Share Blog Post
- Facebook rolled out end-to-end encryption for voice and video calls on Messenger. It also updated its expiring message feature that lets users auto-delete their texts from chats.
- The World Bank launched a new Cybersecurity Multi-Donor Trust Fund under the broader Digital Development Partnership umbrella program.
- GitHub urged its users to enable 2FA after enforcing passwordless authentication.
- The CISA issued a new resource guide that provides organizations guidance for how to respond to a ransomware attack.
- The DHS is funding a program led by Cyber.org to bridge the infosec gap by teaching young children about cybersecurity. A framework of standards has been released, which details what needs to be taught to children until 12th grade.
- Hackers robbed Liquid Global of crypto-assets worth at least $90 million from warm wallets. The firm has published cryptocurrency addresses from which the criminals exfiltrated their funds.
- Abnormal Security identified and blocked some emails from a hacker who attempted to recruit insiders to infect their employers’ networks with ransomware. The threat actor allegedly has ties with the DemonWare group.
- Servers of the U.S. Census Bureau were breached in a cyberattack last year. Luckily, it didn't involve the 2020 census. Officials said the bureau failed to detect and disclose the attack on time.
- Kiber Partizany (Cyber Partisan), a secretive hacking group, claimed to have accessed heaps of confidential data, including phone calls from supporters and opponents, from a ministry network of the Belarus government.
- Continued investigation of the T-Mobile breach revealed that over 40 million records of former or prospective customers were stolen, along with the personal data of about 7.8 million current postpaid customers. The same threat actor is selling 70 million AT&T user records containing full names, email addresses, dates of birth, and social security numbers.
- New botnet HolesWarm has been abusing over 20 known vulnerabilities on Windows and Linux servers to deploy cryptomining malware since June, according to Tencent Security.
- Patient care services at Memorial Health System were disrupted owing to a ransomware attack by the Hive group. Clinical and financial operations also suffered.
- According to Check Point Research, the Indra APT group was behind crippling Iran’s transport ministry and national train system in a cyberattack last month.
- Google kicked out eight fraudulent apps from its Play Store. The fake cryptomining apps were laced with the FakeMinerPay and FakeMinerAd malware.
- A new malware campaign is distributing njRAT and AsyncRAT and targeting travel and hospitality facilities in Latin America. Techniques used in this campaign bear a resemblance to those of the Aggah group.
- Conti ransomware affiliates have resorted to an interesting tactic, which involves using the legitimate Atera remote access software is being used as a backdoor for continued persistence.
- InkySquid, a North Korean APT group, ensnared one of the top North Korea-focused news sites, the Daily NK, to launch a watering hole attack and infect visitors with malware.
- The CISA and FDA warned against BadAlloc security flaws in BlackBerry’s QNX RTOS used by critical infrastructure organizations, including healthcare, aerospace and defense, and industrial networks.
- The new version of the Neurevt trojan comes with spyware and backdoor features. The version of the trojan targets Mexican financial institutions.
- Experts at The DFIR Report revealed that Trickbot is deploying a fake 1Password installer to sniff around compromised systems and launching Cobalt Strike to collect data.
- The Mozi botnet came up with a new version that can manipulate victims’ web traffic. It is capable of HTTP session hijacking and DNS spoofing.
- Cybercriminals are increasingly deploying CAPTCHA-protected malicious URLs to bypass security walls while adding counterfeit login for lottery and survey pages, according to researchers at Palo Alto Networks.
- New research explains how firewalls and other network middleboxes can be exploited by cybercriminals to launch massive TCP-based DDoS reflection amplification attacks.
Posted on: August 20, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...