Security News > 2021

A victim's computer infected with the ToxicEye malware is controlled via a hacker-operated Telegram messaging account. This growing Telegram userbase has led to a corresponding surge by attackers pelting the Telegram platform with a slew of common malware, researchers report.

Cellebrite's forensic applications do not include the type of security protections one would expect from a parsing software, which renders them susceptible to attacks, according to privacy-focused messaging service Signal. Cellebrite claims to have thousands of customers in over 140 countries.

A VPN is a digital tool that improves your security and privacy online. An IP can reveal your location and your ISP. However, a VPN changes that.

Excellent New Yorker article on North Korea’s offensive cyber capabilities.

Industrial automation giant Rockwell Automation has started releasing firmware updates for some of its Stratix switches to address another round of vulnerabilities introduced by the use of Cisco's IOS XE software. Rockwell Automation regularly releases firmware updates for its Stratix devices to address vulnerabilities introduced by the use of Cisco software.

The recent Microsoft Exchange Server vulnerabilities might have initially been exploited by a government-backed APT group, but cybercriminals soon followed suit, using them to deliver ransomware and grow their botnet. One perpetrator of the latter activities is Prometei, a cross-platform, modular Monero-mining botnet that seems to have flown under the radar for years.

Turns out, all it takes for attackers to alter the "External sender" warning, or remove it altogether from emails is just a few lines of HTML and CSS code. Email security products such as enterprise email gateways are often configured to display the "External sender" warning to a recipient when an email arrives from outside of the organization.

The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure, so much so that Microsoft went on to call the threat actor behind the campaign "Skillful and methodic operators who follow operations security best practices to minimize traces, stay under the radar, and avoid detection." By analyzing telemetry data associated with previously published indicators of compromise, RiskIQ said it identified an additional set of 18 servers with high confidence that likely communicated with the targeted, secondary Cobalt Strike payloads delivered via the TEARDROP and RAINDROP malware, representing a 56% jump in the attacker's known command-and-control footprint.

A bug-hunting team at Technische Universität Darmstadt in Germany reverse engineered AirDrop - iOS and macOS's ad-hoc over-the-air file-sharing service - and found that senders and receivers may leak their contact details in the process. Despite the team alerting Apple to the oversight in May 2019, and suggesting ways to address it last October, the iGiant hasn't issued a fix.

Cloud Sniper is an open-source platform for managing cloud security operations that aims to make it easy for cloud teams to deal with security incidents. "One of our main goals is end-to-end automation of security incident lifecycles. Cloud Sniper performs automatic actions from deployment via Terraform to findings management," Nicolás Rivero Corvalán, one of the tool's creators, told Help Net Security.