Firstly as we get started, can I just say that camDown is a highly advanced, specialized webcam blocker and disabler with the best in class protection from variety of on-line threats!
Wow, what a week. From new incentives to become a cyber defender to new targets for threat actors, this week had it all. We start with the $10 million dollar information bounty currently offered by the US Government and we end with the startling news of the Trickbot comeback. See? This week was wild–keep reading for the News In Review.
The U.S. government will begin offering up to $10 million for information to identify or locate threat actors working on behalf of foreign governments that are trying to cripple the internet operations of American businesses and infrastructure. The new reward was announced as the U.S. faces a growing threat from ransomware attacks. Apparently, ransomware attacks went up by 300% in the last year alone. These attacks on US enterprises are usually from Russia, according to US officials. For more information about the new incentive, click here.
The REvil ransomware gang, implicated in the high-profile attacks on JBS and Kaseya, seems to have disappeared. Cybersecurity researchers report that the entirety of the group’s infrastructure, from extortion pages to servers, has gone offline. The group has even closed up pages advertising its services on the dark web. Even on the dark web, no trace of the group can be found. Authorities are unsure if this vanishing act is permeant or part of a larger scheme. To learn more about the missing gang, click here.
An “imminent ransomware campaign” will be impacting SonicWall’s Secure Mobile Access 100 series and Secure Remote Access products, according to a security advisory from the vendor. SonicWall published a security advisory Wednesday for unpatched and end-of-life (EOL) 8.x firmware versions of its SMA 100 and SRA devices. According to the vendor, threat actors are “actively targeting” and exploiting a known vulnerability in an “imminent ransomware campaign” using stolen credentials. The advisory doesn’t identify the vulnerability. Impacted devices include SRA 4600/1600 (EOL 2019), SRA 4200/1200 (EOL 2016), SSL-VPN 200/2000/400 (EOL 2013/2014), and SMA 400/200, supported in “Limited Retirement Mode.” To read the full story about the potential attack, click here.
Microsoft has notified users of another vulnerability in the Windows Print Spooler, just days after addressing the PrintNightmare vulnerability in the same subsystem. The latest bug, tracked as CVE-2021-34481, is a local privilege escalation vulnerability that can be exploited to give attackers enhanced privileges. Microsoft notes that to successfully exploit the vulnerability, the attacker must have physical access to a victim’s system. This makes the vulnerability less severe than those that can be exploited remotely, such as PrintNightmare. To read more about the vulnerability and what you can do to protect yourself, click here.
Four vulnerabilities afflict the popular Sage X3 enterprise resource planning (ERP) platform, including one critical bug that rates 10 out of 10 on the CVSS vulnerability-severity scale. This is noteworthy because security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims’ business-critical processes and intercept data. Two of the bugs could be chained together to allow complete system takeovers, with potential supply-chain ramifications.
Sage X3 is targeted at mid-sized companies, particularly manufacturers and distributors, that are looking for all-in-one ERP functionality. The system manages sales, finance, inventory, purchasing, customer relationship management and manufacturing in one integrated ERP software solution. To read the full story about the latest threat to cloud security, click here.
You read that right. Then again, if you’ve been paying attention it probably doesn’t come as much of a surprise. According to a new Positive Technologies Cybersecurity Threatscape Q1 2021 report, the number of cyberattacks increased by 17% compared to Q1 2020, and compared to Q4 2020, the increase was 1.2%, with 77% being targeted attacks. To read a full summary of the report, click here.
According to Google, at least two government-backed actors, including one Russian group, used the now-patched flaws in separate campaigns to target the internet browsers. Google researchers discovered one of the two Chrome zero-days flaws (CVE-2021-21166) in February and the other (CVE-2021-30551) in June. Exploits for both these remotely executable flaws in the Chrome renderer were delivered as one-time links via email to targeted individuals, all of whom were in Armenia. Furthermore, a Russian threat actor — believed to be the same one behind the SolarWinds campaign — was observed delivering an exploit for the WebKit vulnerability (CVE-2021-1844) in a separate credential theft campaign targeting governments and non-governmental organizations in Western Europe. To read the full story of attackers and zero days, click here.
New telemetry on Internet of Things (IoT) devices demonstrates a dramatic increase in attacks on those devices during the work-from-home phase of the COVID-19 pandemic. The IoT malware, blocked by Zscaler, represented a 700% increase in activity against these devices compared with data gathered by the security firm before the pandemic. Nearly all of the IoT malware was the infamous Gafgyt and Mirai families, and more than 500 different types of IoT devices, including printers, digital signs, and smart TVs, were communicating with corporate IT networks when waves of employees were working from home amid the pandemic. To read a full summary of the report, click here.
Despite law enforcement actions intended at eliminating the Trickbot botnet, it continues to evolve. The creators recently released an upgrade for the VNC module, which is used to control infected systems remotely. Although Microsoft and their partners pulled the TrickBot infrastructure down, its operators sought to restart operations by developing new command and control (C&C) servers online. To read the full Trickbot timeline, and understand how it affects your enterprise, click the link above.
Let's not forget that camDown is your security solution to protect you and your business from peeping toms and I am sure your mother would feel the same.