Security News > 2021 > September

State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla advanced persistent threat group, coining the malware "TinyTurla" for its limited functionality and efficient coding style that allows it to go undetected.

So what measures should be taken to protect the network perimeter today, and which flaws are most commonly present in companies? Which services are most frequently available to attackers? In Positive Technologies testing, we found every single company had TCP network ports 80 and 443 open on the perimeter.

Microsoft has discovered new malware used by the Nobelium hacking group to deploy additional payloads and steal sensitive info from Active Directory Federation Services servers. The malware, dubbed by Microsoft Threat Intelligence Center researchers FoggyWeb, is a "Passive and highly targeted" backdoor that abuses the Security Assertion Markup Language token.

Griffith, who worked as a special projects dev and researcher for the Ethereum Foundation, was arrested in November 2019 by the FBI. Advice on how to evade sanctions and launder money. His arrest happened after he traveled to North Korea to give a presentation on how to use cryptocurrency and blockchain tech to launder money and evade sanctions.

The survey results released Monday suggest that minority groups and those with lower incomes and lower education levels are more likely to fall victim to a cyberattack, and some groups are far more likely to encounter online threats. More women receive text messages from unknown numbers that include potentially malicious links than men.

It's a well-known fact that powerful malware can be bought on the dark web and used with relative ease. A new report from Cisco's Talos cybersecurity research team illustrates just how dangerous out-of-the-box remote access trojan malware can be: A campaign it has dubbed "Armor Piercer" has been attacking the Indian government since December 2020.

Network-attached storage maker QNAP has patched its QVR video management system against two critical-severity issues that could be exploited to run arbitrary commands. QNAP promotes its QVR software as a professional solution that allows real-time video monitoring, recording, playback, and alarm notifications when coupled with supported IP cameras.

In the wake of cyberattacks targeting the recently held German elections, the European Union has blamed Russia for an ongoing disinformation campaign called "Ghostwriter." Germany is the latest target in an effort that for years has tried to discredit NATO, and which has both smeared and cyberattacked Parliament members, other politicians and government officials, and journalists. It's not the first time the campaign has been attributed to Russia, but on Friday, the EU Council made the link official.

A new malware sold on dark web forums is being used by threat actors to steal accounts for multiple gaming platforms, including Steam, Epic Games Store, and EA Origin. This malware explicitly targets gaming platforms, like Steam, Epic Games, EA Origin, GOG Galaxy, and more, as it can harvest accounts for its operators, which later sell them in underground markets.

According to CyberNews, the combined Clubhouse-Facebook database includes names, phone numbers and other data, and is listed on an underground forum for $100,000 for all 3.8 billion entries, with smaller chunks of data available for less. "Breaches like these often get sold at a discount because the ones who stole the data don't know what to do with it. In some cases, intelligence agencies will buy them if they have targets of interest on those platforms," Bambenek said.