Attacks, Threats, and Vulnerabilities
How Hackers Hammered Australia After China Ties Turned Sour (Bloomberg) Wave after wave of cyberattacks has shaken the country. Experts say even the wealthiest nations are at risk if they annoy China enough.
FBI, CISA: Ransomware attack risk increases on holidays, weekends (BleepingComputer) The FBI and CISA urged organizations not to let down their defenses against ransomware attacks during weekends or holidays to released a joint cybersecurity advisory issued earlier today.
The Never-ending Ransomware Story (Digital Shadows) This blog looks back at the ransomware landscape and the flurry of rebranding attempts made by ransomware groups during Summer 2021.
What Does LockBit Want? Decrypting an Interview With the Ransomware Collective | Flashpoint (Flashpoint) LockBit on LockBit On August 23, Russian OSINT, a Russian-language YouTube and Telegram channel focused on hacking, cybersecurity, and open-source intelligence released an interview with the operators of LockBit ransomware. Altogether, the interview provides an important window into the mentality of the ransomware operators, including their motivation, perceptions of money, law enforcement, and the U.S. […]
LockFile Ransomware Uses Unique Methods to Avoid Detection | eSecurityPlanet (eSecurityPlanet) Ransomware threats continue to evolve, but LockFile takes things even further by combining a few evasion techniques.
NCC Group reveals threefold increase in targeted ransomware attacks in 2021 (Mynewsdesk) Analysis from NCC Group’s Research Intelligence and Fusion Team (RIFT) has highlighted the growing threat of ransomware around the world.
Crashing SIP IoT Clients with a Single Malformed Header (Claroty) Claroty Team82 discloses details on a vulnerability that can be used to crash a SIP IoT Client with a single malformed header packet.
How BEC scammers use the cybercrime underground (Intel471.com) Intel 471 has observed a number of actors using popular cybercrime forums to recruit or outsource functions related to BEC scams.
‘ProxyToken’ Exchange Server Vulnerability Leads to Email Compromise (SecurityWeek) A vulnerability that Microsoft patched in Exchange Server earlier this year can allow attackers to set forwarding rules on target accounts and gain access to incoming emails.
Cyber attack on FBR’s database: Only system disrupted but no data stolen, says FBR chief (The News) After exceeding tax collection by Rs160 billion in the first two months against the envisaged target, the Chairman FBR Dr Muhammad Ashfaque said on Tuesday that the government would honour its obligations in case of those who had availed tax amnesty for possessing offshore assets abroad.
Skimming the CREAM – recursive withdrawals loot $13M in cryptocash (Naked Security) Recursion [noun]: see recursion.
Cream Finance DeFi Platform Rooked For $29M (Threatpost) Cream is latest DeFi platform to get fleeced in rash of attacks.
Most Used Blockchain Averts Crisis After Software Flaw Is Fixed (Bloomberg) Ethereum blockchain was divided by mistake in client software.
College students targeted by money mule phishing techniques (SearchSecurity) Mimecast researchers have found a scam that targets college and university students with phishing techniques to turn them into money mules.
A popular smart home security system can be remotely disarmed, researchers say (TechCrunch) Fortress has not said if it has fixed or plans to fix the vulnerabilities.
Usurpation de code QR vaccinaux: Québec se montre rassurant… et avertit la police (Le Devoir) Deux failles distinctes ont été détectées dans les systèmes d’obtention et de validation du code QR.
Vulnerabilities Can Allow Hackers to Disarm Fortress Home Security Systems (SecurityWeek) Researchers have found a couple of vulnerabilities that can be used to remotely disarm home security systems made by Fortress.
Vaccine passports: Expert says B.C. should be ‘on standby to get hacked’ (Times Colonist) A successful cyberattack targetting Quebec’s digital vaccine certificates may portend to challenges ahead for the upcoming B.C. vaccine card, an expert says.“The B.C. government needs to be on . . .
Fujitsu says stolen data being sold on dark web ‘related to customers’ (ZDNet) A group called “Marketo” has claimed it has 4 GB of stolen data and purports to have 70 bids on it already.
Public Health Records Exposed in Denton County, Texas, Breach (GovTech) Hundreds of thousands of public health records, including COVID-19 vaccination details, were exposed in a data breach that was linked to an app that is used at Denton County vaccine clinics, officials say.
Patients’ personal information affected in DuPage Medical Group cyber attack (ABC 7 Chicago) DuPage Medical Group hacked: Personal information included names, addresses, dates of birth, treatment dates
Melbourne’s Stonnington council hit by suspected cyber attack (iTnews) Forced to shut down systems after ‘infiltration’.
After weeks of hate raids, Twitch streamers are taking a day off in protest (The Verge) Organizers are asking streamers and viewers to not log in to Twitch.
Security Patches, Mitigations, and Software Updates
Companies Release Security Advisories in Response to New OpenSSL Vulnerabilities (SecurityWeek) Companies that use OpenSSL in their products have started releasing security advisories for the recently patched vulnerabilities.
Philips Patient Monitoring Devices (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.8
ATTENTION: Low attack complexity
Equipment: Patient Information Center iX (PICiX); PerformanceBridge Focal Point; IntelliVue Patient Monitors MX100, MX400-MX850, and MP2-MP90; and IntelliVue X2, and X3
Vulnerabilities: Improper Neutralization of Formula Elements in a CSV File, Cross-site Scripting, Improper Authentication, Improper Check for Certificate Revocation, Improper Handling of Length Parameter Inconsistency, Improper Validation of Syntactic Correctness of Input, Improper Input Validation, Exposure of Resource to Wrong Sphere
Sensormatic Electronics KT-1 (CISA) 1. EXECUTIVE SUMMARY
Vendor: Sensormatic Electronics, LLC., a subsidiary of Johnson Controls, Inc.
Vulnerability: Use of Unmaintained Third-party Components
2. RISK EVALUATION
The affected product uses an unsupported version of Microsoft Windows CE. This version may not receive support and updates for potential vulnerabilities, which could put the affected product at risk.
Report: Insights into growing number of automated attacks (Journey Notes) Over the first six months of 2021, Barracuda researchers analyzed traffic patterns measured by our application security solutions.
2021 DDoS Threat Landscape Report (Imperva Resource Library) DDoS attacks have been a significant feature of the cyber threat landscape over the past two decades. The Imperva…