Security News

Attackers can target iPhones even when they are turned off due to how Apple implements standalone wireless features Bluetooth, Near Field Communication and Ultra-wideband technologies in the device, researchers have found. These features-which have access to the iPhone's Secure Element, which stores sensitive info-stay on even when modern iPhones are powered down, a team of researchers from Germany's Technical University of Darmstadt discovered.

Hackers are massively exploiting a remote code execution vulnerability, CVE-2021-25094, in the Tatsu Builder plugin for WordPress, which is installed on about 100,000 websites. Tatsu Builder is a popular plugin that offers powerful template editing features integrated right into the web browser.

CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs - as a vector to their customers - are likely to increase. The SolarWinds attack was incredibly successful for the Russian SVR, and a blueprint for future attacks.

The Parker-Hannifin Corporation announced a data breach exposing employees' personal information after the Conti ransomware gang began publishing allegedly stolen data last month.The subsequent investigation determined that threat actors had exfiltrated specific files from the firm's computers, so Parker immediately informed the law enforcement authorities of the data breach.

A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack. While Microsoft did not share too many details about the bug, they stated that the fix affected the EFS API OpenEncryptedFileRaw(A/W) function, which indicated that this might be another unpatched vector for the PetitPotam attack.

A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack. PetitPotam is an NTLM Relay Attack tracked as CVE-2021-36942 that French security researcher GILLES Lionel discovered, aka Topotam, in July.

A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion.

Italy's Computer Security Incident Response Team has disclosed recent DDoS attacks against crucial government sites in the country over the past couple of days. DDoS is an attack that aims to deplete a server's available resources, making it unable to respond to legitimate user requests and rendering the sites it hosts inaccessible.

DDoS attacks are an underappreciated residual risk for most organizations today. While most people are concerned about ransomware, it typically takes a ransomware attacks months to develop, whereas DDoS attacks are very sudden and may result in a complete business outage.

The advanced persistent threat gang known as SideWinder has gone on an attack spree in the last two years, conducting almost 1,000 raids and deploying increasingly sophisticated attack methods. Noushin Shaba, a senior security researcher on Kaspersky's global research and analysis team, today told the Black Hat Asia conference that SideWinder mostly targets military and law enforcement agencies in Pakistan, Bangladesh and other South Asian nations.