Security News > 2021

One overriding concern has been when will ransomware actors use the vulnerabilities to compromise and encrypt mail servers. Last night our fears became a reality after ID-Ransomware creator Michael Gillespie revealed that the new DearCry Ransomware targeted Microsoft Exchange servers.

You will find that J.W. Ulm, a gene therapy specialist, has some serious concerns about these, LNPs. "At present, relatively little has been reported on the tissue localisation of the LNPs used to encase the SARS-CoV-2 spike protein-encoding messenger RNA, and it is vital to have more specific information on precisely where the liposomal nanoparticles are going after injection." As the article notes for various reasons mRNA has been a failure for three decades or more.

Critical security vulnerabilities in Schneider Electric smart meters could allow an attacker a path to remote code execution, or to reboot the meter causing a denial-of-service condition on the device. Schneider Electric's PowerLogic ION/PM smart meter product line, like other smart meters, is used by consumers in their homes, but also by utility companies that deploy these meters in order to monitor and bill customers for their services.

Google on Friday released proof-of-concept code for conducting a Spectre-based attack against its Chrome browser to show how web developers can take steps to mitigate browser-based side-channel attacks. The code, posted to GitHub, demonstrates how an attacker can pull data from device memory at speed of 1kB/s when running on Chrome 88 on an Intel Skylake CPU. According to Google, the attack should work on other browsers, even those running on Arm-based Apple M1 chips.

Google has fixed a second actively exploited Chrome zero-day this month with the release of Chrome 89.0.4389.90 to the Stable desktop channel for Windows, Mac, and Linux users. The zero-day tracked as CVE-2021-21193 is rated by Google as a high severity vulnerability and was reported by an Anonymous researcher on Tuesday.

The REvil ransomware threat group is on a cyberattack tear, claiming over the past two weeks to have infected nine organizations across Africa, Europe, Mexico and the U.S. The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the U.S.; as well as two large international banks; and a European manufacturer. The malware, which first surfaced in 2019, has since proliferated to hit an array of victims, including New York-based celebrity law firm Grubman Shire Meiselas & Sacks, Travelex and Brown-Forman Corp. Ransomware Attacks.

Software giant Microsoft Corp. has launched an investigation to determine whether one of its flagship information-sharing programs sprung a leak that led to the widespread exploitation of Exchange server deployments around the world. According to a bombshell report in the Wall Street Journal, Redmond is looking closely at its Microsoft Active Protections Program to figure out if an anti-malware partner in China leaked proof-of-concept code ahead of the availability of security updates.

A senior US official said Friday the Biden administration is close to a decision on retaliation for state-sponsored hacking as fears grew over the fallout from the latest of two major cyberattacks. The official said the White House was working closely with the private sector to ramp up cyber defenses following the attacks which targeted Microsoft Exchange servers and SolarWinds security software, potentially compromising thousands of government and private computer networks.

Europol launched "Major interventions" against organized crime on March 9, which it said were made possible by monitoring the encrypted messages of around 70,000 users of the Sky ECC service since mid-February. Europol said Sky ECC has about 170,000 users who send around 3 million messages every day, adding that 20 percent of those users are in Belgium and the Netherlands.

Threat actors have started to use 'Promoted' tweets, otherwise known as Twitter ads, to spread cryptocurrency giveaway scams. For some time, BleepingComputer has been reporting on scammers hacking into verified Twitter accounts to promote fake cryptocurrency giveaway scams.