Security News

Supply chain attacks, ransomware, data extortion and nation-state threats prove to be more prolific than ever, a CrowdStrike report suggests. Among a popular vector for cybercriminals is the supply chain as it allows malicious actors to propagate multiple downstream targets from a single intrusion.

A zero-day exploit said to have been developed by the NSA was cloned and used by Chinese government hackers on Windows systems years before the cyber-weapon was leaked online, it is claimed. Check Point put out a report on Monday digging into Chinese malware it calls Jian, and argues persuasively this particular software nasty was spawned sometime around 2014 from NSA exploit code that eventually leaked online in 2017.

Cybersecurity researchers on Monday tied a string of attacks targeting Accellion File Transfer Appliance servers over the past two months to data theft and extortion campaign orchestrated by a cybercrime group called UNC2546. The attacks, which began in mid-December 2020, involved exploiting multiple zero-day vulnerabilities in the legacy FTA software to install a new web shell named DEWMODE on victim networks and exfiltrating sensitive data, which was then published on a data leak website operated by the CLOP ransomware gang.

Chinese state hackers cloned and started using an NSA zero-day exploit almost three years before the Shadow Brokers hacker group publicly leaked it in April 2017. "To our surprise, we found out that this APT31 exploit is in fact a reconstructed version of an Equation Group exploit called 'EpMe'," Check Point said.

A Chinese threat actor known as APT31 likely acquired and cloned one of the Equation Group's exploits three years before the targeted vulnerability was publicly exposed as part of Shadow Brokers' "Lost in Translation" leak, cybersecurity firm Check Point says in a new report. Attributed to APT31, a Chinese hacking group also tracked as Zirconium, the exploit for this vulnerability is the clone of an Equation Group exploit code-named "EpMe," Check Point says.

New details have emerged about an unpatched security vulnerability in Microsoft's Internet Explorer that was recently used in a complex campaign against security researchers. In early February, cybersecurity researchers at South Korean consultancy ENKI identified a zero-day exploit that it said was used in the researcher attack.

Russia-linked state-sponsored threat actor known as Sandworm has been linked to a three-year-long stealthy operation to hack targets by exploiting an IT monitoring tool called Centreon. The intrusion campaign - which breached "Several French entities" - is said to have started in late 2017 and lasted until 2020, with the attacks particularly impacting web-hosting providers, said the French information security agency ANSSI in an advisory.

Adobe is warning of a critical vulnerability that has been exploited in the wild to target Adobe Reader users on Windows. "Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS," said Adobe on Tuesday.

Google announced a critical bug in Chrome last week - a bug that affected Edge as well. The company kept details of the bug secret, presumably to avoid having thousands of crooks simultaneously figuring out, "Ah, so that's where to look!".

A SonicWall SMA 100 zero-day vulnerability is being actively exploited in the wild, according to a tweet by cybersecurity firm NCC Group. While SonicWall investigates the vulnerability and has not provided many details, they state that it likely affects their SMA 100 series line of remote access appliances.