Secure has released a patch addressing the critical authentication bypass vulnerability (CVE-2021-22893). Run the Pulse Secure Integrity Checker prior to patching.
- 7. U.S. government probes VPN hack within federal agencies, races to find clues
The U.S. government says it is investigating a recently discovered supply chain attack in which attackers leveraged vulnerabilities affecting the Pulse Secure VPN to target more than a dozen federal agencies.
- 8. ‘Tens of thousands’ of SIM cards hacked
Hackers are now claiming they have accessed "tens of thousands" of SIM cards following a cyber attack against telecommunications firm Schepisi Communications, which is self-described as a "platinum partner" of Melbourne-based Telstra that provides cloud storage and telephone numbers on behalf of Telstra.
- 9. First Horizon Bank Customers Have Account Funds Drained
Using obtained credentials and exploiting a vulnerability in third-party security software, the unauthorized party gained unauthorized access to under 200 online customer bank accounts, had access to personal information in those accounts, and fraudulently obtained an aggregate of less than $1 million from some of those accounts.
- 10. PoC exploit released for Microsoft Exchange bug dicovered by NSA
Technical documentation and proof-of-concept exploit (PoC) code is available for a high-severity vulnerability in Microsoft Exchange Server that could let attackers execute code on unpatched systems. Attackers can exploit CVE-2021-28482 if the are authenticated on an on-premises Exchange server instance not patched with Microsoft's April update. A python based PoC exploit has been released.
- 11. Contact Tracer Breach Hits the Keystone State
Pennsylvania DOH is accusing contact tracing company Insight Global, which was contracted to provide the state with "contact tracing and other services," of willfully disregarding security protocols and exposing PHI and PII belonging to some 72,000 people.
- 12. Stealthy RotaJakiro Backdoor Targeting Linux Systems
Chelle brought this to my attention. Previously undocumented piece of Linux malware dubbed "RotaJakiro" that functions as a backdoor and has gone undetected for at least three years have been spotted being used in attacks targeting Linux X64 systems.
- 13. New micro-op cache attacks break all Spectre defences
Researchers at the universities of Virginia and California in the United States have devised new Spectre-style hardware attacks that make it possible to steal data when processes retrieve commands from their micro-ops caches.
- 14. TurgenSec finds 345,000 files from Filipino solicitor-general’s office were breached
According to TurgenSec, the compromised documents include documents generated during daily operations, staff training, internal passwords and policies, staff payment information, information related to financial processes, and other activities such as audits.
- 15. Chinese APT Actors Attack Russian Defense In An Espionage Attack
Tthe "PortDoor" backdoor developed by Anonymous is likely being leveraged by Chinese APT actors in phishing attacks targeting Russian firm Rubin Design Bureau, which builds submarines for the Russian Navy Federation. RoyalRoad is used by attackers to create weaponized RTF document designed to exploit three vulnerabilities (CVE-2017-11882, CVE-2018-0798, and CVE-2018-0802) affecting Microsoft's Equation Editor.
- 16. CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws – SentinelLabs
Executive Summary SentinelLabs has discovered five high severity flaws in Dell’s firmware update driver impacting Dell desktops, laptops, notebooks and tablets. See also: https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability