Security News

An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East. The cyber offensive is believed to have been underway since at least July 2021, according to cloud-based information security company Zscaler, continuing previous efforts by the hacking group to conduct reconnaissance on the target hosts and plunder sensitive information.

Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion vulnerability, which occurs when a web application is tricked into exposing or running arbitrary files on the web server.

Unsealed court records show pharmaceutical giant Merck was awarded a $1.4 billion payout last month on its property insurance policy, for losses the company suffered because of the 2017 NotPetya cyberattacks. Merck's $1.75 billion property insurance policy will have to cover the damage the NotPetya attacks did to the company's 40,000 computers, totaling more than $1.4 billion, according to the court filing.

A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites. In total, threat actors compromised 40 themes and 53 plugins belonging to AccessPress, a developer of WordPress add-ons used in over 360,000 active websites.

Kaspersky researchers have uncovered the third known case of a firmware bootkit in the wild. Having first appeared in the wild in the spring of 2021, MoonBounce demonstrates a sophisticated attack flow, with evident advancement in comparison to formerly reported UEFI firmware bootkits.

The United Kingdom and Australia have signed a Cyber and Critical Technology Partnership that will, among other things, transport criminals to a harsh penal regime on the other side of the world. What we do know is that the two nations have pledged to "Increase deterrence by raising the costs for hostile state activity in cyberspace - including through strategic co-ordination of our cyber sanctions regimes." That's code for both nations adopting the same deterrents and punishments for online malfeasance so that malfeasants can't shop jurisdictions to find more lenient penalties.

Bank Indonesia, the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month. During the incident, the attackers stole "Non-critical data" belonging to Bank Indonesia employees before deploying ransomware payloads on over a dozen systems on the bank's network, as CNN Indonesia reported.

Fortune 500 integrated services firm R.R.Donnelley & Sons is the latest victim of the hacking collective known as the Conti Group. RRD didn't name the perpetrator of the attack in the filing.

Security analysts have discovered and linked MoonBounce, "The most advanced" UEFI firmware implant found in the wild so far, to the Chinese-speaking APT41 hacker group. Kaspersky couldn't retrieve that payload for analysis or figure out how exactly the actors infected the UEFI firmware in the first place.

Attackers looking to exploit recently discovered Log4j vulnerabilities are also trying to take advantage of a previously undisclosed vulnerability in the SolarWinds Serv-U software. It affects version 15.2.5 and previous versions of Serv-U, and has been patched by SolarWinds in version 15.3.