Security News

The universal decryption key for REvil's attack on Kaseya's customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key. On July 22nd, Kaseya obtained a universal decryption key for the ransomware attack from a mysterious "Trusted third party" and began distributing it to affected customers.

A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services servers to infiltrate their networks. "TG1021 uses a custom-made malware framework, built around a common core, tailor-made for IIS servers. The toolset is completely volatile, reflectively loaded into an affected machine's memory and leaves little-to-no trace on infected targets," the researchers said.

Move up in the profitable field of cybersecurity by improving your ethical hacking skills. Cybersecurity experience was recently cited as one of the top three most scarce skills in the U.S., U.K. and several European countries.

Two Belarusian nationals were arrested earlier this month in Poland on the suspicion they engaged in multiple ATM jackpotting attacks. The two are believed to have committed dozens of ATM jackpotting attacks in several European countries, stealing an estimated €230,000 in cash.

Vulnerabilities in the Zimbra enterprise webmail solution could allow an attacker to gain unrestricted access to an organization's sent and received email messages, software security firm SonarSource reveals. In June, Zimbra released patches for multiple security issues in the webmail solution, including two bugs identified by Simon Scannell, a security researcher with SonarSource.

The federal government is fighting back against what it says are China-based cyberattacks against U.S. universities and companies with indictments and a "Naming-and-shaming" approach - but researchers aren't convinced the efforts will come to much in terms of deterring future activity. The U.S. Cybersecurity and Infrastructure Agency, the Federal Bureau of Investigation and the National Security Administration released multiple advisories providing details about cybersecurity threats from the Chinese government, and announced the indictments of four Chinese nationals alleged to have been operating on behalf of the Chinese Hanian State Security Department.

Security researchers investigating a bug that crashed the Wifi service on iPhones found that it could be exploited for remote code execution without user interaction. When initially disclosed, the bug could disable an iPhone's WiFi connection after trying to connect to a network with a name that included a special character.

Today, the US Department of Justice indicted four members of the Chinese state-sponsored hacking group known as APT40 for hacking various companies, universities, and government entities in the US and worldwide between 2011 and 2018. Wu Shurong, the fourth Chinese national indicted today by the DOJ, was hired through Hainan Xiandun to create malware, hack into foreign governments' computer systems, companies, and universities to steal trade secrets, intellectual property, and other high-value information, as well as to supervise other Hainan Xiandun hackers.

Masquerading as UK scholars with the University of London's School of Oriental and African Studies, the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information. The threat actor, an APT who we assess with high confidence supports Islamic Revolutionary Guard Corps intelligence collection efforts, established backstopping for their credential phishing infrastructure by compromising a legitimate site of a highly regarded academic institution to deliver personalized credential harvesting pages disguised as registration links.

In part, MFA was intended to thwart a range of compromises that include phishing, spear phishing, credential stealing, and man-in-the-middle attacks. Protecting remote workers from sophisticated phishing attacks requires a toolbox that extends beyond MFA and covers several attack vectors.