Security News > 2021
Threat actors are sending phishing emails impersonating a Small Business Administration lender to prey on US business owners who want to apply for a Paycheck Protection Program loan to keep their business going during the COVID-19 crisis. The attackers behind this phishing campaign are taking advantage of the ongoing financial problems some businesses are experiencing due to the pandemic to lure them into handing over sensitive business and personal info.
Several U.S. lawmakers sent a letter to the National Security Agency last week in an effort to find out more about its role in the backdoor discovered in Juniper Networks products back in 2015, as well as the steps taken by the agency following the Juniper incident, and why those steps failed to prevent the recent SolarWinds hack. The VPN issue was related to the use of Dual Elliptic Curve Deterministic Random Bit Generator, a NIST-approved cryptographic algorithm that had been known to contain a backdoor introduced by the NSA. Juniper had made some changes to prevent abuse, but the malicious code enabled the backdoor.
Chrome 89 also supports Web NFC, meaning that web applications can read and write NFC tags. Another new feature is the Web Serial API, which enables direct communication between web applications and devices with serial ports.
A SonicWall SMA 100 zero-day vulnerability is being actively exploited in the wild, according to a tweet by cybersecurity firm NCC Group. While SonicWall investigates the vulnerability and has not provided many details, they state that it likely affects their SMA 100 series line of remote access appliances.
The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library. An exploit would allow an attacker to write arbitrary data to a target machine and execute code.
Researchers allege, attackers have compromised the update mechanism of NoxPlayer, which is software that allows gamers to run Android apps on their PCs or Macs. Researchers said, out of more than the 100,000 users in their telemetry that have Noxplayer installed on their machines, only five users received a malicious update, showing the attack is a "Highly targeted operation." These victims are based in Taiwan, Hong Kong and Sri Lanka.
UK Research and Innovation, the British government's science and research organisation, has temporarily turned off a couple of its web-facing services after an apparent ransomware attack. In a statement issued last week while everyone was gazing goggle-eyed at the European Union's vaccine export struggles, UKRI said data from its Brussels-based UK Research Office and an extranet service had been "Encrypted by a third party".
Fischbach and Alan Ross, chief architect at Forcepoint's X-Labs, champion a different solution: Indicators of Behavior. "IOBs are behaviors that are monitored to understand risk within an organization," Ross said in his article Indicators of Behavior-With 2020 Vision.
Suppose the polling-place optical scanners had been hacked. Then this would have been detected in the audit, and Georgia would have been able to recover by doing a full recount.
A publicly exposed cloud storage bucket was found to contain images of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world. Reverse-image searches for headshots revealed that these well-known European volleyball players were either directly associated with CEV or were part of a volleyball team or federation affiliated with the CEV. BleepingComputer also found some of CEV's assets in the bucket, such as branding images with CEV logos on them.