Parts of the Belgian Defense Ministry's computer networks have been down since Thursday after a cyber incident in which attackers exploited the Apache Log4j vulnerability, government officials said. "All weekend our teams have been mobilized to control the problem, continue our activities and warn our partners," spokesperson Olivier Séverin told news publication VRT. "The priority is to keep the network operational. We will continue to monitor the situation." READ MORE...
The United Kingdom's National Crime Agency and National Cyber Crime Unit have uncovered a colossal trove of stolen passwords. We know this because Troy Hunt, of Have I Been Pwned (HIBP) fame, yesterday announced the agency has handed them over to his service, which lets anyone conduct a secure search of stolen passwords to check if their credentials have been exposed. READ MORE...
A Russian national accused of hacking into U.S. company networks, stealing non-public information, and then trading stocks based on that information was extradited to the U.S., federal prosecutors announced Monday. Vladislav Kliushin, 41, along with four co-conspirators, allegedly hacked into two firms that help publicly traded companies prepare filings for public release, and used non-public information, such as earnings projections, to trade stocks ahead of the public release. READ MORE...
A building automation engineering firm experienced a nightmare scenario: It suddenly lost contact with hundreds of its building automation system (BAS) devices - light switches, motion detectors, shutter controllers, and others - after a rare cyberattack locked the company out of the BAS it had constructed for an office building client. The firm, located in Germany, discovered that three-quarters of the BAS devices in the office building system network had been locked down. READ MORE...
Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter. The Dridex malware is a banking trojan originally developed to steal online banking credentials from victims. However, over time, the malware has evolved to be a loader that downloads various modules that can be used to perform different malicious behavior. READ MORE...
The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain. The sophisticated Russia-based Conti group - which Palo Alto Networks has called "one of the most ruthless" of dozens of ransomware groups currently known to be active - was in the right place at the right time with the right tools when Log4Shell hit the scene 10 days ago. READ MORE...
Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains. The company released security updates to address the two security vulnerabilities (tracked as CVE-2021-42287 and CVE-2021-42278 and reported by Andrew Bartlett of Catalyst IT) during the November 2021 Patch Tuesday. READ MORE...
The Federal Bureau of Investigation (FBI) says a zero-day vulnerability in Zoho's ManageEngine Desktop Central has been under active exploitation by state-backed hacking groups (also known as APTs or advanced persistent threats) since at least October. "Since at least late October 2021, APT actors have been actively exploiting a zero-day, now identified as CVE-2021-44515, on ManageEngine Desktop Central servers," the FBI's Cyber Division said. READ MORE...