Software vendor Kaseya has been caught in the chaos of a supply-chain compromise by the REvil ransomware gang since Friday. Around 40 managed service providers (MSPs) that rely on Kaseya VSA software to administer customers' IT-and up to 1,500 of their customers-have been stricken with the ransomware. In response to the attack, Kaseya shutdown the SaaS version of VSA, and instructed users of its on-premises customers to do the same. READ MORE...
CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. CNA is considered the seventh-largest commercial insurance firm in the US based on stats from the Insurance Information Institute. The company provides an extensive array of insurance products, including cyber insurance policies, to individuals and businesses across the US, Canada, Europe, and Asia. READ MORE...
A suspected Chinese state-sponsored group is targeting telecommunications organizations in Taiwan, Nepal and the Philippines, researchers at Recorded Future's Insikt Group said in a report Thursday. Researchers noticed intrusions from the group, which investigators called TAG-22, in June targeting telecommunications organizations including the Industrial Technology Research Institute in Taiwan, Nepal Telecom and the Department of Information and Communications Technology in the Philippines. READ MORE...
A sophisticated campaign targeting large international companies in the oil and gas sector has been underway for more than a year, researchers said, spreading common remote access trojans (RATs) for cyber-espionage purposes. According to Intezer analysis, spear-phishing emails with malicious attachments are used to drop various RATs on infected machines, including Agent Tesla, AZORult, Formbook, Loki and Snake Keylogger. READ MORE...
There's been lots of excitement around the recently announced print spooler vulnerability CVE-2021-34527, commonly referred to as PrintNightmare. The excitement stems from the fact that this vulnerability has a CVSS score of 8.8, is present in ALL Windows operating systems, has been publicly disclosed with known exploits, and allows an attacker to easily execute remote code with system privileges. READ MORE...
Security researchers at AT&T Alien Labs report that a notorious hacking group has been targeting engineers working in the defence industry. In recent months there have been a series of reports of malicious emails that use the disguise of a job offer to target defence contractors in the United States and Europe. Attached to the emails are Word documents containing macros that plant malicious code onto a victim's computer, and make changes to the targeted computer's settings in an attempt to avoid detection. READ MORE...
Researchers have discovered multiple application programming interface (API) issues in Coursera, the online learning platform used by 82 million learners and hundreds of Fortune 500 companies. On Thursday, the Checkmarx Security Research Team published a report on its findings, which included user and account enumeration via the reset password feature, lack of resources limiting on both a GraphQL and REST API, a GraphQL misconfiguration, and more. READ MORE...