Security News > 2021

At the beginning of 2021, the threat actors behind the Cring ransomware were observed launching numerous attacks on European industrial enterprises, forcing at least one organization to shut down a production site. The initial vector of attack was later identified as CVE-2018-13379, a vulnerability in the FortiOS SSL VPN web portal that could allow unauthenticated attackers to download FortiOS system files.

A report released Thursday by password manager LastPass looks at how anxiety over passwords is having a snowball effect. Otherwise, a hacker who obtains your password for one site can easily compromise other accounts that use the same password.

A new phishing campaign targeting Office 365 users cleverly tries to bypass email security protections by combining chunks of HTML code delivered via publicly hosted JavaScript code. The subject of the phishing email says "Price revision" and it contains no body - just an attachment that, at first glance, looks like an Excel document, but is actually an HTML document that contains encoded text pointing to two URLs located yourjavascript.com, a free service for hosting JavaScript, and a separate chunk of HTML code.

A recent phishing campaign used a clever trick to deliver the fraudulent web page that collects Microsoft Office 365 credentials by building it from chunks of HTML code stored locally and remotely. The method consists of gluing together multiple pieces of HTML hidden in JavaScript files to obtain the fake login interface and prompt the potential victim to type in the sensitive information.

The North Korean-backed Lazarus hacking group used new malware with backdoor capabilities dubbed Vyveva n targeted attacks against a South African freight logistics company. Vyveva was first used in a June 2020 attack as ESET researchers discovered, but further evidence shows Lazarus has been deploying it in previous attacks going back to at least December 2018.

Tech support scammers are pretending to be from Microsoft, McAfee, and Norton to target users with fake antivirus billing renewals in a large-scale email campaign. While browsing the web, most people at one time or another have been redirected to a tech support scam web site that pretends your computer is infected and then prompts you to dial a displayed phone number.

The developers of the PHP scripting language have shared an update on the recently disclosed breach in which attackers planted malicious code. Php.net server and it was apparently designed to allow an attacker to remotely execute arbitrary PHP code.

New HP-sponsored report finds significant increase in nation-states targeting enterprises to steal high-value IP. A new report from HP released Thursday, Nation States, Cyberconflict and the Web of Profit, found that nation-state cyber attacks are "Moving us closer to a point of advanced cyber conflict." "Nation-state conflict doesn't take place in a vacuum; as evidenced by the fact enterprise is the most common victim within those attacks analyzed," Ian Pratt, global head of Security for Personal Systems at HP, said in a statement.

Two researchers earned $200,000 on the second day of the Pwn2Own 2021 hacking competition for a Zoom exploit allowing remote code execution without user interaction. Also on the second day of Pwn2Own 2021, Bruno Keith and Niklas Baumstark of Dataflow Security earned $100,000 for an exploit that works both on the Chrome and Microsoft Edge web browsers.

The exploits, which went back to early 2020 and used never-before-seen techniques, were "Watering hole" attacks that used infected websites to deliver malware to visitors. They caught the attention of cybersecurity experts thanks to their scale, sophistication, and speed.