Cyber News

On September 14-15, 2021, NIST will host a virtual public workshop on challenges and practical approaches to initiating cybersecurity labeling efforts for Internet of Things (IoT) devices and consumer software.  The workshop will help NIST to carry out an Executive Order (EO) on Improving the Nation’s Cybersecurity. The agenda for the workshop will include facilitated panel discussions and presentations based on consumer software labeling position papers submitted to NIST and on preliminary feedback on potential IoT baseline security criteria to be shared by NIST in August. According to the EO

An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware.

UC San Diego Health, the academic health system of the University of California, San Diego, has disclosed a data breach after the compromise of some employees' email accounts.

Kaseya said it did not negotiate with cybercriminals and pay a ransom following the REvil ransomware attack on July 2, 2021, which compromised about 60 MSPs and 1,500 end-users.

The Federal Bureau of Investigation Denver is offering new hands-on training to students interested in learning the latest on cybersecurity from members of the FBI themselves.

Congress should not attempt to address the threat of ransomware by making ransom payments to cybercriminals illegal, Bryan Vorndran, a top FBI cyber division official told US lawmakers Tuesday.

The Netherlands-based fishing supply specialist Raven Hengelsport left details of around 246,000 customers visible to anyone on a misconfigured Microsoft Azure cloud server for months.

A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan (RAT) on compromised systems. Attributing the intrusions to a threat actor named PKPLUG (aka Mustang Panda and HoneyMyte), Palo Alto Networks' Unit 42 threat intelligence team

An Android malware that was observed abusing accessibility services in the device to hijack user credentials from European banking applications has morphed into an entirely new botnet as part of a renewed campaign that began in May 2021. Italy's CERT-AGID, in late January, disclosed details about Oscorp, a mobile malware developed to attack multiple financial targets with the goal of stealing

Threat actors are increasingly shifting to "exotic" programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts. "Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies," said Eric Milam, Vice President of

NIST is seeking suggestions and feedback on challenges and practical approaches to initiating cybersecurity labeling efforts for Internet of Things (IoT) devices and consumer software. The information received will help NIST carry out one of its multiple assignments included in a May 12, 2021 Executive Order (EO) on Improving the Nation’s Cybersecurity. We need your help! You are invited to respond to a call for papers, comment on a forthcoming draft white paper, and participate in our workshop on September 14-15, 2021. More about the call for papers: NIST is now requesting one- to two-page

Cybercriminals found exploiting misconfigured Argo Workflows instances to deploy cryptominers for financial gains. The recent crypto attacks are worrying as there are hundreds of misconfigured deployments exposed on different servers.

An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware as part of a years-long social engineering and targeted malware campaign. Enterprise security firm Proofpoint attributed the covert operation to a state-aligned threat actor it tracks as TA456, and by the wider

This is important:

Monsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops (USCCB), effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained from data brokers was correlated with his apartment, place of work, vacation home, family members’ addresses, and more.

[…]

The data that resulted in Burrill’s ouster was reportedly obtained through legal means. Mobile carriers sold­ — and still sell — ­location data to brokers who aggregate it and sell it to a range of buyers, including advertisers, ...

Just like other prominent ransomware gangs today, the Haron gang goes after enterprise targets in order to maximize its profits and also runs a leak site where it threatens to publish stolen data.

An ongoing XCSSET campaign has been observed with some upgrades in its features. However, the recent report about the XCSSET malware does not indicate any major changes in the malware’s core capabilities. These changes correspond to a gradual fine-tuning of its tactics.

Microsoft warned against a cryptominer threat named LemonDuck, which is targeting both Windows and Linux systems. Earlier this year, the LemonDuck gang had shifted its tactics in the later stage of its attack to manual hacking. The recent upgrades in this cross-platform threat indicate that its developers are determined to make a dent in the current threat landscape.

Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a dizzying array of attack paths, such as in PetitPotam.

While monitoring the Microsoft Exchange Server attacks in March 2021, Unit 42 researchers identified a PlugX variant delivered as a post-exploitation RAT to one of the compromised servers.

Tracking the cybercriminals behind ransomware is a difficult task. The hackers who write and maintain ransomware are often different from those who deploy it, with the two parties sharing the profits.