Security News > 2021 > November
Microsoft Defender for Endpoint is currently blocking Office documents from being opened and some executables from launching due to a false positive tagging the files as potentially bundling an Emotet malware payload. Windows system admins are reporting that this is happening since updating Microsoft's enterprise endpoint security platform definitions to version 1.353.1874.0. While Microsoft hasn't yet shared any info on what causes this, the most likely reason is that the company has increased the sensitivity for detecting Emotet-like behavior in updates released today, which makes Defender's generic behavioral detection engine too sensitive prone to false positives.
The FBI seized $2.3 million in August from a well-known REvil and GandCrab ransomware affiliate, according to court documents seen by BleepingComputer. In a complaint unsealed today, the FBI seized 39.89138522 bitcoins worth approximately $2.3 million at current prices from an Exodus wallet on August 3rd, 2021.
The FBI seized $2.2 million in August from a well-known REvil and GandCrab ransomware affiliate, according to court documents seen by BleepingComputer. In a complaint unsealed today, the FBI seized 39.89138522 bitcoins worth approximately $2.2 million from an Exodus wallet on August 3rd, 2021.
Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Google estimates that 95 percent of its internet traffic uses the encrypted HTTPS protocol, and most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today.
Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit. Tracked as CVE-2021-41379 and discovered by security researcher Abdelhamid Naceri, the elevation of privilege flaw affecting the Windows Installer software component was originally resolved as part of Microsoft's Patch Tuesday updates for November 2021.
Cybersecurity researchers on Tuesday disclosed multiple security flaws affecting 150 different multifunction printers from HP Inc that could be potentially abused by an adversary to take control of vulnerable devices, pilfer sensitive information, and infiltrate enterprise networks to mount other attacks. "An attacker can exploit them to gain code execution rights, with the former requiring physical access while the latter can be accomplished remotely. A successful attack will allow an adversary to achieve various objectives, including stealing information or using the compromised machine as a beachhead for future attacks against an organization."
Fallout from nation-state sponsored cyberattacks will no longer be covered under cyber-insurance policies issued by famed insurer Lloyd's of London. The insurance juggernaut's underwiring director Patrick Davidson just released four new Cyber War and Cyber Operation Exclusion Clauses, outlining the new terms.
FluBot, a family of Android malware, is circulating again via SMS messaging, according to authorities in Finland. Once successfully installed on a device, FluBot can access the contacts list, spam out texts to other users, read messages, steal credit card details and passwords as they are typed into apps, install other applications, and carry out other crooked activity.
Finland's National Cyber Security Centre has issued a "Severe alert" to warn of a massive campaign targeting the country's Android users with Flubot banking malware pushed via text messages sent from compromised devices. The SMS recipients are redirected to malicious sites pushing APK installers to deploy the Flubot banking malware on their Android devices instead of opening a voicemail.
The UK data protection regulator has announced its intention to issue a fine of £17m to controversial facial recognition company Clearview AI. Clearview AI, as you'll know if you've read any of our numerous previous articles about the company, essentially pitches itself as a social network contact finding service with extraordinary reach, even though no one in its immense facial recognition database ever signed up to "Belong" to the "Service". Early in 2020, those behemoths firmly told Clearview AI, "Stop leeching image data from our services."