Security News > 2021 > May

Cybercriminals are embracing data-theft extortion by creating dark web marketplaces that exist solely to sell stolen data. Using ransomware data leak sites, Maze warned victims that they would publicly leak stolen data if victims did not pay a ransom.

VMware has patched another critical vulnerability reported by Positive Technologies, a Russian cybersecurity firm that was sanctioned recently by the United States. Positive Technologies is one of the several Russian tech firms sanctioned in April by the U.S. for allegedly supporting Kremlin intelligence agencies.

The Cuba Ransomware gang has teamed up with the spam operators of the Hancitor malware to gain easier access to compromised corporate networks. Similar to how Ryuk and Conti partnered with TrickBot and Egregor and ProLock worked with QBot, the Cuba Ransomware has partnered with Hancitor to gain access to compromised networks.

As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction. The unpatched flaws, collectively named 'Mouse Trap,' were disclosed on Wednesday by security researcher Axel Persinger, who said, "It's clear that this application is very vulnerable and puts users at risk with bad authentication mechanisms, lack of encryption, and poor default configuration."

An unknown threat actor with the capabilities to evolve and tailor its toolset to target environments infiltrated high-profile organizations in Asia and Africa with an evasive Windows rootkit since at least 2018. Called 'Moriya,' the malware is a "Passive backdoor which allows attackers to inspect all incoming traffic to the infected machine, filter out packets that are marked as designated for the malware and respond to them," said Kaspersky researchers Mark Lechtik and Giampaolo Dedola in a Thursday deep-dive.

USENIX, the not-for-profit advanced computing association, has decided to put an end to its beloved LISA sysadmin conferences, at least as a standalone event. In an online announcement, the LISA steering committee said that after 35 years of producing the "Best systems engineering content" the event "Will no longer be scheduled as a standalone conference."

The new product line is the industry's first set of multi-protocol security keys with support for FIDO2 and WebAuthn, along with smart card, to receive FIPS 140-2 validation, Overall Level 1 and Level 2. Semperis announced Directory Services Protector 3.5, which includes DSP Intelligence, a new module that provides automated security assessments of Microsoft Active Directory.

Asian nations in which governments are keen on citizen surveillance struggle to develop ethical hackers, as prospective workers fear their activities may be misunderstood, according to security specialist Mika Devonshire. Devonshire spent much of 2019 and 2020 in Hong Kong, working as a digital forensics and incident response specialist at Blackpanda and serving as assistant faculty at Hong Kong University.

When there's no value, or when the value fails to match the sacrifices we make in the process, that is when the data becomes something we wouldn't want companies to have. Apart from voluntarily provided data, there is also the digital data exhaust - the data you generate in the background as you interact with the service, such as cookies, tracking tags, or browser footprint.

Coming back to the CIS controls, re-evaluate your patch management program to ensure you are prioritizing and applying updates to systems at highest risk of exploitation. You should have a plan in place to update to a newer version of these operating systems.