Home

Dark Reading

07 December 2021

• New Financial Services Industry Report Reveals Major Gaps in Storage and Backup Security
  More than two-Thirds (69%) of respondents believe an attack on their storage & backup environment will have "significant" or "catastrophic" impact.
• Google Disrupts Botnet Targeting Windows Machines
  The company has also launched litigation against the Glupteba botnet, marking the first lawsuit against a blockchain-enabled botnet.
• Rubrik's New Managed Service Protects Data from Ransomware Attacks
  Rubrik Cloud Vault provides data recovery assurance against ransomware attacks for Microsoft Azure customers, even if they maintain a hybrid environment.
• Virtual-Network Vulnerability Found in AWS, Other Clouds
  The privilege-escalation flaws affect Amazon WorkSpaces and more than a dozen services that use a particular implementation of USB over Ethernet.
• Cerberus Sentinel Announces Acquisition of Arkavia Networks
  U.S. cybersecurity services firm expands internationally into Latin America.
• The Dark Web Has Its Own People's Court
  Many underground forums have processes for arbitrating disputes between cybercriminals.
• DigiCert Advances Passwordless Authentication with Support for Windows Hello for Business
  Managing Windows Hello hybrid certificate trust model on DigiCert PKI platform streamlines enterprise passwordless authentication and access, an industry first for public Certification Authorities (CAs).
• 5 Ways GRC & Security Can Partner to Reduce Insider Risk
  In 2022, data governance, risk, and compliance (GRC) and security need to partner to implement a modern approach to data protection: insider risk management.
• Defending Against the Use of Deepfakes for Cyber Exploitation
  Deepfakes are increasingly concerning because they use AI to imitate human activities and can be used to augment social engineering attacks.
• Cybersecurity Takes the Wheel as Auto Industry's Top Priority
  Part mainframe, part mobile device, cars will increasingly become targets for cyberattackers.

Threatpost

• Windows 10 Drive-By RCE Triggered by Default URI Handler
  There's an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.
• When Scammers Get Scammed, They Take It to Cybercrime Court
  Underground arbitration system settles disputes between cybercriminals.
• Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators
  The malware's unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely.
• SolarWinds Attackers Spotted Using New Tactics, Malware
  One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.
• Crypto-Exchange BitMart to Pay Users for $200M Theft
  BitMart confirmed it had been drained of ~$150 million in cryptocurrency assets, but a blockchain security firm said it's closer to $200 million.
• Are You Guilty of These 8 Network-Security Bad Practices?
  Tony Lauro, director of Security Technology & Strategy at Akamai, discusses VPNs, RDP, flat networks, BYOD and other network-security bugbears.
• Cyber Command Publicly Joins Fight Against Ransomware Groups  
  U.S. military acknowledges targeting cybercriminals who launch attacks on U.S. companies.
• Cuba Ransomware Gang Hauls in $44M in Payouts
  The gang is using a variety of tools and malware to carry out attacks in volume on critical sectors, the FBI warned.
• Pegasus Spyware Infects U.S. State Department iPhones
  It's unknown who's behind the cyberattacks against at least nine employees' iPhones, who are all involved in Ugandan diplomacy.
• Apache Kafka Cloud Clusters Expose Sensitive Data for Large Companies
  The culprit is misconfigured Kafdrop interfaces, used for centralized management of the open-source platform.

The Hacker News

07 December 2021

• Eltima SDK Contain Multiple Vulnerabilities Affecting Several Cloud Service Provides
  06 December 2021
  Cybersecurity researchers have disclosed multiple vulnerabilities in a third-party driver software developed by Eltima that have been "unwittingly inherited" by cloud desktop solutions like Amazon Workspaces, Accops, and NoMachine and could provide attackers a path to perform an array of malicious activities. "These vulnerabilities allow attackers to escalate privileges enabling them to disable
• SolarWinds Hackers Targeting Government and Business Entities Worldwide
  06 December 2021
  Nobelium, the threat actor attributed to the massive SolarWinds supply chain compromise, has been once again linked to a series of attacks targeting multiple cloud solution providers, services, and reseller companies, as the hacking group continues to refine and retool its tactics at an alarming pace in response to public disclosures. The intrusions, which are being tracked by Mandiant under two
• Microsoft Seizes 42 Malicious Web Domains Used By Chinese Hackers
  06 December 2021
  Microsoft on Monday announced the seizure of 42 domains used by a China-based cyber espionage group that set its sights on organizations in the U.S. and 28 other countries pursuant to a legal warrant issued by a federal court in the U.S. state of Virginia. The Redmond company attributed the malicious activities to a group it pursues as Nickel, and by the wider cybersecurity industry under the
• Latest Firefox 95 Includes RLBox Sandboxing to Protect Browser from Malicious Code
  06 December 2021
  Mozilla is beginning to roll out Firefox 95 with a new sandboxing technology called RLBox that prevents untrusted code and other security vulnerabilities from causing "accidental defects as well as supply-chain attacks." Dubbed "RLBox" and implemented in collaboration with researchers at the University of California San Diego and the University of Texas, the improved protection mechanism is
• Malicious KMSPico Windows Activator Stealing Users' Cryptocurrency Wallets
  06 December 2021
  Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. The malware, dubbed "CryptBot," is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards, and capturing

Naked Security

• Firefox update brings a whole new sort of security sandbox
  Firefox 95.0 is out, with the usual security fixes... plus some funky new ones.
• Cryptocurrency startup fails to subtract before adding, loses $31m
  Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn't take away 42. How much is left?
• Mozilla patches critical “BigSig” cryptographic bug: Here’s how to track it down and fix it
  Mozilla's cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.
• S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast]
  Latest episode - listen now!
• IoT devices must “protect consumers from cyberharm”, says UK government
  "Must be at least THIS tall to go on ride" seems to be the starting point. Too little, too late? Or better than nothing?
• Clearview AI face-matching service set to be fined over $20m
  Scraping data for a facial recognition service? "That's unlawful", concluded both the British and the Australians.
• Cloud Security: Don’t wait until your next bill to find out about an attack!
  Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.
• S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast]
  Latest episode - listen now! Solid cybersecurity advice in plain English.
• US government securities watchdog spoofed by investment scammers – don’t fall for it!
  Those numbers that show up on your phone to tell you who's calling? Treat them as SUGGESTIONS, never as PROOF.
• Check your patches – public exploit now out for critical Exchange bug
  It was a zero-day bug until Patch Tuesday, now there's an anyone-can-use-it exploit. Don't be the one who hasn't patched.