Security News > 2021 > May

A massive malware campaign pushed the Java-based STRRAT remote access trojan, known for its data theft capabilities and the ability to fake ransomware attacks. In a series of tweets, the Microsoft Security Intelligence team outlined how this "Massive email campaign" spread the fake ransomware payloads using compromised email accounts.

Google updated its May 3 Android security bulletin on Wednesday to say that there are "Indications" that four of the 50 vulnerabilities "May be under limited, targeted exploitation." That was mostly confirmed by Maddie Stone, a member of Google's Project Zero exploit research group, who clarified on Twitter that the "4 vulns were exploited in-the-wild" as zero-days. These four bugs make up a full two-thirds of the six total bugs to be exploited in the wild since 2014, according to Google's tracking spreadsheet.

Each of these packages is posted by a unique pseudonymous maintainer account, making it challenging for PyPI to remove the packages and spam accounts all at once. PyPI is being flooded with spam packages named after popular movies in a style commonly associated with torrent or "Warez" sites that provide pirated downloads: watch-(movie-name)-2021-full-online-movie-free-hd-.... The discovery came to light when Adam Boesch, senior software engineer at Sonatype was auditing a dataset and noticed a funny-sounding PyPI component named after a popular TV sitcom.

Twitter is relaunching its public verification application system after suspending it more than three years ago to clarify the verification eligibility criteria. "Over the past several months, we've been working to bring clarity to the verification eligibility criteria and launched a new policy shaped by public feedback," Twitter said in a blog post today.

Firefox developers understand web browser security is at a premium, so they've started rolling out a new site isolation feature. That's a good thing because Firefox is an important browser that has brought about game-changing features over the years.

Called attacker dwell time, this is part of an adversarial approach that has become even more popular with hackers when it comes to 2021 ransomware attacks and data breaches. Combating Dwell Time with EDR. Even one day is too many when it comes to adversaries camping out on your network, but rooting them out can be tough for resource-strapped firms on a tight budget.

The Conti ransomware gang has released a free decryptor for Ireland's health service, the HSE, but warns that they will still sell or release the stolen data. Today, the ransomware gang posted a link to a free decryptor in their negotiation chat page for the HSE that can be used use to recover encrypted files for free.

Windows 10, version 20H2 has entered the broad deployment phase and will be offered to all devices not configured to defer feature updates or affected by compatibility holds. Microsoft has recently removed the last remaining Windows 10 upgrade blocks after addressing known issues affecting systems with Conexant or Synaptics devices causing errors and problems when updating to Windows 10 2004 or 20H2. "Windows 10, version 20H2 is designated for broad deployment," the company says in a Windows Health dashboard status update.

Bizarro is a new banking trojan that is stealing financial information and crypto wallets. The program can be delivered in a couple of ways­ - either via malicious links contained within spam emails, or through a trojanized app.

The Alaska health department website was the target of a malware attack, officials said. A similar attack previously targeted the state's court system.