Month: July 2021

Cybersecurity Daily News for July 31, 2021

Albertan’s personal info exposed in two separate data breaches; Illinois AG office hit with ransomware; and Infected Python software available via PyPI downloaded over 30,000 times.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Headlines

Discord once again found to be hosting malware payloads – techradar.com

Albertans’ personal information exposed after national health-care provider hacked, data put up for sale – edmontonjournal.com

Software downloaded 30,000 times from PyPI ransacked developers’ machines – arstechnica.com

Researchers highlight Windows laptop TPM vulnerabilities – windowscentral.com

Experts Uncover Several C&C Servers Linked to WellMess Malware – thehackernews.com
JPCert/CC Eyes – TTPs

Amazon hit with $886m fine for alleged data law breach – bbc.com

Calgarians’ personal data exposed in parking authority security breach – calgaryherald.com

New bank-fraud malware called Vultur infects thousands of devices – arstechnica.com

Illinois Attorney General’s Office becomes victim of ransomware attack – mystateline.com

Thousands of patients exposed after phishing attack on Iowa hospital – beckershospitalreview.com

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Cybersecurity Daily News for July 29, 2021

OsCorp Android malware turns from credential stealer into botnet; New ransomware group, Haron, borrows from Avaddon and Thanos groups; and Death Kitty ransomware linked to South African Ports attack.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Headlines

Indonesia’s BRI Life probes reported data leak of two mln users – reuters.com

New Haron ransomware gang emerges, borrows from Avaddon and Thanos – therecord.media

Studies show cybersecurity skills gap is widening as the cost of breaches rises – venturebeat.com

UBEL is the New Oscorp — Android Credential Stealing Malware Active in the Wild – bleepingcomputer.com

Chinese Hackers Implant PlugX Variant on Compromised MS Exchange Servers – thehackernews.com
THOR/PLUG IOCs

UCSD Health Announces Data Breach Of Employee Email Accounts – patch.com

Russian Ransomware Group Suffers Big Blow – infopackets.com

Transnet hit with Death Kitty ransomware – mybroadband.co.za

Ransomware linked to Transnet cyberattack – biznews.com

‘Death Kitty’ Ransomware Linked to Attack on South African Ports – finance.yahoo.com

McAfee: Babuk ransomware decryptor causes encryption ‘beyond repair’ – msn.com

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Cyber Threat Intelligence from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Cybersecurity Daily News for July 28, 2021

Personal data of students, clients, and employees exposed as UC San Diego discloses data breach; Cost of a data breach in Canada reaches $5.4 million USD per incident; Apple fixes CVE-2021-30807

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Headlines

‘Praying Mantis’ threat actor targeting Windows internet-facing servers with malware – zdnet.com

New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email – thehackernews.com
CVE-2021-35208Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23
CVE-2021-35209Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16

UC San Diego Health discloses data breach after phishing attack – bleepingcomputer.com

Indonesia’s BRI Life probes reported data leak of two mln users – reuters.com

Apple fixes CVE-2021-30807 flaw, the 13th zero-day this year – securityaffairs.co
CVE-2021-30807reserved

D-BOX Recovering From Ransomware Attack, But 1Q Financial Results Deferred – marketwatch.com

How much does a data breach cost? Cost of a Data Breach 2021 Report by IBM – ibm.com

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Cybersecurity Daily News for July 26, 2021

Malware being distributed via fake Windows 11 installers; LemonDuck and LemonCat Monero miner targeting and Windows and MacOS; and Microsoft details PetitPotam NTLM relay attack.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Headlines

New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains – thehackernews.com
Microsoft shares mitigations for new PetitPotam NTLM relay attack – bleepingcomputer.com
Malware Is Being Distributed Via Fake Windows 11 Installers – pcmag.com
Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems – thehackernews.com
Microsoft Details LemonDuck and LemonCat Monero-Mining Malware – tomshardware.com
How Deepfakes Are Powering a New Type of Cyber Crime – cloudsavvyit.com
XCSSET MacOS malware targets Telegram, Google Chrome data and more – securityaffairs.co

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Cybersecurity Daily News for July 25, 2021

Kaseya asking clients to sign NDA before given decryption keys; Guntrader urges UK gun owners to be vigilant after data breach; and cyber attacks disrupt South African shipping port.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Headlines


Kaseya Is Making Its Customers Sign Non-Disclosure Agreements to Obtain Ransomware Decryption Key – gizmodo.com
Health insurance provider for UVic international students suffers security breach – martlet.ca
UK gun owners urged to be ‘vigilant’ after Guntrader data breach – itpro.co.uk
Cyber Attack Disrupts Container Operations at Major South African Port – insurancejournal.com

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Cybersecurity Daily News for July 24, 2021

Florida’s Department of Economic opportunity exposes more than 57,000 records in data breach of unemployment data; Data of participants and volunteers of the 2020 Tokyo Olympics exposed in data breach; and security researchers identify multiple encryption flaws in Telegram messaging service.

Headlines


The FBI Is Locating Cars By Spying On Their WiFi – forbes.com
Possible ‘white hat hacker’ exploits THORChain for $8M, proposes 10% bounty – cointelegraph.com
Emma Willard School hit by ransomware attack – timesunion.com
More than 57,000 unemployment accounts targeted in DEO data breach – msn.com
UPMC Finalizes $2.65 Million Settlement For 2014 Employee Data Breach – news.yahoo.com
Your Information May Have Been Compromised in Yale New Haven Health’s Data Breach – msn.com
Mobile County Commission notifies employees of data breach – wkrg.com
Tokyo 2020 reportedly suffers ticket-related data breach – insidethegames.biz
Multiple encryption flaws uncovered in Telegram messaging protocol – portswigger.net

What You Should Know

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Cybersecurity Daily News for July 23, 2021

Kaseya obtains decryptor from a ‘trusted third-party’ and begins recovery of customer data; Energy Department and National Nuclear Security Admin find evidence of threat actors on Department of Energy networks; Atlassian advising is customers to upgrade Jira Data Center products due to remote code executable vulnerability.

Trending Headlines

Kaseya obtains REvil decryptor, starts customer data recovery operations – therecord.media
Hackers reportedly demand $50m from Saudi Aramco over data leak – bbc.com
An Explosive Spyware Report Shows the Limits of iOS Security – wired.com
Chinese state hackers breached over a dozen US pipeline operators – bleepingcomputer.com
Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world – zdnet.com
Nuclear weapons agency breached amid massive cyber onslaught – politico.com
APT Hackers Distributed Android Trojan via Syrian e-Government Portal – thehackernews.com
Critical Jira Flaw in Atlassian Could Lead to RCE – threatpost.com
CISA warns of stealthy malware found on hacked Pulse Secure devices – bleepingcomputer.com

What You Should Know

CVE-2020-36239
CVE-2019-11510 – Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4
CVE-2018-13379 – Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7.
CVE-2019-1579 – PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier.
CVE-2019-19781 – Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0.
CVE-2020-8260 – Pulse Connect Secure < 9.1R9.
CVE-2020-8243 – Pulse Connect Secure < 9.1R8.2

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Cybersecurity Daily News for July 22, 2021

Trending Headlines

HiveNightmare zero-day lets anyone be SYSTEM on Windows 10 and 11

What You Should Know: CVE-2021-36934 is a remote code execution vulnerability for Windows 10 and 11 that exists due to overly permissive ACLs on multiple system files, including the Security Accounts Manager (SAM) database. Restricting access to \system32\config\* is recommend by Microsoft, as well as deleting any restore points or shadows copies that existed prior to restricting access to the above folder. Deleting shadow copies may trigger unintended events in your SIEM.

CVE-2021-36934 – msrc.microsoft.com

Home and office routers come under attack by China state hackers, France warns

What You Should Know: APT31 has been identified by France officials as targeting home and business routers for the purpose of using them to further obfuscate their activities. CERT-FR has provided and updated list of IOCs available in both CSV and JSON format.

CERTFR-2021-IOC-003 CSV Format
CERTFR-2021-IOC-003 JSON Format

Joker malware returns to target millions more Android devices

What You Should Know: Joker malware has been causing trouble for Android users for the last several years and is once again finding its way into apps on the official Google Play store. Joker is alleged to steal SMS messages, contacts, device information, and any other data in which attackers can use to continue to proliferate their malware attacks.

Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909)

What You Should Know: The Qualys Research Team has identified a privilege escalation vulnerability in the Linux filesystem layer that could allow a threat actor to gain root privileges. A proof-of-concept has already been developed and tested on Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation.

CVE-2021-33909
CVE-2021-33910

Hackers co-opt Microsoft’s anti-phishing feature for phishing attacks

What You Should Know: Threat actors are using customized login pages for Microsoft 365 to trick users. Using publicly available tools, threat actors are convincingly able to replicate Microsoft 365’s login page which can trick unsuspecting users into logging in to phishing sites. Users should be given standard login URLs and should not deviate from normal account security standards.

Hundreds of millions of HP, Xerox, and Samsung printers vulnerable to new bug

What You Should Know: Code in a printer driver that has existed since 2005 is now being used to compromise hundreds of printers from HP, Xerox, and Samsung printers. CVE-2021-3438 is described as a buffer overflow bug with “SSPORT.SYS” that could allow an attacker to run malicious code as an elevated ADMIN-level user.

CVE-2021-3438

Several New Critical Flaws Affect CODESYS Industrial Automation Software

What You Should Know: Multiple vulnerabilities have been found in automation software, CODYSYS. A total of 7 vulnerabilities were reported ranging from CVSS scores of 7.5 to 10.0 and are listed below. The vulnerabilities found could results in a denial-of-service attack, or allow the privilege escalation execution of malicious Javascript.

CVE-2021-29238
CVE-2021-29240
CVE-2021-29241
CVE-2021-34569
CVE-2021-34566
CVE-2021-34567
CVE-2021-34568

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Cybersecurity Daily News for July 21, 2021

Trending Headlines

XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems

Popular Windows malware, XLoader, has been modified to target MacOS systems, according to a recent report by Checkpoint. XLoader is the successor to Formbook and is known to steal credentials, collect screenshots, log keystrokes and even download files. XLoader is known for it’s Malware-as-a-service (MaaS) model that allows for less sophisticated threat actors to use it successfully.

US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach

Law firm, Campbell Conroy & O’Neil, informs it’s clients of data breach 5 months after it was exposed in the wide-ranging attack on IT firm, Kaseya. Information includes names, phone numbers, driver’s licenses, and even SSNs. The organisation has not determined what data, or who’s data was accessed.

Saudi Aramco ‘Data Breach’ not a ransomware attack: ZeroX group used 0Day exploit on third-party servers to grab 1TB data now available on Dark Web

Saudi Aramco claims that recent data breach was not due to a ransomware attack, but instead scraped from a third-party contractor. APT group ZeroX has taken responsibility and claimed that they gained access the company’s networks and servers.

Over 68K Advocate Aurora Patients Impacted by Elekta Health Data Breach

Advocate Aurora Health, a healthcare organisation that provides access to physicians and medical professionals, has notified over 68,000 patients in Illinois of possible data exposure arising from the Elektra health data breach. Over 170 healthcare organisations were impacted by the April, 2021 attacks targeting Elektra.

Update now: TIBCO Data Virtualization software vulnerable to RCE via third-party flaws, claims researcher

Flaws in olders versions of BlazeDS and Java BeanShell libraries have allowed security researcher, Pedro Ribeiro, to find a remote code execution (RCE) on versions 8.3 and 8.4 of the TIBCO Data Visualization software. Pedro provides an excellent write-up over on Github.

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up

Cybersecurity Daily News for July 20, 2021

The latest headlines brought to you Tuesday, Jul 20th, 2021, include; Oil giant, Saudi Aramco, hit by 1TB data breach; IT provider Cloudstar downed by ransomware attack; and numerous nations finally speaking out about China’s cyber activities.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Trending Headlines

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by


Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Daily Intelligence Email Sign-up