Security News > 2021 > October

We are seeing changes in which sectors are being targeted the most. In the latest FortiGuard Labs Global Threat Report, researchers found that the prevalence of ransomware in those two sectors was lower than managed security service providers, the automotive and manufacturing sectors, telecommunications, and government.

A security researcher has disclosed technical details for a Windows zero-day privilege elevation vulnerability and a public proof-of-concept exploit that gives SYSTEM privileges under certain conditions. A public proof-of-concept exploit and technical details for an unpatched Windows zero-day privilege elevation vulnerability has been disclosed that allows users to gain SYSTEM privileges under certain conditions.

Google on Thursday rolled out an emergency update for its Chrome web browser, including fixes for two zero-day vulnerabilities that it says are being actively exploited in the wild. The internet giant's Threat Analysis Group has been credited with discovering and reporting the two flaws on September 15, 2021, and October 26, 2021, respectively.

Over 70% of Wi-Fi networks from a sample size of 5,000 were hacked with "Relative ease" in the Israeli city of Tel Aviv, highlighting how unsecure Wi-Fi passwords can become a gateway for serious threats to individuals, small businesses, and enterprises alike. CyberArk security researcher Ido Hoorvitch, who used a Wi-Fi sniffing equipment costing about $50 to collect 5,000 network hashes for the study, said "The process of sniffing Wi-Fis and the subsequent cracking procedures was a very accessible undertaking in terms of equipment, costs and execution."

According to a joint investigation by the German media outlet Zeit Online and the German public broadcaster Bayerischer Rundfunk, investigators from Germany's Baden-Württemberg State Criminal Police Office are convinced that Nikolay K. is part of the core group that operate the ransomware-as-a-service player REvil, aka Sodinokibi. According to Reuters, which broke the news about last week's law enforcement move against the gang, REvil's also behind the Colonial Pipeline attack, as opposed to a culprit presumed to be a ransomware group named DarkSide.

Decentralized finance biz Cream Finance became further decentralized on Wednesday with the theft of $130m worth of crypto assets from its Ethereum lending protocol. "Our Ethereum C.R.E.A.M. v1 lending markets were exploited and liquidity was removed on October 27, 1354 UTC," the Taiwan-based biz said.

Don't miss our cybersecurity podcast minisodes! Bliss is a hill in wine country. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

German news outlets claim to have identified a member of the infamous REvil ransomware gang - who reportedly lives the life of Riley off his ill-gotten gains. The gang member, nicknamed Nikolay K by Die Zeit newspaper and the Bayerische Rundfunk radio station, reportedly owns a €70,000 watch with a Bitcoin address engraved on its face and rents yachts for €1,300 a day whenever he goes on holiday.

CISA and the NSA shared guidance on securing cloud-native 5G networks from attacks seeking to compromise information or deny access by taking down cloud infrastructure. The two federal agencies issued these recommendations for service providers and system integrators that build and configure 5G cloud infrastructure, including cloud service providers, core network equipment vendors, and mobile network operators.

Attackers could use a new macOS vulnerability discovered by Microsoft to bypass System Integrity Protection and perform arbitrary operations, elevate privileges to root, and install rootkits on vulnerable devices. The Microsoft 365 Defender Research Team reported the vulnerability dubbed Shrootless to Apple by via the Microsoft Security Vulnerability Research.