Security News

Following the ransomware attack that impacted the pipeline operated by Georgia-based Colonial Pipeline, security firms are providing detailed information on the cybercriminal gang behind the attack. The RaaS features the typical characteristics of any ransomware enterprise: after the target systems have been compromised, data is encrypted and exfiltrated for extortion purposes, and the victim is provided with means of contacting the attackers to receive details on the payment request and to negotiate the ransom.

Billions of Android devices are exposed to a vulnerability in Qualcomm's Mobile Station Modem chip. A vulnerability in Qualcomm's Mobile Station Modem chip- installed in around 30% of the world's mobile devices - can be exploited from within Android.

A trio of researchers at Palo Alto Networks has detailed vulnerabilities in the JET database engine, and demonstrated how those flaws can be exploited to ultimately execute malicious code on systems running Microsoft's SQL Server and Internet Information Services web server.In a talk today at Black Hat Asia titled Give Me a SQL Injection, I Shall PWN IIS and SQL Server, the three explained they found the JET engine - for years an underlying tech for Microsoft Access and other products, and still downloadable today - has many vulnerabilities.

Iran has been linked to yet another state-sponsored ransomware operation through a contracting company based in the country, according to new analysis. "Iran's Islamic Revolutionary Guard Corps was operating a state-sponsored ransomware campaign through an Iranian contracting company called 'Emen Net Pasargard'," cybersecurity firm Flashpoint said in its findings summarizing three documents leaked by an anonymous entity named Read My Lips or Lab Dookhtegan between March 19 and April 1 via its Telegram channel.

Anastasia Malashina, a doctoral student at HSE University, has proposed a new method to assess vulnerabilities in encryption systems, which is based on a brute-force search of possible options of symbol deciphering. To avoid hacks, it is necessary to reinforce the cipher protection from leaks and to test encryption systems for vulnerabilities.

A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind the operation to harvest and exfiltrate sensitive information from infected systems. Dubbed "RotaJakiro" by researchers from Qihoo 360 NETLAB, the backdoor targets Linux X64 machines, and is so named after the fact that "The family uses rotate encryption and behaves differently for root/non-root accounts when executing."

The cybersecurity world woke up Saturday to news of the sudden passing of Dan Kaminsky, a celebrated hacker who is widely credited with pioneering research work on DNS security. A regular speaker at Black Hat and DEFCON conferences over the years, Kaminsky was most recently co-founder and chief scientist at Human Security, an anti-fraud startup.

The paper itself has a neutrally worded title that simply states the algorithm that it introduces, namely: PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop. For those who don't have iPhones or Macs, AirDrop is a surprisingly handy but proprietary Apple protocol that lets you share files directly but wirelessly with other Apple users nearby.

The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics used to infiltrate and persist in the target infrastructure, so much so that Microsoft went on to call the threat actor behind the campaign "Skillful and methodic operators who follow operations security best practices to minimize traces, stay under the radar, and avoid detection." By analyzing telemetry data associated with previously published indicators of compromise, RiskIQ said it identified an additional set of 18 servers with high confidence that likely communicated with the targeted, secondary Cobalt Strike payloads delivered via the TEARDROP and RAINDROP malware, representing a 56% jump in the attacker's known command-and-control footprint.

In these new roles, we are struggling to find the top tier of the ever-expanding next generation of threat experts. In career advice calls and meetings with young adults over the past couple of years, I've noticed an unexpected and common pattern emerge with Ivy League fresh grads with cybersecurity degrees, people considering a career transfer with little formal infosec training, and everyone in between.