Security News > 2021

A publicly exposed cloud storage bucket was found to contain images of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world. Reverse-image searches for headshots revealed that these well-known European volleyball players were either directly associated with CEV or were part of a volleyball team or federation affiliated with the CEV. BleepingComputer also found some of CEV's assets in the bucket, such as branding images with CEV logos on them.

Two French citizens and a Moroccan went on trial in Paris on Monday charged with planning attacks after their cyber network was successfully infiltrated by a French intelligence agent posing as a jihadist. The agent from France's DGSI domestic intelligence service, using the codename Ulysse, had infiltrated communication networks of Islamic State group jihadists in a ruse that led to the arrest of the three.

The U.S. Federal Bureau of Investigation is warning of scammers actively posing as FBI representatives and threatening targets with fines and jail time unless they don't hand out personal and/or financial information. As the FBI warns, the agency has received multiple reports of such scam attempts where the fraudsters are targeting North Florida residents attempting to steal their personal info.

The proprietors of the phishing service were variously known on cybercrime forums under handles such as SMSBandits, "Gmuni," "Bamit9," and "Uncle Munis." SMS Bandits offered an SMS phishing service for the mass sending of text messages designed to phish account credentials for different popular websites and steal personal and financial data for resale. Sasha Angus is a partner at Scylla Intel, a cyber intelligence startup that did a great deal of research into the SMS Bandits leading up to the arrest.

The cybercriminals behind the Fonix ransomware have announced plans to shut down their activity, and have already released the master decryption key for the malware. Also known as FonixCrypter and Xonif, the ransomware has been operating since June 2020, with several variants observed since.

Collaboration is a hallmark of successful security teams. Managers of all the security teams can see the analysis unfolding, which allows them to act when and how they need to, coordinating tasks between teams and monitoring timelines and results.

How he'll handle the logistics of the case could feel old school: Under new court rules, he'll have to print out any highly sensitive documents and hand-deliver them to the courthouse. The new rules for filing sensitive documents are one of the clearest ways the hack has affected the court system.

The U.S. Cybersecurity and Infrastructure Security Agency says many of the victims of the threat group that targeted Texas-based IT management firm SolarWinds were not directly linked to SolarWinds. "While the supply chain compromise of SolarWinds first highlighted the significance of this cyber incident, our response has identified the use of multiple additional initial infection vectors. We have found that significant numbers of both the private-sector and government victims linked to this campaign had no direct connection to SolarWinds," a CISA spokesperson told SecurityWeek.

ESET researchers have discovered that the updating mechanism of NoxPlayer, an Android emulator for Windows and macOS, made by Hong Kong-based company BigNox, was compromised by an unknown threat actor and used to infect gamers with malware. NoxPlayer is used by gamers from over 150 countries around the globe according to BigNox but, as ESET found in January 2021, the supply-chain attack was focused on infecting only Asian gamers with at least three different malware strains.

The UK Post Office has awarded two contracts worth a total of £30m for a banking network and ATMs system in a procurement expected to be worth £357m once all contracts are awarded. UK government-owned company which runs the familiar local outlets has awarded Cennox a £26m contract for banking automation managed services while Vocalink has won a £4m contract for provision of a highly resilient, compliant and secure platform providing ATMs. The Post Office said last year it planned to close almost a third of its 2,000 cash machines, which are free to use and valuable to the public where alternative facilities are scarce.