Cyber security news May 2021

This posting is here to collect cyber security news in May 2021.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

318 Comments

  1. Tomi Engdahl says:

    APT29: SVR cyberspies used iOS zero-day in recent phishing campaign https://therecord.media/svr-cyberspies-used-ios-zero-day-in-recent-phishing-campaign/
    APT29 took control over the Constant Contact account and used it to send around 3, 000 booby-trapped emails to more than 150 organizations across 24 countries. In the vast majority of emails, the hackers sent links to victims that redirected them to websites that used JavaScript code to drop a malicious ISO image file on their computers. What was notable of the recent attacks was that in particular cases, the hackers filtered incoming users and directed iOS users to a special page where they deployed a Safari iOS zero-day bug to infect victims’
    devices.

    Reply
  2. Tomi Engdahl says:

    Chinese cyberspies are targeting US, EU orgs with new malware https://www.bleepingcomputer.com/news/security/chinese-cyberspies-are-targeting-us-eu-orgs-with-new-malware/
    Chinese threat groups continue to deploy new malware strains on the compromised network of dozens of US and EU organizations after exploiting vulnerable Pulse Secure VPN appliances. “We now assess that espionage activity by UNC2630 and UNC2717 supports key Chinese government priorities, ” FireEye said in a follow-up report published on Thursday.

    Reply
  3. Tomi Engdahl says:

    Mexico walls off national lottery sites after ransomware DDoS threat https://www.bleepingcomputer.com/news/security/mexico-walls-off-national-lottery-sites-after-ransomware-ddos-threat/
    Access to Mexico’s Lotería Nacional and Pronósticos lottery websites are now blocked to IP addresses outside of Mexico after a ransomware gang threatened to perform denial of service attacks. Avaddon ransomware operation stated that they successfully conducted an attack on ‘Pronosticos Deportivo, ‘ where they claim to have stolen data and then encrypted the devices. The ransomware gang also threatened to release more documents and to DDoS the victim’s website if negotiations did not begin within 240 hours.

    Reply
  4. Tomi Engdahl says:

    M1racles – Covert channel in Apple’s M1 is mostly harmless, but it sure is interesting https://arstechnica.com/gadgets/2021/05/apples-m1-chip-has-a-security-bug-but-dont-worry-its-mostly-harmless/
    Technically, it’s a vulnerability, but there’s not much an attacker can do with it. The channel can bridge processes running as different users and under different privilege levels. These characteristics allow for the apps to exchange data in a way that can’t be detectedor at least without specialized equipment.

    Reply
  5. Tomi Engdahl says:

    New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers https://www.bleepingcomputer.com/news/security/new-epsilon-red-ransomware-hunts-unpatched-microsoft-exchange-servers/
    A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. Epsilon Red ransomware attacks rely on more than a dozen scripts before reaching the encryption stage and also use a commercial remote desktop utility.

    Reply
  6. Tomi Engdahl says:

    Google Suddenly Flips The Password Privacy Switch For Billions Of Users https://www.forbes.com/sites/daveywinder/2021/05/30/google-suddenly-flips-the-password-privacy-switch-for-billions-of-users/
    Google has suddenly started rolling out two-factor authentication
    (2FA) automatic enrollment to users. Google keeps track of your activity across all services such as search, YouTube and the Google assistant. Seeing as just about everyone is logged in all the time, that presents a massive security and privacy problem. Do you really want a partner, friend, work colleague or worse to be able to see what you search for, where you visit online, and the videos you watch?

    Reply
  7. Tomi Engdahl says:

    Hands on with WSLg: Running Linux GUI apps in Windows 10 https://www.bleepingcomputer.com/news/microsoft/hands-on-with-wslg-running-linux-gui-apps-in-windows-10/
    Windows 10 preview builds can now run Linux apps directly on the Windows 10 desktop using the new Windows Subsystem for Linux GUI.

    Reply
  8. Tomi Engdahl says:

    Redact – Automatically clean up your old posts from services like Twitter, Reddit, Facebook, Discord and more (it’s a downloadable app for Windows and macOS) https://redact.dev

    Reply
  9. Tomi Engdahl says:

    https://thehackernews.com/2021/05/your-amazon-devices-to-automatically.html?m=1

    Starting June 8, Amazon will automatically enable a feature on its family of hardware devices, including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring Spotlight Cams, that will share a small part of your Internet bandwidth with nearby neighbors — unless you choose to opt-out.

    To that effect, the company intends to register all compatible devices that are operational in the U.S. into an ambitious location-tracking system called Sidewalk as it prepares to roll out the shared mesh network in the country.

    Reply
  10. Tomi Engdahl says:

    NSA spied on European politicians through Danish telecommunications hub https://therecord.media/nsa-spied-on-european-politicians-through-danish-telecommunications-hub/
    Denmark’s foreign secret service allowed the US National Security Agency to tap into a crucial internet and telecommunications hub in Denmark and spy on the communications of European politicians, a joint investigation by some of Europe’s biggest news agencies revealed on Sunday. The covert spying operation, called Operation Dunhammer, took place between 2012 and 2014, based on a secret partnership signed by the two agencies.

    Reply
  11. Tomi Engdahl says:

    Swedish Health Agency shuts down SmiNet after hacking attempts https://www.bleepingcomputer.com/news/security/swedish-health-agency-shuts-down-sminet-after-hacking-attempts/
    The Swedish Public Health Agency (Folkhälsomyndigheten) has shut down SmiNet, the country’s infectious diseases database, on Thursday after it was targeted in several hacking attempts. SmiNet, which is also used to store electronic reports with statistics on COVID-19 infections, was shut down on Thursday to investigate the attacks and was brought back online on Friday evening. While no evidence of unauthorized parties accessing sensitive information was found so far, the investigation will take at least a few more days until the reporting process will be restarted.

    Reply
  12. Tomi Engdahl says:

    US Army tells remote workers to switch off their IoT devices (and then withdraws advice) https://www.bitdefender.com/box/blog/iot-news/us-army-tells-remote-workers-switch-off-iot-devices-withdraws-advice/
    The US Army appears to have made a strategic withdrawal from advice it issued to remote workers last week about their use of smart IoT devices. The message from the Army’s Chief Information Officer Dr Raj Iyer on how to protect and safeguard Department of Defense data by making more efforts to mitigate data leaks was clear: Remove all IoT devices, with listening functions, from the work area. Furthermore, the initial announcement of the policy’s existence has also been removed although a copy remains in a Google cache.

    Reply
  13. Tomi Engdahl says:

    Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors https://thehackernews.com/2021/05/your-amazon-devices-to-automatically.html
    Starting June 8, Amazon will automatically enable a feature on its family of hardware devices, including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring Spotlight Cams, that will share a small part of your Internet bandwidth with nearby neighbors unless you choose to opt-out.

    Reply
  14. Tomi Engdahl says:

    A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely https://thehackernews.com/2021/05/a-new-bug-in-siemens-plcs-could-let.html
    Siemens on Friday shipped firmware updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code execution, in what the researchers describe as an attacker’s “holy grail.”

    Reply
  15. Tomi Engdahl says:

    Cybercriminals Target Companies With New ‘Epsilon Red’ Ransomware
    https://www.securityweek.com/cybercriminals-target-companies-new-epsilon-red-ransomware

    A new piece of ransomware named Epsilon Red has been used to target at least one organization in the United States, and its operators have apparently already made a significant profit.

    Cybersecurity firm Sophos reported last week that Epsilon Red operators have been spotted targeting a US-based company in the hospitality sector. The cryptocurrency address provided by the cybercriminals shows a bitcoin transaction for an amount worth roughly $210,000, which seems to indicate that at least one victim has agreed to pay the ransom demanded by the cybercriminals.

    Sophos researchers noticed that the ransom note dropped by Epsilon Red is similar to the one displayed by the REvil ransomware, but Epsilon Red’s ransom note is better written — it does not contain some of the grammar errors in the REvil note.

    Reply
  16. Tomi Engdahl says:

    Interpol Says 585 People Arrested in APAC Operation Against Cyber-Enabled Crime
    https://www.securityweek.com/interpol-says-585-people-arrested-apac-operation-against-cyber-enabled-crime

    Interpol revealed last week that specialized law enforcement officers in the Asia-Pacific (APAC) region intercepted more than $83 million in fraudulent money transfers as part of a six-month coordinated effort aimed at cyber-enabled financial crime.

    Codenamed HAECHI-I, the operation mainly targeted five types of online financial crime: investment fraud, money laundering (from illegal online gaming), online sextortion, romance scams, and voice phishing (vishing).

    The operation resulted in over 1,600 bank accounts worldwide being frozen as part of roughly 1,400 investigations opened between September 2020 and March 2021, with a total of 892 cases being solved.

    As part of the effort, authorities arrested a total of 585 individuals, Interpol says.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*