Security News

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware - including a previously undocumented backdoor. Attributing the campaign to Winnti, Positive Technologies dated the first attack to May 12, 2020, when the APT used LNK shortcuts to extract and run the malware payload. A second attack detected on May 30 used a malicious RAR archive file consisting of shortcuts to two bait PDF documents that purported to be a curriculum vitae and an IELTS certificate.

Now, researchers with Sophos have tracked the origin of the campaign to what they claim is a small software development company based in Iran. "The name of an Iran-based software company was hardcoded into the miner's main configuration file," said researchers with Sophos in a Thursday analysis.

Ransomware attacks took a heavy toll on the United States last year with more than 2,000 victims in government, education and health care, security researchers say in a new report. The study released Monday by the security firm Emsisoft said ransomware attacks - which encrypt and disable computer systems while demanding a ransom - affected 113 federal, state and municipal governments, 560 health facilities and 1,681 schools, colleges and universities last year.

Cybersecurity researchers have unearthed a fourth new malware strain-designed to spread the malware onto other computers in victims' networks-which was deployed as part of the SolarWinds supply chain attack disclosed late last year. "The discovery of Raindrop is a significant step in our investigation of the SolarWinds attacks as it provides further insights into post-compromise activity at organizations of interest to the attackers," Symantec researchers said.

A researcher claimed last week that he managed to take control of the country code top-level domain for the Democratic Republic of Congo after an important domain name was left to expire. Fredrik Almroth, founder and researcher at web security company Detectify, decided to analyze the name server records used by all TLDs. These NS records specify the servers for a DNS zone.

The Ryuk ransomware criminal enterprise is estimated to be worth more than $150,000,000, security researchers say. Initially detailed in 2018 and believed to be operated by Russian cybercriminals, Ryuk has become one of the most prevalent malware families, being used in various high-profile attacks, such as the targeting of Pennsylvania-based UHS and Alabama hospital chain DCH Health System.

A couple of researchers claim they have earned $50,000 from Apple for finding some serious vulnerabilities that gave them access to the tech giant's servers. Harsh Jaiswal and Rahul Maini, India-based bug bounty hunters who specialize in application security, said they discovered the flaws in recent months, being inspired by a group of researchers who in October reported receiving hundreds of thousands of dollars from Apple for a total of 55 vulnerabilities, including ones that exposed source code, iCloud accounts, warehouse software, and employee and customer apps.

These posts reportedly included Parler video URLs made up of raw video files with associated embedded metadata - and precise GPS coordinates of where the videos were taken, sparking privacy concerns about the service's data collection. Amazon reportedly informed Parler it was removing it from its web hosting service on Sunday night, essentially stripping it of the infrastructure it relies on to operate.

Kaspersky's latest analysis of the Sunburst backdoor has revealed a number of shared features between the malware and Kazuar, leading the researchers to suspect that -. The groups behind Kazuar and Sunburst obtained the malware from a single source.

In July 2018, after many years of using Yubico security key products for two-factor authentication, Google announced that it was entering the market as a competitor with a product of its own, called Google Titan. Security keys of this sort are often known as FIDO keys after the Fast IDentity Online Alliance, which curates the technical specifications of a range of authentication technologies that "[p]romote the development of, use of, and compliance with standards for authentication and device attestation".