cyber attack news

Kaseya asking clients to sign NDA before given decryption keys; Guntrader urges UK gun owners to be vigilant after data breach; and cyber attacks disrupt South African shipping port.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Headlines

Kaseya Is Making Its Customers Sign Non-Disclosure Agreements to Obtain Ransomware Decryption Key – gizmodo.com
Health insurance provider for UVic international students suffers security breach – martlet.ca
UK gun owners urged to be ‘vigilant’ after Guntrader data breach – itpro.co.uk
Cyber Attack Disrupts Container Operations at Major South African Port – insurancejournal.com

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by

---

Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Florida’s Department of Economic opportunity exposes more than 57,000 records in data breach of unemployment data; Data of participants and volunteers of the 2020 Tokyo Olympics exposed in data breach; and security researchers identify multiple encryption flaws in Telegram messaging service.

Headlines

The FBI Is Locating Cars By Spying On Their WiFi – forbes.com
Possible ‘white hat hacker’ exploits THORChain for $8M, proposes 10% bounty – cointelegraph.com
Emma Willard School hit by ransomware attack – timesunion.com
More than 57,000 unemployment accounts targeted in DEO data breach – msn.com
UPMC Finalizes $2.65 Million Settlement For 2014 Employee Data Breach – news.yahoo.com
Your Information May Have Been Compromised in Yale New Haven Health’s Data Breach – msn.com
Mobile County Commission notifies employees of data breach – wkrg.com
Tokyo 2020 reportedly suffers ticket-related data breach – insidethegames.biz
Multiple encryption flaws uncovered in Telegram messaging protocol – portswigger.net

What You Should Know

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Brought to you by

---

Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Kaseya obtains decryptor from a ‘trusted third-party’ and begins recovery of customer data; Energy Department and National Nuclear Security Admin find evidence of threat actors on Department of Energy networks; Atlassian advising is customers to upgrade Jira Data Center products due to remote code executable vulnerability.

Trending Headlines

Kaseya obtains REvil decryptor, starts customer data recovery operations – therecord.media
Hackers reportedly demand $50m from Saudi Aramco over data leak – bbc.com
An Explosive Spyware Report Shows the Limits of iOS Security – wired.com
Chinese state hackers breached over a dozen US pipeline operators – bleepingcomputer.com
Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world – zdnet.com
Nuclear weapons agency breached amid massive cyber onslaught – politico.com
APT Hackers Distributed Android Trojan via Syrian e-Government Portal – thehackernews.com
Critical Jira Flaw in Atlassian Could Lead to RCE – threatpost.com
CISA warns of stealthy malware found on hacked Pulse Secure devices – bleepingcomputer.com

What You Should Know

CVE-2020-36239
CVE-2019-11510 – Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4
CVE-2018-13379 – Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7.
CVE-2019-1579 – PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier.
CVE-2019-19781 – Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0.
CVE-2020-8260 – Pulse Connect Secure < 9.1R9.
CVE-2020-8243 – Pulse Connect Secure < 9.1R8.2

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Brought to you by

---

Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Trending Headlines

HiveNightmare zero-day lets anyone be SYSTEM on Windows 10 and 11

What You Should Know: CVE-2021-36934 is a remote code execution vulnerability for Windows 10 and 11 that exists due to overly permissive ACLs on multiple system files, including the Security Accounts Manager (SAM) database. Restricting access to \system32\config\* is recommend by Microsoft, as well as deleting any restore points or shadows copies that existed prior to restricting access to the above folder. Deleting shadow copies may trigger unintended events in your SIEM.

CVE-2021-36934 – msrc.microsoft.com

Home and office routers come under attack by China state hackers, France warns

What You Should Know: APT31 has been identified by France officials as targeting home and business routers for the purpose of using them to further obfuscate their activities. CERT-FR has provided and updated list of IOCs available in both CSV and JSON format.

CERTFR-2021-IOC-003 CSV Format
CERTFR-2021-IOC-003 JSON Format

Joker malware returns to target millions more Android devices

What You Should Know: Joker malware has been causing trouble for Android users for the last several years and is once again finding its way into apps on the official Google Play store. Joker is alleged to steal SMS messages, contacts, device information, and any other data in which attackers can use to continue to proliferate their malware attacks.

Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909)

What You Should Know: The Qualys Research Team has identified a privilege escalation vulnerability in the Linux filesystem layer that could allow a threat actor to gain root privileges. A proof-of-concept has already been developed and tested on Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation.

CVE-2021-33909
CVE-2021-33910

Hackers co-opt Microsoft’s anti-phishing feature for phishing attacks

What You Should Know: Threat actors are using customized login pages for Microsoft 365 to trick users. Using publicly available tools, threat actors are convincingly able to replicate Microsoft 365’s login page which can trick unsuspecting users into logging in to phishing sites. Users should be given standard login URLs and should not deviate from normal account security standards.

Hundreds of millions of HP, Xerox, and Samsung printers vulnerable to new bug

What You Should Know: Code in a printer driver that has existed since 2005 is now being used to compromise hundreds of printers from HP, Xerox, and Samsung printers. CVE-2021-3438 is described as a buffer overflow bug with “SSPORT.SYS” that could allow an attacker to run malicious code as an elevated ADMIN-level user.

CVE-2021-3438

Several New Critical Flaws Affect CODESYS Industrial Automation Software

What You Should Know: Multiple vulnerabilities have been found in automation software, CODYSYS. A total of 7 vulnerabilities were reported ranging from CVSS scores of 7.5 to 10.0 and are listed below. The vulnerabilities found could results in a denial-of-service attack, or allow the privilege escalation execution of malicious Javascript.

CVE-2021-29238
CVE-2021-29240
CVE-2021-29241
CVE-2021-34569
CVE-2021-34566
CVE-2021-34567
CVE-2021-34568

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Brought to you by

---

Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

Trending Headlines

XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems

Popular Windows malware, XLoader, has been modified to target MacOS systems, according to a recent report by Checkpoint. XLoader is the successor to Formbook and is known to steal credentials, collect screenshots, log keystrokes and even download files. XLoader is known for it’s Malware-as-a-service (MaaS) model that allows for less sophisticated threat actors to use it successfully.

US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach

Law firm, Campbell Conroy & O’Neil, informs it’s clients of data breach 5 months after it was exposed in the wide-ranging attack on IT firm, Kaseya. Information includes names, phone numbers, driver’s licenses, and even SSNs. The organisation has not determined what data, or who’s data was accessed.

Saudi Aramco ‘Data Breach’ not a ransomware attack: ZeroX group used 0Day exploit on third-party servers to grab 1TB data now available on Dark Web

Saudi Aramco claims that recent data breach was not due to a ransomware attack, but instead scraped from a third-party contractor. APT group ZeroX has taken responsibility and claimed that they gained access the company’s networks and servers.

Over 68K Advocate Aurora Patients Impacted by Elekta Health Data Breach

Advocate Aurora Health, a healthcare organisation that provides access to physicians and medical professionals, has notified over 68,000 patients in Illinois of possible data exposure arising from the Elektra health data breach. Over 170 healthcare organisations were impacted by the April, 2021 attacks targeting Elektra.

Update now: TIBCO Data Virtualization software vulnerable to RCE via third-party flaws, claims researcher

Flaws in olders versions of BlazeDS and Java BeanShell libraries have allowed security researcher, Pedro Ribeiro, to find a remote code execution (RCE) on versions 8.3 and 8.4 of the TIBCO Data Visualization software. Pedro provides an excellent write-up over on Github.

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Brought to you by

---

Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

The latest headlines brought to you Tuesday, Jul 20th, 2021, include; Oil giant, Saudi Aramco, hit by 1TB data breach; IT provider Cloudstar downed by ransomware attack; and numerous nations finally speaking out about China’s cyber activities.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Trending Headlines

• Italian hosting firm Aruba.it defends data breach notification delay – portswigger.net
• U.S. accuses China of abetting ransomware attack – nbcnews.com
• Fortinet fixes bug letting unauthenticated hackers run code as root – bleepingcomputer.com
• Saudi Aramco hit by 1TB data breach – techradar.com
• Cloudstar – IT provider for real estate, finance, insurance worlds – downed by ransomware – theregister.com
• Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections – threatpost.com
• Researchers Warn of Linux Cryptojacking Attackers Operating from Romania – thehackernews.com
• US indicts members of Chinese-backed hacking group APT40 – bleepingcomputer.com
• New MosaicLoader malware targets software pirates via online ads – bleepingcomputer.com
• Over 300 phone numbers of ministers, journalists, activists, businessmen from India could have been hacked: Report – ciso.economictimes.indiatimes.com
• Optex Systems Holdings Inc. reports ransomware attack – marketscreener.com
• Hundreds of touchscreen ticket machines are offline after a ransomware attack – zdnet.com
• Norway says cyber attack on parliament carried out from China – nationalpost.com
• Healthcare Data Breach in IL Exposes COVID-19 Vaccination Status – healthitsecurity.com
• Jefferson Health cancer patients affected by Elekta data breach – phillyvoice.com

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by

---

Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

The latest headlines brought to you Monday, July 19th, 2021, include; Fortune 500 U.S. law-firm exposes client information during February data breach; Israeli created spyware, Pegasus; Morgan Stanley identifies root cause of data breach, Accellion FTA hack.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Trending Headlines

• Toddler mobile banking malware surges across Europe – zdnet.com
• Ransomware hits law firm counseling Fortune 500, Global 500 companies – bleepingcomputer.com
• Campbell Data Breach Leads to Private Information Exposure – heimdalsecurity.com
• Comparis customers targeted by scammers after ransomware attack – bleepingcomputer.com
• Morgan Stanley discloses data breach that resulted from Accellion FTA hacks – arstechnica.com
• Beware of This Phishing Attack Disguised as Google Docs – thecybersecurityplace.com
• Pegasus: What is the Israeli spyware and how can you tell if it’s on your phone? – finance.yahoo.com
• Massena school servers back to normal after cyber attack – nny360.com
• Email security firm Mimecast says hackers hijacked its products to spy on customers – ciso.economictimes.indiatimes.com

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by

---

Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

The latest headlines brought to you Sunday, July 18th, 2021, include; Ecuador’s state run telco suffers ransomware attack; HelloKitty ransomware targeting ESXi and SonicWall devices; and more than 75k customers were affected during CNA ransomware attack, new information finds.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Trending Headlines

• Security researchers fool Microsoft’s Windows Hello authentication system – engadget.com
• Critical Juniper Bug Allows DoS, RCE Against Carrier Networks – threatpost.com
• Linux Variant of HelloKitty Ransomware Targets VMware ESXi Server – threatpost.com
• HelloKitty ransomware is targeting vulnerable SonicWall devices – bleepingcomputer.com
• Ecuador’s state-run CNT telco hit by RansomEXX ransomware – bleepingcomputer.com
• 75,000+ Customers Affected in CNA Ransomware Attack – securityboulevard.com
• Ransomware attack at Comparis resulted in data breach – swissinfo.ch

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by

---

Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

The latest headlines brought to you Friday, July 16th, 2021, include; CISA orders government agencies disable Microsoft Print Spooler in response to ‘PrintNightmare’; Hackney, London still struggling with recovery months after ransomware attack; and Russian defence ministry website taken down by DDOS attack.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Trending Headlines

• ‘Charming Kitten’ APT Siphons Intel From Mid-East Scholars – threatpost.com
• CISA orders agencies to disable Microsoft Print Spooler in response to ‘PrintNightmare’ flaw – cyberscoop.com
• Google details recent malware campaigns amid uptick in zero-day attacks – zdnet.com
• Safari Zero-Day Used in Malicious LinkedIn Campaign – threatpost.com
• London Borough of Hackney Struggles With Recovery Months After Ransomware Attack – wsj.com
• Salt Security Report Highlights Prevalence of API Vulnerabilities – securityboulevard.com
• Phishing continues to be one of the easiest paths for ransomware – zdnet.com
• SpearTip Finds New Diavol Ransomware Does Steal Data – securityaffairs.co
• Nottingham City Transport: Bus operator hit by cyber-attack – bbc.com
• Russian defence ministry site taken down by cyberattack – deccanherald.com

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by

---

Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.

The latest headlines brought to you Thursday, July 15th, 2021, include; Joker mobile trojan back on Google Play; Google identifies three different 0-days being used against Armenian targets; and A South Carolina dermatology clinic hit with ‘Cuba’ ransomware, 2.4 million users affected.

#cybersecuritynews #infosecnews #ransomware #databreach #cyberattack

Trending Headlines

• Updated Joker Malware Floods into Android Apps – threatpost.com
• Report sheds light on ‘cocky’ but ‘creative’ Mespinoza ransomware group – theregister.com
• Google: Three recent zero-days have been used against Armenian targets – therecord.media
• SonicWall releases urgent notice about ‘imminent’ ransomware targeting firmware – zdnet.com
• Major cyber security weaknesses uncovered at TfNSW, Sydney Trains – itnews.com.au
• D-BOX Technologies Announces Ransomware Cyber Attack – financialpost.com
• Class Attys Eye $1.2M After Drizzly Data Breach Deal – law360.com
• Dermatology Clinic Chain Breach Affects 2.4 Million – healthcareinfosecurity.com
• State probes data breach as fraudulent unemployment claims grow – standardspeaker.com
• Northwestern urges cancer patients to check statements after data breach – chicago.suntimes.com
• The Accellion data breach continues to get messier – techcrunch.com

Cybersecurity Daily News is a curated list of relevant Cybersecurity and Information Security news from around the globe.

Brought to you by

---

Cybersecurity Daily News is a curated list of daily data breach, ransomware, and other cybersecurity related news articles produced by Rogue Security Intelligence Services from sources all over the world. Sign-up below to receive daily news directly to your inbox.