Security News > 2021 > October

The Microsoft Detection and Response Team says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives. These attacks often use the same password while switching from one account to another to find easy to breach accounts and avoid triggering defenses like password lockout and malicious IP blocking.

Apple fixes security feature bypass in macOSApple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection bypass in macOS, and CVE-2021-30883, an iOS flaw that's actively exploited by attackers. Good security habits: Leveraging the science behind how humans develop habitsIn this interview with Help Net Security, George Finney, CSO at Southern Methodist University, explains what good security habits are, how to successfully implement them and why are they important.

Microsoft 365, formerly called Office 365, is Microsoft's cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols. These authentication protocols do not support modern authentication mechanisms like multi-factor authentication, which means that enabling MFA won't suffice.

A Russian national, who was arrested in South Korea last month and extradited to the U.S. on October 20, appeared in a federal court in the state of Ohio on Thursday to face charges for his alleged role as a member of the infamous TrickBot group. Starting its roots as a banking trojan in 2016, TrickBot has evolved into a modular, multi-stage Windows-based crimeware solution capable of pilfering valuable personal and financial information, and even dropping ransomware and post-exploitation toolkits on compromised devices.

A total of 12 individuals wreaking havoc across the world with ransomware attacks against critical infrastructure have been targeted as the result of a law enforcement and judicial operation involving eight countries. As you probably know, a lot of ransomware gangs these days consist of what you might call a cybercrime "Ecosystem" or "Subculture", with the core coders surrounded by numerous affiliates or associates who take the malware out into the world and use it actively in attacks.

The Chaos Ransomware gang encrypts gamers' Windows devices through fake Minecraft alt lists promoted on gaming forums. According to researchers at FortiGuard, a recently discovered variant of the Chaos ransomware is being tentatively distributed in Japan, encrypting the files of Minecraft players and dropping ransom notes.

Microsoft says Windows customers are experiencing issues with network printing after installing the Windows 11 KB5006674 and Windows 10 KB5006670 updates issued with this month's Patch Tuesday, on October 12. Client: Windows 11, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1607; Windows 8.1; Windows 7 SP1. Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2008 SP2. As Redmond explains, this known issue affecting printing on both client and server Windows platforms is specific to printer servers which are more commonly found in enterprise environments.

12 people have been detained as part of an international law enforcement operation for orchestrating ransomware attacks on critical infrastructure and large organizations that hit over 1,800 victims across 71 countries since 2019, marking the latest action against cybercrime groups. The suspects have been primarily linked to LockerGoga, MegaCortex, and Dharma ransomware, in addition to being in charge of laundering the ransom payments by funneling the ill-gotten Bitcoin proceeds through mixing services and cashing them out.

Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. System Integrity Protection aka "Rootless" is a security feature introduced in OS X El Capitan that's designed to protect the macOS operating system by restricting a root user from executing unauthorized code or performing operations that may compromise system integrity.

An unidentified threat actor has been linked to a new Android malware strain that features the ability to root smartphones and take complete control over infected smartphones while simultaneously taking steps to evade detection. Lookout Threat Labs said it found a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps, seven of which contained the rooting functionality.