Four days ago, the REvil ransomware gang's leak site, known as the "Happy Blog," went offline. Cybersecurity experts wondered aloud what might have caused the infamous group to go dark once more. One theory was that it was an inside job pulled by the group's disaffected former leader. Another was that law enforcement had successfully hacked and dismantled the group. READ MORE...
Facebook last week filed a lawsuit against a Ukrainian national who allegedly scraped the information of 178 million of its users and then sold the obtained information on hacker forums. The defendant is Alexander Alexandrovich Solonchenko, whom Facebook says used the online monikers "Solomame" and "barak_obama" on the RaidForums hacker forum, where he allegedly sold illegally obtained information. READ MORE...
Nobelium, the advanced, persistent threat (APT) actor behind the 2020 SolarWinds supply chain attack that served as a springboard for breaching a variety of high-level targets, is targeting organizations via their various service providers. "Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain," says Tom Burt, Corporate VP, Customer Security & Trust, Microsoft. READ MORE...
The financially motivated cybercrime gang behind the Carbanak backdoor malware, FIN7, has hit upon a genius idea for maximizing profit from ransomware: Hire real pen-testers to do some of their dirty work instead of striking partnerships with other criminals. According to a report from Gemini Advisory, the group has set up a fake security company (called "Bastion Secure") and is looking to hire security pros under the guise of needing red-teaming expertise for its clients. READ MORE...
A phishing operation has cut and pasted components of at least five other phishing kits to create its own attack platform, sending out password-reset and fax-and-scanner notifications in significant campaigns earlier this year, according to researchers with the Microsoft 365 Defender Threat Intelligence Team. The TodayZoo kit, as Microsoft dubbed the framework, appears to extensively use code from several other phishing kits. READ MORE...
Security responders are scrambling this weekend to assess the damage from crypto-mining malware embedded in an npm package (JavaScript library) that counts close to 8 million downloads per week. The hack, which raised eyebrows because of the software supply chain implications, prompted a "critical severity" warning from GitHub that any computer with the embedded npm package "should be considered fully compromised." READ MORE...
A critical Discourse remote code execution (RCE) vulnerability tracked as CVE-2021-41163 was fixed via an urgent update by the developer on Friday. Discourse is an open-source forum, long-form chat, and mailing list management platform widely deployed on the web, offering excellent usability and integration potential while focusing heavily on social features. READ MORE...
Cisco SD-WAN implementations are vulnerable to a high-severity privilege-escalation vulnerability in the IOS IE operating system that could lead to arbitrary code execution. Cisco's SD-WAN portfolio allows businesses of all sizes to connect disparate office locations via the cloud using various networking technologies, including standard internet connections. READ MORE...