IT Security Newsletter - 8/4/2021
Chinese Cyberspy Group APT31 Starts Targeting Russia
China-linked hacking group APT31 has been using new malware in recent attacks targeting Mongolia, Belarus, Canada, the United States, and - for the first time - Russia, according to enterprise cybersecurity firm Positive Technologies. Also tracked as Judgment Panda, Zirconium, and Red Keres, APT31 is believed to be working on behalf of the Chinese government, conducting cyberespionage campaigns against targets of interest to the country. READ MORE...
COVID-19 vaccine appointment system attacked in Italy
In another cyberattack on a healthcare system, threat-actors have tried to throw a wrench into the ongoing COVID-19 vaccine roll-out in the region of Lazio, Italy. The large and densely populated region is the country's second most populous and includes the country's capital, Rome. On Sunday the Facebook page of the region informed the public that hackers had disabled the systems of the regional health care agency. READ MORE...
Ransomware Volumes Hit Record Highs as 2021 Wears On
Ransomware has seen a significant uptick so far in 2021, with global attack volume increasing by 151 percent for the first six months of the year as compared with the year-ago half. Meanwhile, the FBI has warned that there are now 100 different strains circulating around the world. From a hard-number perspective, the ransomware scourge hit a staggering 304.7 million attempted attacks within SonicWall Capture Labs' telemetry. READ MORE...
Raccoon Stealer Bundles Malware, Propagates Via Google SEO
Criminals behind the Raccoon Stealer platform have updated their services to include tools for siphoning cryptocurrency from a target's computer and new remote access features for dropping malware and scooping up files. The stealer-as-a-service platform, whose customers are typically rookie hackers, offers turnkey services for pilfering browser-stored passwords and authentication cookies. READ MORE...
This Vultur app takes malicious to the next level
A Netherlands security research firm has uncovered a new Android dropper app, dubbed Vultur, that delivers legitimate functionality, then silently shifts into malicious mode when it detects banking and other financial activities. Vultur, found by ThreatFabric, is a keylogger that captures financial institution credentials by piggybacking on the current banking session and stealing funds right away - invisibly. And just in case the victim realizes what is happening, it locks down the screen. READ MORE...
Vulnerabilities in NicheStack TCP/IP Stack Affect Many OT Device Vendors
Researchers have identified more than a dozen vulnerabilities in the NicheStack TCP/IP stack, which appears to be used by many operational technology (OT) vendors. The vulnerabilities are collectively tracked as INFRA:HALT. The security holes, discovered by researchers from Forescout Research Labs and JFrog Security Research, can be exploited by an attacker for remote code execution, denial-of-service (DoS) attacks, information leaks, TCP spoofing, and DNS cache poisoning. READ MORE...
New Cobalt Strike bugs allow takedown of attackers' servers
Security researchers have discovered Cobalt Strike denial of service (DoS) vulnerabilities that allow blocking beacon command-and-control (C2) communication channels and new deployments. Cobalt Strike is a legitimate penetration testing tool designed to be used as an attack framework by red teams (groups of security professionals who act as attackers on their own organization's infrastructure to discover security gaps and vulnerabilities.) READ MORE...
- ...in 1914, President Woodrow Wilson and the U.S. declare neutrality in World War I.
- ...in 1953, President Dwight D. Eisenhower warns U.S. Governors that the U.S. could be drawn into a war in Vietnam.
- ...in 2007, NASA launches the Phoenix Mars probe to investigate the Martian surface for evidence of water and microbial life.
- ...in 2011, Paul McCartney performs a live concert at Great American Ball Park in Cincinnati, Ohio.