Security News > 2021

An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices. It contains /proc/[pid] subdirectories, each of which contains files and subdirectories exposing information about specific processes, readable by using the corresponding process ID. In the case of the "Syscall" file, it's a legitimate Linux operating system file that contains logs of system calls used by the kernel.

The FBI and DHS have issued a Joint Cybersecurity Advisory on the threat posed by the Russian Foreign Intelligence Service via the cyber actor known as APT 29. The new advisory, provides "Information on the SVR's cyber tools, targets, techniques, and capabilities to aid organizations in conducting their own investigations and securing their networks." Noticeably, the advisory uses the term SVR and APT 29 indistinguishably throughout, indicating that it sees no difference between the cyber actor and the Russian intelligence agency.

What do the Bass0matic, blockchain and zero-knowledge proofs have in common? Each term shows up in Jean-Philippe Aumasson's new publication: "Crypto Dictionary: 500 Cryptographic Tidbits for the Curious." Aumasson is the chief security officer and cofounder of Taurus Group, a Swiss fintech company and the author of "Serious Cryptography: A Practical Introduction to Modern Encryption." Aumasson writes in the preface that the dictionary is not meant to be a comprehensive look at cryptography's diverse areas.

Following attribution of the SolarWinds supply chain attack to Russia's APT29, the US CISA infosec agency has published a list of the spies' known tactics - including a penchant for using a naughtily named email provider. APT29* is the Western infosec world's codename for what we now know is the Russian Foreign Intelligence Service, known by its Russian acronym SVR. As well as publishing a list of things US counterintelligence know about their Russian offensive counterparts, CISA has also added some advice on how to avoid these common Russian intelligence compromise tactics.

Smishing is much like email phishing scams, but instead sends deceptive or malicious links through text messages. While these types of scams have been exploiting email accounts for decades, cybersecurity professionals should be especially worried about the dramatic rise in smishing attacks over the past couple of years.

Millions of email addresses collected by Emotet botnet for malware distribution campaigns have been shared by the Federal Bureau of Investigation as part of the agency's effort to clean infected computers. Individuals and domain owners can now learn if Emotet impacted their accounts by searching the database with email addresses stolen by the malware.

As the information infrastructure expands with new technologies and locations, zero trust allows organizations to focus on protecting the data, regardless of where it is sourced or how it is used. Now the U.S. Air Force has adopted zero trust to improve and protect its flightline.

Fraud prevention technology provider Sift is now the 11th cybersecurity company to reach "Unicorn" status in 2021, following a new $50 million round of venture capital funding. Sift, which rebranded itself in January 2019 by dropping "Science" from "Sift Science," says it plans to use the new injection of cash to continue expanding its product portfolio, as well as to hire new talent to scale product, engineering, and sales teams globally.

The Babuk gang of threat actors claims to have stolen more than 250 gigabytes of data from the Washington D.C. Metropolitan Police Department on Monday, including police reports, internal memos, and arrested people's mug shots and personal details. According to Vice., the attackers published the claim and the data on the official Babuk site.

A new malicious piece of spyware is targeting Android users in the U.K. in an attempt to snag their passwords and other private information. Affecting Android phones and devices across the U.K., FluBot is triggered after a user receives a text message asking them to install a tracking app in response to a "Missed delivery package." Clicking on the link in the text directs the victim to a scam website that launches the spyware.