Security News > 2021

Investigators say the action could help quarantine more than a million Microsoft Windows systems currently compromised with malware tied to Emotet infections. Emotet relies on several hierarchical tiers of control servers that communicate with infected systems.

A Cypriot national has admitted in a United States court to hacking websites based in the U.S., stealing user data, and demanding ransom payments from the site owners to keep the data private. The man, Joshua Polloso Epifaniou, 21, of Nicosia, Cyprus, the first Cypriot national to be extradited to the U.S., perpetrated the scheme between at least October 2014 and November 2016, the U.S. Department of Justice says.

Hundreds of industrial organizations have apparently received a piece of malware named Sunburst as part of the supply chain attack that hit IT management and monitoring firm SolarWinds last year, Kaspersky's ICS CERT unit reported on Tuesday. An analysis of command and control mechanisms used by the Sunburst malware, specifically DNS responses, has allowed researchers to determine which organizations may have received Sunburst and which might have been breached further by the SolarWinds hackers.

Active accounts for people who have left your organization are ripe for exploitation, according to Sophos. A report released Tuesday by security provider Sophos explains how one of its customers was hit by ransomware due to a ghost account.

The infrastructure of today's most dangerous botnet built by cybercriminals using the Emotet malware was taken down following an international coordinated action coordinated by Europol and Eurojust. The Emotet malware was first spotted as a banking Trojan in 2014 and it has evolved into a botnet used by the TA542 threat group to deploy second-stage malware payloads.

Law enforcement and judicial authorities worldwide have effected a global takedown of the Emotet botnet, Europol announced today. "The Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale. Once this unauthorised access was established, these were sold to other top-level criminal groups to deploy further illicit activities such data theft and extortion through ransomware. Investigators have now taken control of its infrastructure in an international coordinated action," they explained.

Apple continues to put out potential security fires by patching zero-day vulnerabilities, releasing an emergency update this week to patch three more recently discovered in iOS after a major software update in November already fixed three that were being actively exploited. The newly patched bugs are part of a security update released Tuesday for iOS 14.4 and iPadOS 14.4.

Apple has release a new batch of security updates and has fixed three iOS zero-days that "May have been actively exploited" by attackers. Two of the zero-day vulnerabilities are logic issues affecting the WebKit browser engine, which may allow a remote attacker to achieve code execution on devices running a vulnerable version of iOS or iPadOS. The third zero-day affects the operating systems' kernel.

This month a researcher has disclosed how he broke into the official GitHub repository of Microsoft Visual Studio Code. While riding a train, researcher RyotaK discovered a vulnerability in the VS Code's Continuous Integration script that let him break into Microsoft VS Code's official GitHub repository and commit files.

A vulnerability in sudo, a powerful and near-ubiquitous open-source utility used on major Linux and Unix-like operating systems, could allow any unprivileged local user to gain root privileges on a vulnerable host. "This vulnerability is perhaps the most significant sudo vulnerability in recent memory and has been hiding in plain sight for nearly 10 years," said Mehul Revankar, Vice President Product Management and Engineering, Qualys, VMDR, and noted that there are likely to be millions of assets susceptible to it.