Cyber security news September 2021

This posting is here to collect cyber security news in September 2021.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

414 Comments

  1. Tomi Engdahl says:

    Cyberespionage Implant Delivered via Targeted Government DNS Hijacking
    https://www.securityweek.com/cyberespionage-implant-delivered-targeted-government-dns-hijacking

    Threat hunters at Kaspersky have intercepted a new cyberespionage implant being delivered via targeted DNS hijacking of government zones in Eastern Europe and published a new report Wednesday with clues linking the malware to the SolarWinds attackers.

    The Russian security vendor said the newly discovered malware — called Tomiris — contains technical artifacts that suggest the possibility of common authorship or shared development practices with the group that executed the SolarWinds supply chain compromise.

    The company documented the findings in a research paper that provides evidence of an advanced DNS hijacking technique used to surgically replace webmail login pages on the fly to hijack government usernames and passwords.

    The DNS hijacking was observed on several government zones of an unidentified CIS member state — guesses are Kyrgyzstan or Kazakhstan — and allowed the threat actor to redirect traffic from government mail servers to attacker-controlled machines during specific time periods.

    https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/

    Reply
  2. Tomi Engdahl says:

    Anonymous Hacks Far Right Websites Revealing Millions Of Personal Details
    https://www.iflscience.com/technology/anonymous-hacks-far-right-websites-revealing-millions-of-personal-details/

    Web hosting company Epik has been targeted by hacking collective Anonymous in two major attacks. Operation EPIK FAIL and EPIK FAIL the b sides. The company host far-right social media website such as Gab, Parler, TheDonald and the hack has exposed names, physical addresses, passwords, credit card numbers, emails, and more of 15 million people.

    The first leak happened on September 13 and the second was reported last night, and both have been covered in detail by independent journalist Steven Monacelli and Mikael Thalen for the Daily Dot. The data was apparently stored without encryption and these hacks allowed everyone to have access to the personal information of the entire US Far Right and beyond. These include Qanon groups, Proud Boys, and outspoken transphobes, as well as those with links to the January 6 attempted coup in the US.

    The hack was performed by a team known as “Hackers on Estradiol.”

    New leak of Epik data exposes company’s entire server
    Anonymous is calling the second leak ‘the /b/ sides.’
    https://www.dailydot.com/debug/anonymous-new-epik-leak/

    Reply
  3. Tomi Engdahl says:

    Baby Dies After Hospital Hit by Ransomware Attack: Suit
    ‘PREVENTABLE’
    https://www.thedailybeast.com/terianni-kidds-baby-died-after-alabama-hospital-hit-by-ransomware-hackers-lawsuit-says

    An Alabama woman has filed a lawsuit against a medical center where she says staff caused her baby’s death by making mistakes amid a ransomware attack. If Teiranni Kidd, the plaintiff, wins in court, it will be the first confirmed case of a death due to a ransomware hack. Her filing states that by the time she came to Springhill Medical Center in July 2019, the hospital had been under attack for eight days, though she did not know it at the time. The devices that monitor fetal heartbeats had been affected, which would have otherwise warned staff that Kidd’s daughter was going to be born with the umbilical cord wrapped around her neck. The baby girl died nine months later.

    The hospital denies wrongdoing. A Springhill executive emailed The Wall Street Journal, defending the hospital’s choice to stay open “because the patients needed us and we… concluded it was safe to do so.”

    Reply
  4. Tomi Engdahl says:

    These systems are facing billions of attacks every month as hackers try to guess passwords
    https://www.zdnet.com/article/these-systems-are-facing-billions-of-attacks-every-month-as-hackers-try-to-guess-passwords/

    Cyber criminals are becoming more aggressive in their attempts to break into RDP services with efforts to exploit weak passwords used in enterprise networks, warn researchers.

    Reply
  5. Tomi Engdahl says:

    Rikolliset urkkivat suomalaisten pankkitunnuksia ota talteen vinkit turvalliseen asiointiin https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/rikolliset-urkkivat-suomalaisten-pankkitunnuksia
    Kela, Keskusrikospoliisi ja Kyberturvallisuuskeskus kehottavat huolellisuuteen verkkopalveluihin kirjautumisessa. Rikolliset kalastelevat pankkitunnuksia suomalaisten pankkien ja Omakanta-palvelun nimissä. Asioithan verkossa turvallisesti ja tunnista huijaukset. Kerro huijauksista myös läheisillesi.

    Reply
  6. Tomi Engdahl says:

    GhostEmperor: From ProxyLogon to kernel mode https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/
    While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode rootkit that we dubbed Demodex, and a sophisticated multi-stage malware framework aimed at providing remote control over the attacked servers. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the underlying cluster GhostEmperor. Our investigation into this activity leads us to believe that the underlying actor is highly skilled and accomplished in their craft, both of which are evident through the use of a broad set of unusual and sophisticated anti-forensic and anti-analysis techniques.
    also:
    https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/30094337/GhostEmperor_technical-details_PDF_eng.pdf

    Reply
  7. Tomi Engdahl says:

    Ransomware attack disrupts hundreds of bookstores across France, Belgium, and the Netherlands https://therecord.media/ransomware-attack-disrupts-hundreds-of-bookstores-across-france-belgium-and-the-netherlands/
    Hundreds of bookstores across France, Belgium, and the Netherlands have had their operations disrupted this week after a ransomware attack crippled the IT systems of TiteLive, a French company that operates a SaaS platform for book sales and inventory management.

    Reply
  8. Tomi Engdahl says:

    JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data https://www.bleepingcomputer.com/news/security/jvckenwood-hit-by-conti-ransomware-claiming-theft-of-15tb-data/
    JVCKenwood has suffered a Conti ransomware attack where the threat actors claim to have stolen 1.7 TB of data and are demanding a $7 million ransom.

    Reply
  9. Tomi Engdahl says:

    German IT security watchdog examines Xiaomi mobile phone https://www.reuters.com/article/germany-security-china-idUSKBN2GP1BQ
    Germany’s federal cybersecurity watchdog, the BSI, is conducting a technical examination of a mobile phone manufactured by China’s Xiaomi Corp, a spokesperson for the interior ministry told Reuters on Wednesday.

    Reply
  10. Tomi Engdahl says:

    Turkish national charged for DDoS attacks with the WireX botnet https://therecord.media/turkish-national-charged-for-ddos-attacks-with-the-wirex-botnet/
    US authorities have indicted today a Turkish national for using a now-defunct malware botnet to launch distributed denial-of-service
    (DDoS) attacks against a Chicago-based multinational hospitality company.

    Reply
  11. Tomi Engdahl says:

    Uusi huijaus kiusaa nettikirppisten käyttäjiä “Kortti niistetään niin tyhjäksi kuin pystytään”, varoittaa asiantuntija
    https://yle.fi/uutiset/3-12119203
    Verkon vertaiskauppasivustoilla leviää uusi huijaus, jonka tarkoituksena on kalastella käyttäjien luottokorttitietoja.

    Huijari on kalastellut henkilökohtaisia tietoja Kelan nimissä https://www.is.fi/digitoday/art-2000008301415.html
    Kelan nimissä on kalasteltu puhelimitse muun muassa pankkitietoja.

    Reply
  12. Tomi Engdahl says:

    Researchers Trick Locked iPhones Into Making $1300 Purchases https://www.forbes.com/sites/leemathews/2021/09/30/researchers-trick-locked-iphones-into-making-1300-purchases/
    A team of academics figured out a way to trick the combination of Apple Pay and Visa cards into silently authorizing massive payments.
    Even though the iPhones the researchers tested were locked during the transactions they were able to pilfer £1, 000 (about $1340). also:
    https://practical_emv.gitlab.io/

    Reply
  13. Tomi Engdahl says:

    New Android trojan malware has infected more than 10 million Android devices
    GriftHorse campaign operators made tens of millions of dollars from their victims
    https://www.techspot.com/news/91491-new-android-trojan-malware-has-infected-more-than.html

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*