Email security firm Mimecast on Tuesday confirmed that the hackers behind the SolarWinds espionage campaign compromised a software certificate the firm uses to secure connections to Microsoft cloud services. The revelation underscores how deeply embedded the suspected Russian hackers have been in major technology companies as part of a campaign that has also breached multiple U.S. federal agencies. READ MORE...
It's starting to look like the ransomware industry is developing its own version of the 1%, where a small number of players enjoy most of the wealth. Cybercrime investigators have suggested the spiraling trend of increasingly large ransomware cash demands and attack frequency is not the work of a large number of criminals, but instead the result of a specialized black market economy in which hackers will different skill-sets collaborate on a breach, then split the proceeds. READ MORE...
Intel disclosed on Thursday that unknown threat actors stole an infographic containing info on the company's fourth-quarter and full-year 2020 financial results. The data was part of Intel's yet unpublished quarterly earnings the company was planning to publish and file with the U.S. Securities and Exchange Commission after the stock market closed on Thursday. However, after discovering the incident and finding that the stolen info was being shared outside the company. READ MORE...
Massive pan-Asian retail chain operator Dairy Farm Group was attacked this month by the REvil ransomware operation. The attackers claim to have demanded a $30 million ransom. The Dairy Farm Group operates over 10,000 outlets and has 230,000 employees throughout Asia. In 2019, the Dairy Farm Group's total annual sales exceeded $27 billion. The group operates numerous grocery, convenience store, health and beauty, home furnishing, and restaurant brands in Asian markets. READ MORE...
An unmonitored account belonging to a deceased employee allowed Nefilim to exfiltrate data and infiltrate systems for a month, without being noticed. A Nefilim ransomware attack that locked up more than 100 systems stemmed from the compromise of an unmonitored account belonging to an employee who had died three months previously, researchers said. Nefilim (a.k.a. Nemty) is a ransomware strain that emerged in 2020, with its operators adopting the tactic that researchers call double extortion. READ MORE...
Mozilla this week announced further improvements to user privacy in Firefox, through the isolation of network connections and caches, thus essentially cracking down on supercookies. Used instead of ordinary cookies, supercookies collect information about users' Internet browsing habits, are difficult to detect and block, and are often abused to follow users around the web. Trackers may store supercookies in Flash storage, ETags, and HSTS flags, to make them difficult to remove. READ MORE...
The infrastructure of today's most dangerous botnet built by cybercriminals using the Emotet malware was taken down following an international coordinated action coordinated by Europol and Eurojust. The joint effort between law enforcement agencies and authorities from Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine allowed investigators to take control of the botnet's servers and disrupt the malware's operation. READ MORE...
Incident is another reminder of how vulnerable OT environments are to attack, security experts say. Operations at $17 billion packaging firm WestRock were disrupted Saturday by a ransomware attack that impacted both its IT and operational technology (OT) networks. The attack has already caused, and will likely continue to cause, delays in some parts of the company's business, WestRock announced on Monday, without offering any details regarding the nature of the attack or the disruptions. READ MORE...
Many, if not most, organisations will tell you that they have processes and procedures that they follow when employees leave. In particular, most companies have a slick and quick procedure for removing ex-staff from the payroll. Firstly, it doesn't make economic sense to pay someone who is no longer entitled to the money, secondly, many countries require employers to withold payroll taxes automatically, to pay those taxes in promptly, and to account for them accurately. READ MORE...
Trend Micro's Zero Day Initiative (ZDI) on Tuesday announced the targets, prizes and rules for the Pwn2Own Vancouver 2021 hacking competition, a hybrid event scheduled to take place on April 6-8. Pwn2Own Vancouver typically takes place during the CanSecWest conference in Vancouver, Canada, but due to the coronavirus pandemic, this year's event will be hybrid - participants can submit their exploits remotely and ZDI staff in Toronto (Canada) and Austin (Texas) will run the exploits. READ MORE...
A vulnerability (CVE-2021-3156) in sudo, a powerful and near-ubiquitous open-source utility used on major Linux and Unix-like operating systems, could allow any unprivileged local user to gain root privileges on a vulnerable host (without authentication). "This vulnerability is perhaps the most significant sudo vulnerability in recent memory (both in terms of scope and impact) and has been hiding in plain sight for nearly 10 years," said Mehul Revankar. READ MORE...