Hurricane Panda goes phishing. OT vulnerabilities described. LemonDuck’s big plans?


Attacks, Threats, and Vulnerabilities

Positive Technologies: APT group targeting government agencies around the world detected in Russia for the first time (Positive Technologies) Positive Technologies Expert Security Center (PT ESC) revealed new attacks by APT31 and analyzed its new tool—a malicious software that allows criminals to control a victim’s computer or network by using remote access.

Chinese Hackers Compromised Telecom Firms, Researchers Say (Bloomberg) Hacking groups said to exploit flaws in Microsoft Exchange. Attackers pulled off ‘holy grail of espionage’ in breaches.

Iranian APT Lures Defense Contractor in Catfishing-Malware Scam (Threatpost) Fake aerobics-instructor profile delivers malware in a supply-chain attack attempt from TA456.

LemonDuck botnet evolves to allow hands-on-keyboard intrusions (The Record by Recorded Future) Over the past two years, a once-tiny crypto-mining malware strain has evolved into a massive botnet and is now experimenting with hands-on-keyboard intrusions into hacked networks, signaling a dangerous turn that could see the group’s operators deliver ransomware or more dangerous threats in the coming future.

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure (Microsoft Security Blog) LemonDuck, an actively updated and robust malware that’s primarily known for its botnet and cryptocurrency mining objectives, adopted more sophisticated behavior and escalated its operations. Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks (Microsoft Security Blog) LemonDuck is an actively updated and robust malware primarily known for its botnet and cryptocurrency mining objectives. Today, beyond using resources for its traditional bot and mining activities, LemonDuck steals credentials, removes security controls, spreads via emails, moves laterally, and ultimately drops more tools for human-operated activity.

INFRA:HALT – Forescout (Forescout) Forescout Research Labs and JFrog Security Research discover 14 new vulnerabilities affecting closed source TCP/IP stack NicheStack, allowing for Denial of Service or Remote Code Execution primarily affecting operational technology (OT) and industrial control system (ICS) devices.

INFRA:HALT vulnerabilities affect OT devices from more than 200 vendors (The Record by Recorded Future) Security researchers have disclosed today 14 vulnerabilities that impact a popular TCP/IP library commonly used in industrial equipment and Operational Technology (OT) devices manufactured by more than 200 vendors.

Report: Over 63 Million US Citizens Exposed in Massive Data Leak (vpnMentor) Led by Ran Locar and Noam Rotem, vpnMentor’s research team discovered that B2B marketing company OneMoreLead was leaking the private data of up to 126 million American

A Silicon Valley VC firm with $1.8B in assets was hit by ransomware (TechCrunch) Advanced Technology Ventures said investor data was stolen from the company’s servers.

Cyber attack at Ardagh Group cost $34m ( A cyber attack at Ardagh Group in May cost the company $34 million.

LVHN patients’ info hacked in cyber attack (WFMZ) LVHN is warning patients their data could have been stolen in a hack earlier this year.

Isle of Wight schools hit by ransomware (Computing) Six schools and the Isle of Wight of Education Federation have had data encrypted in an attack that could delay the start of the new term

Security Patches, Mitigations, and Software Updates

Swisslog Healthcare Translogic PTS (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Swisslog Healthcare
Equipment: Translogic PTS (Pneumatic Tube Systems)
Vulnerabilities: Use of Hard-coded Password, Execution with Unnecessary Privileges, Improper Authentication, Download of Code without Integrity Check, Out-of-Bounds Write

Acronis Cybertreats Report: Mid-year 2021 (Acronis) Acronis was the first company to implement completely integrated cyber protection to protect all data, applications, and systems.

Contrast Security Study Highlights Lower Application Security Debt Equates to Reduced Risk (Newswire) 2021 Application Security Observability Report from Contrast Labs also reported a 31% jump in serious vulnerabilities and a 29% increase in likelihood of attacks on vulnerabilities

Proofpoint’s Annual Human Factor Report Reveals How 2020 Transformed Today’s Threat Landscape (Proofpoint) More than 48 million observed messages containing malware capable of downloading ransomware foreshadowed the risk of recent high-profile cyber attacks

The Human Factor 2021: Cybersecurity, Ransomware and Email Fraud in a Year that Changed the World (Proofpoint) As the global pandemic upended work and home routines in 2020, cyber attackers pounced. Dive deep into how this extraordinary time has changed the threat landscape—and what it means for the year ahead. Our premiere threat report draws from one of cybersecurity’s largest and most diverse data sets to explore user vulnerability, attacks and privilege through a people-centric lens. You’ll learn:

Kaseya ransomware attack sets off race to hack service providers -researchers (KELO-AM) A ransomware attack in July that paralyzed as many as 1,500 organizations by compromising tech-management sof…

Deep Instinct identifies top 5 ransomware attacks in the first half of 2021 (CTECH) Mid-year threat landscape report has highlighted some of the ways that organizations and individuals are at risk online

Increase in DDoS extortion campaigns and hit-and-run assaults (IT Brief) The window between the disclosing and weaponising of new vulnerabilities is getting very slim.

What’s behind the explosion in zero-day exploits? (IT PRO) Projections show the industry will detect almost three times as many exploits in 2021 as were found last year

Remote code execution the most common cyber threat faced by Canadian firms: Report (IT World Canada) Canadian cybersecurity teams face a wide range of threats, but the most common vulnerability exploit type is remote code execution (RCE), according to a report from Check Point Software Technologies. In its annual mid-year attack trends report, which uses data from customers, the company said that in 61 per cent of attacks against Canadian organizations […]

29% of corporate users in Kenya experienced financial malware attacks in the first half of 2021 (Africanews) Although Kaspersky’s ( research shows that the overall number of financial malware attacks in Kenya has decreased in the first half of 2021, when compared


Feedzai Acquires World’s Most Advanced Biometric Platform, Revelock, Creating the World’s Largest Financial Intelligence Network (FIN) to Secure…


Read More:Hurricane Panda goes phishing. OT vulnerabilities described. LemonDuck’s big plans?

Products You May Like