Security News > 2021 > July

If you're the kind of person who was paying attention to ransomware years ago and want to make sure you're prepared for the next kind of attack before it hits, pay attention to Gartner's latest report. Here are five things to know about cyber-physical attacks.

The recent trend of cyberattacks on physical infrastructure is a concern for everyone. Tom Merritt explains with five things we should know.

Amazon has quietly been hit with a record-breaking €746 million fine for alleged GDPR violations regarding how it performs targeted behavioral advertising. In an SEC Form 10-Q filed today, Amazon states that this massive fine came out of CNPD in July 2021, which fined them for improper processing of personal data.

A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF that can give an attacker increased privileges on Ubuntu machines. eBPF is a technology that enables user-supplied programs to run sandboxed inside the operating system's kernel, triggered by a specific event or function.

Details of 30 servers thought to be used by Russia's SVR spy agency as part of its ongoing campaigns to steal Western intellectual property were made public today by RiskIQ. Russia's Foreign Intelligence Service "Is actively serving malware previously used in espionage campaigns targeting COVID-19 research in the UK, US, and Canada," according to threat intel firm. "We were unable to locate any malware which communicated with this infrastructure, but we suspect it is likely similar to previously identified samples."

Kaspersky's quarterly DDoS attack report is one that its writers describe as "Relatively calm," but don't let that statement fool you: There's still a lot of dangerous DDoS threats and new actors waiting for their time to strike. The expected calm doesn't mean there's time to take a break: Cybercriminals definitely aren't, with Kaspersky reporting two new potential DDoS attack vectors and a rise in DDoS attacks as a ransomware tool.

A newly discovered Android banking Trojan relies on screen recording and keylogging instead of HTML overlays for the capturing of login credentials, according to security researchers at ThreatFabric. ThreatFabric said the mobile malware leverages the Accessibility Services to identify the application running in the foreground and, if the app is in the target list, the malware starts screen recording.

The Russian cyberespionage group known as APT29 and Cozy Bear is still actively delivering a piece of malware named WellMess, despite the fact that the malware was exposed and detailed last year by Western governments. WellMess was attributed to Russia's APT29 in 2020, when the United States, the United Kingdom and Canada said it had been used by Russian hackers in attacks aimed at academic and pharmaceutical research institutions involved in COVID-19 vaccine development.

An attack earlier this month on Iran's train system, which disrupted rail service and taunted Iran's leadership via hacked public transit display screens, used a never-before-seen wiper malware called Meteor that appears to have been design for reuse, a security researcher has found. The initial attack, dubbed MeteorExpress, occurred July 9, when "a wiper attack paralyzed the Iranian train system," according to a report by Juan Andres Guerrero-Saade at Sentinel Systems.

A previously undocumented Chinese-speaking threat actor is targeting Microsoft Exchange vulnerabilities in an attempt to compromise high-profile victims, Kaspersky reveals. According to Kaspersky, the toolset emerged as early as July 2020, with the threat actor targeting various entities in Southeast Asia, including governmental organizations and telecom companies.