A US managed service provider NetStandard suffered a cyberattack causing the company to shut down its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint, and CRM services. According to an email sent to MyAppsAnywhere customers shared on Reddit, the company detected signs of a cyberattack on Tuesday morning and quickly shut down cloud services to prevent the attack's spread. READ MORE...
Apple's internet traffic took an unwelcome detour through Russian networking equipment for about twelve hours between July 26 and July 27. In a write-up for MANRS (Mutually Agreed Norms for Routing Security), a public interest group that looks after internet routing, Internet Society senior internet technology manager Aftab Siddiqui said that Russia's Rostelecom started announcing routes for part of Apple's network on Tuesday, a practice referred to as BGP (Border Gateway Protocol) hijacking. READ MORE...
Samba is a widely-used open source toolkit that not only makes it easy for Linux and Unix computers to talk to Windows networks, but also lets you host a Windows-style Active Directory domain without Windows servers at all. The name, in case you've ever wondered, is a happy-sounding and easy-to-say derivation from SMB, short for Server Message Block, a proprietary file-sharing protocol that goes way back to the early 1980s. READ MORE...
Security researchers with NCC Group have documented 11 vulnerabilities impacting Nuki smart lock products, including issues that could allow attackers to open doors. Nuki offers smart lock products - Nuki Smart Lock and Nuki Bridge - that allow users to unlock their doors with their smartphones by simply walking in range. The vulnerabilities identified by NCC Group in the latest versions of the products could allow attackers to intercept a Nuki product's network traffic, etc. READ MORE...
A cyber-weapons broker dubbed Knotweed has been outed, with Microsoft flagging it as being behind numerous spyware attacks on law firms, banks, and strategic consultancies in countries around the world. To boot, Knotweed has made a habit of incorporating rafts of Windows and Adobe zero-day exploits into its spyware since at least 2021, according to Microsoft. Knotweed falls into a murky category of so-called "private sector offensive actors" that hawk their wares to unscrupulous governments and business interests. READ MORE...
Google and internet rights groups have called on Congress to weigh in on spyware, asking for sanctions and increased enforcement against so-called legit surveillanceware makers. During an open House Intelligence Committee hearing on Wednesday, US lawmakers heard testimony from Citizen Lab senior researcher John Scott-Railton, Shane Huntley, who leads Google's Threat Analysis Group, and Carine Kanimba, whose father was the inspiration for Hotel Rwanda and who was, herself, targeted by Pegasus spyware. READ MORE...
Microsoft said on Wednesday that an Austria-based company named DSIRF used multiple Windows and Adobe Reader zero-days to hack organizations located in Europe and Central America. Multiple news outlets have published articles like this one, which cited marketing materials and other evidence linking DSIRF to Subzero, a malicious toolset for "automated exfiltration of sensitive/private data" and "tailored access operations [including] identification, tracking and infiltration of threats." READ MORE...
Microsoft has linked a threat group known as Knotweed to an Austrian spyware vendor also operating as a cyber mercenary outfit named DSIRF that targets European and Central American entities using a malware toolset dubbed Subzero. On its website, DSIRF promotes itself as a company that provides information research, forensics, and data-driven intelligence services to corporations. However, it has been linked to the development of the Subzero malware that its customers can use to hack targets' machines. READ MORE...
Two potentially serious vulnerabilities that could allow threat actors to cause significant disruption have been found in a widely used industrial connectivity device made by Moxa. The Taiwan-based industrial networking and automation solutions provider has addressed the flaws. The two security holes, tracked as CVE-2022-2043 and CVE-2022-2044 and rated 'high severity', affect Moxa's NPort 5110 device servers, which are designed for connecting serial devices to Ethernet networks. READ MORE...