Security News

A year-long international investigation has resulted in the arrest of the suspected head of the SilverTerrier cybercrime group by the Nigeria Police Force. "The suspect is alleged to have run a transnational cybercrime syndicate that launched mass phishing campaigns and business email compromise schemes targeting companies and individual victims," Interpol said in a statement.

"There continue to be signs and threats of possible imminent attacks against, in particular, national public entities, private entities providing a public utility service or private entities whose image is identified with the country of Italy," explains the public alert. The signs are posts from the Killnet group's Telegram channel that incited to 'massive and unprecedented' attacks against Italy.

A zero-day vulnerability in Microsoft Office allows adversaries to run malicious code on targeted systems via a flaw a remote Word template feature. Noted security researcher Kevin Beaumont dubbed the vulnerability "Follina", explaining the zero day code references the Italy-based area code of Follina - 0438.Beaumont said the flaw is abusing the remote template feature in Microsoft Word and is not dependent on a typical macro-based exploit path, common within Office-based attacks.

Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool simply by opening a Word document.The vulnerability, which has yet to receive a tracking number and is referred to by the infosec community as 'Follina,' is leveraged using malicious Word documents that execute PowerShell commands via the MSDT. This new Follina zero-day opens the door to a new critical attack vector leveraging Microsoft Office programs as it works without elevated privileges, bypasses Windows Defender detection, and does not need macro code to be enabled to execute binaries or scripts.

In 2021, ransomware attacks continued to be one of the most prominent threats targeting businesses and organizations worldwide. High-profile attacks disrupted operations of companies in various sectors.

New Jersey, was hit by a ransomware attack this week that hobbled its ability to conduct business, and also cut off access to essential data. The attack, which happened on Tuesday, took down email services for county government departments as well as leaving the county clerk's office "Unable to provide most services which are reliant on internet access." Somerset County residents were asked to contact government offices via Gmail addresses set up for various departments, or via phone.

This is especially critical for mitigating against rising ransomware attacks - a threat that 57% of security leaders expect to be compromised by within the next year. To help you stay ahead, Lookout Chief Strategy Officer, Aaron Cockerill met with Microsoft Chief Security Advisor, Sarah Armstrong-Smith to discuss how remote work and the cloud have made it more difficult to spot a ransomware attack, as well as how deploying behavioral-anomaly-based detection can help mitigate ransomware risk.

Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations. Attackers can launch this attack using the KrbRelayUp tool developed by security researcher Mor Davidovich as an open-source wrapper for Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn privilege escalation tools.

Akamai researchers have been monitoring the DDoS attack since May 12, when a customer an alerted the company's Security Incident Response Team of an attempted attack by a group claiming to be associated with REvil, Akamai revealed in a blog post Wednesday. "The attacks so far target a site by sending a wave of HTTP/2 GET requests with some cache-busting techniques to overwhelm the website," Akamai SIRT vulnerability researcher Larry Cashdollar wrote in the post.

Software supply chain attacks have been increasing over the past few years, spurring the Biden administration to release an executive order detailing what government agencies are supposed to do to protect themselves against them. These attacks consist of several different types of threats, but the result is always the same: attackers gaining access to run code on your infrastructure or to tamper with the code that you're using in production.