Many SolarWinds Customers Failed to Secure Systems Following Hack
Many companies still expose SolarWinds Orion to the internet and have failed to take action following the disclosure of the massive SolarWinds breach, according to RiskRecon, a Mastercard company that specializes in risk assessment. Threat actors believed to be backed by Russia breached Texas-based IT management firm SolarWinds and used that access to deliver a piece of malware named Sunburst to roughly 18,000 customers who had been using the company's Orion monitoring product. READ MORE...
France blames Sandworm, a notorious Russian group, for breach that leveraged IT provider
A notorious group of hackers known as Sandworm breached multiple French IT firms and web hosting companies as part of an apparent espionage operation dating back to 2017, France's national cybersecurity agency said on Monday. France's Agence nationale de la sécurité des systèmes d'information (ANSSI) issued a report detailing how attackers exploited an IT resource monitoring tool called Centreon, built by a company of the same name, to infiltrate other organizations. READ MORE...
Cyberattack on Dutch Research Council (NWO) suspends research grants
Servers belonging to the Dutch Research Council (NWO) have been compromised, forcing the organization to make its network unavailable and suspend subsidy allocation for the foreseeable future. The NWO is tasked with investing in research and research infrastructure to increase quality and innovation in science. For this purpose, it is a significant entity in the Netherlands that makes annual investments of close to one billion euros. READ MORE...
DDoS attack takes down EXMO cryptocurrency exchange servers
The servers of British cryptocurrency exchange EXMO were taken offline temporarily after being targeted in a distributed denial-of-service (DDoS) attack. "We are currently experiencing a DDoS attack on our platform," the exchange said in a notification published earlier today. "Please note that the EXMO exchange website is now under the DDoS attack. The servers are temporarily unavailable." In a separate alert issued through the company's official Twitter account. READ MORE...
Unpatched Android App with 1 Billion Downloads Threatens Spying, Malware
Attackers can exploit SHAREit permissions to execute malicious code through vulnerabilities that remain unpatched three months after app makers were informed. An Android app that's been downloaded more than 1 billion times is riddled with flaws that can let attackers hijack app features or overwrite existing files to execute malicious code, or launch man-in-the-disk (MiTD) attacks on people's devices, researchers discovered. READ MORE...
Top 10 most used MITRE ATT&CK tactics and techniques
Which tactics and techniques are cyber attackers favoring? vFeed has compiled a list of the Top 10 Most Used MITRE ATT&CK Tactics and Techniques to help security teams focus their defenses more effectively. MITRE ATT&CK helps understand attacker behavior. The MITRE ATT&CK framework is a well known and widely used knowledge base of cyber adversary tactics, techniques and procedures, and is based on observations on real-world attacks. READ MORE...
Several Vulnerabilities Found in Popular File Sharing App SHAREit
Researchers have discovered several vulnerabilities in the SHAREit Android application, including flaws that could expose sensitive user data and allow remote code execution. SHAREit, originally made by Chinese tech giant Lenovo, is a popular cross-platform file sharing app currently developed by Smart Media4U Technology. The company was initially based in Beijing, China, but recently moved its commercial headquarters to Singapore. READ MORE...
Malvertisers exploited browser zero-day to redirect users to scams
The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams. During their campaigns over the past three months, the number of malicious ad impressions served in a day recorded spikes as high as 16 million. ScamClub malvertisers are notorious for their noisy tactics that consist of flooding the ad ecosystem with malicious ads hoping that a smaller percentage goes through. READ MORE...
- ...in 1937, Dupont chemist Wallace Carothers receives a US patent for his recently invented polymer: Nylon.
- ...in 1957, actor and "Reading Rainbow" host LeVar Burton ("Star Trek: The Next Generation", "Roots") is born in Landstuhl, West Germany.
- ...in 1968, the first 9-1-1 emergency telephone system goes into service in Haleyville, AL.
- ...in 1989, actress Elizabeth Olsen ("WandaVision", "Martha Marcy May Marlene") is born in Los Angeles, CA.
