Security News > 2021 > December

The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain. As of today, Monday, Dec. 20, the attack chain has taken the following form, AdvIntel's Yelisey Boguslavskiy told Threatpost: Emotet -> Cobalt Strike -> Human Exploitation -> -> Kerberoast -> brute -> vCenter ESXi with log4shell scan for vCenter.

Among all of the attacks aimed at rank-and-file users, there's one that stands out - the tech support scam. Tech support scams happen when people receive a message - either through a popup on their screen or an unsolicited phone call - insisting that something's wrong with their computer and needs fixing.

Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains.Redmond's warning to immediately patch the two bugs - both allowing attackers to impersonate domain controllers - comes after a proof-of-concept tool that can leverage these vulnerabilities was shared on Twitter and GitHub on December 11.

The number of scam calls more than doubled over the past year, successfully bilking wireless phone customers out of $29.8 billion in 2021 alone. Wireless carrier T-Mobile just released its Scam and Robocall year-end report, and the numbers tell the story: Scam call traffic is up 116 percent over 2020; averaging about 425 million calls every week.

Be happy that your sysadmins are taking one (three, actually!) for the team right now... here's why!

Meta has filed a federal lawsuit in California court to disrupt phishing attacks targeting Facebook, Messenger, Instagram, and WhatsApp users. The attackers behind these phishing campaigns used almost 40,000 phishing pages that would impersonate the four platforms' login pages.

The Federal Bureau of Investigation says a zero-day vulnerability in Zoho's ManageEngine Desktop Central has been under active exploitation by state-backed hacking groups since at least October. "Since at least late October 2021, APT actors have been actively exploiting a zero-day, now identified as CVE-2021-44515, on ManageEngine Desktop Central servers," the FBI's Cyber Division said [PDF].

The United Kingdom's National Crime Agency has contributed more than 585 million passwords to the Have I Been Pwned service that lets users check if their login information has leaked online. Just like with the passwords coming from the FBI, this massive collection has been added to the Pwned Passwords data that allows searching if a password has been compromised.

Digital criminals are creating new and effective ways to con businesses and financial institutions by using synthetic identity fraud. "We're seeing a huge increase in synthetic identity fraud - the process of combining real and fake personal information to create an identity and commit fraud," Hoffner said during an email conversation.

Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter. The Dridex malware is a banking trojan originally developed to steal online banking credentials from victims.