Security News > 2021 > July

The TrickBot trojan is adding man-in-the-browser capabilities for stealing online banking credentials that resemble Zeus, the early banking trojan, researchers said - potentially signaling a coming onslaught of fraud attacks. According to researchers at Kryptos Logic Threat Intelligence, this functionality is carried out by TrickBot's webinject module.

U.S. and U.K. authorities are warning that the APT28 advanced-threat actor - a.k.a. Fancy Bear or Strontium, among other names - has been using a Kubernetes cluster in a widespread campaign of brute-force password-spraying attacks against hundreds of government and private sector targets worldwide. The attackers are after the passwords of people who work at sensitive jobs in hundreds of organizations worldwide, including government and military agencies in the U.S. and Europe, defense contractors, think tanks, law firms, media outlets, universities and more.

The transition to EHRs has made ransomware and data-theft attacks far more costly and damaging for healthcare institutions. Researchers have found that Ryuk ransomware is increasingly targeting RDPs, particularly in the healthcare sector.

There is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who can't or won't upgrade to the latest operating system. At issue is a remote code execution flaw residing in all Western Digital network attached storage devices running MyCloud OS 3, an operating system the company only recently stopped supporting.

An unknown threat actor has compromised the servers of Mongolian certificate authority MonPass and abused the organization's website for malware distribution, according to security researchers at Avast. A major CA in East Asia, MonPass appears to have been breached at least six months ago, with the attackers returning to a compromised public web server approximately eight times.

Microsoft has told Azure users to update PowerShell - if they are using versions 7.0 or 7.1 - to address a remote code execution vulnerability patched earlier this year. The tech giant has advised customers who manage their Azure resources using affected versions of the PowerShell task automation solution to update to versions 7.0.6 or 7.1.3.

Microsoft now requires a computer to have a TPM 2.0 module to install Windows 11. If your processor is old enough that it does not have one built-in fTPM, your motherboard's module will likely be TPM 1.2, which is not compatible with Windows 11.

Wizard Spider, the notorious cybercrime gang that operated the TrickBot botnet and the Ryuk and Conti ransomware families, may have developed a new ransomware family, Fortinet reports. Dubbed Diavol, the ransomware shows similarities with Conti, but the observed attacks lack some of the tactics previously associated with Wizard Spider.

Microsoft late Thursday acknowledged a severe security vulnerability in the Print Spooler utility that ships by default on Windows and warned that the bug exposes users to computer takeover attacks. Microsoft's confirmation of a new, unpatched Windows Print Spooler bug comes days after researchers noticed that published proof-of-concept code for a different vulnerability was reliably exploiting fully patched Windows machines.

No sensitive information was compromised in a ransomware attack last month on the state agency that provides ferry service between mainland Massachusetts and the islands of Martha's Vineyard and Nantucket. "After a rigorous evaluation of our systems, this investigation has now concluded and the cybersecurity investigators have confirmed that no sensitive information, including customer data or payment information, was viewed or downloaded during this incident," the Woods Hole, Martha's Vineyard and Nantucket Steamship Authority announced in a statement Wednesday.