Title:ย Fake DarkSide Campaign Targets Energy and Food Sectors
Date Published:ย June 18, 2021
Excerpt:ย โSeveral companies in the energy and food industry have recently received threatening emails supposedly from DarkSide. In this email, the threat actor claims that they have successfully hacked the targetโs network and gained access to sensitive information, which will be disclosed publicly if a ransom of 100 bitcoins (BTC) is not paid. However, the content used on the emails has led us to believe that they did not come from the said threat group, but from an opportunistic low-level attacker trying to profit off the current situation around DarkSide ransomware activities.โ
Title:ย State-sponsored or Financially Motivated: Is There Any Difference Anymore?
Date Published:ย June 21, 2021
Excerpt:ย โFor threat researchers and CISOs caught in the middle this may not be of much comfort. But there is a silver lining. Many C-level execs can be guilty of adopting a fatalistic attitude towards state attacks: feeling that their opponents are so well-resourced and sophisticated thereโs no point in even trying to defend against them. Well, the truth is that attackers arenโt necessarily superhumans backed by the apparatus and wealth of an entire nation. They may well be using commodity malware or even hired threat actors.โ
Title:ย Amazon Prime Day – Beware of Phishing Deluge, Experts Warn
Date Published:ย June 21, 2021
https://www.infosecurity-magazine.com/news/amazon-prime-day-phishing-deluge/
Excerpt:ย “Tessian urged shoppers not to click on Prime Day links in unsolicited emails and double-check sendersโ email addresses rather than their display names. โScammers take advantage of the fact that, on mobile, emails only show a display name which makes it easier for a bad actor to impersonate Amazon and send a message from an unknown email address,โ it said.โ
Title:ย Over 30,000 Fertility Clinic Patients Hit by Ransomware Data Breach
Date Published:ย June 21, 2021
https://www.infosecurity-magazine.com/news/30000-fertility-clinic-patients/
Excerpt:ย โIn a new breach notification, RBA claimed to have first become aware of a cyber-incident on April 16 this year, when it discovered that a file server containing embryology data had been encrypted. “We quickly determined that this was the result of a ransomware attack and shut down the affected server, thus terminating the actorโs access, within the same business day. Based on our investigation, we believe the actor first gained access to our system on April 7, 2021 and subsequently to a serve containing protected health information on April 10, 2021,โ it continued.
Title:ย Nuclear Research Institute Breached by Suspected North Korean Hackers
Date Published:ย June 21, 2021
https://www.infosecurity-magazine.com/news/nuclear-research-institute/
Excerpt:ย โA South Korean nuclear power research organization has admitted itโs currently investigating a security breach after reports suggested its neighbor to the north may be responsible. Lawmaker Ha Tae-keung, who sits on the parliamentary intelligence committee, cited third-party research attributing the May 14 attack to Pyeongyang-backed APT group Kimsuky. One of 13 IP addresses used to attack the Korea Atomic Energy Research Institute (KAERI) was traced back to the group, which has been in operation since around 2012, according to Reuters.โ
Title:ย DroidMorph Shows Popular Android Antivirus Fail to Detect Cloned Malicious Apps
Date Published:ย June 21, 2021
https://thehackernews.com/2021/06/droidmorph-shows-popular-android.html
Excerpt:ย โIn a test conducted using 1,771 morphed APK variants generated through DroidMorph, the researchers found that 8 out of 17 leading commercial anti-malware programs failed to detect any of the cloned applications, with an average detection rate of 51.4% for class morphing, 58.8% for method morphing, and 54.1% for body morphing observed across all programs.โ
Title:ย New Windows 11 Registry Hacks to Customize Your Device
Date Published:ย June 20, 2021
Excerpt: โBelow we have gathered the new Windows 11 Registry keys that allow you to customize the behavior and appearance of the operating system’s new features. It should be noted that other new Registry entries do not perform any observable behavior. This is likely due to the leaked Windows 11 build being an early preview without the latest Windows Feature Experience Pack, enhancing the operating system’s functionality. We will update this list as new Registry hacks are discovered.”
Title:ย Norway Blames China-Linked APT31 for 2018 Government Hack
Date Published:ย June 20, 2021
https://securityaffairs.co/wordpress/119161/apt/norway-blames-china-apt31.html
Excerpt:ย “APT31 (aka Zirconium) is a China-linked APT group that was involved in multiple cyber espionage operations, it made the headlines recently after CheckPoint Research team discovered that the group used a tool dubbed Jian, which is a clone of NSA Equation Group โs โEpMeโ hacking tool, years before it was leaked online by Shadow Brokers hackers. APT31 is also believed to be behind an attack on the Parliament of Finland that took place in 2020, according to the government experts, the hackers breached some parliament email accounts in December 2020.โ
Title:ย Law Enforcement’s Cybercrime Honeypot Maneuvers Paying Off
Date Published:ย June 18, 2021
Excerpt:ย “The operation, also led by Australia, the Netherlands, New Zealand and Sweden, and backed by the EU’s law enforcement agency, Europol, and the U.S. The Drug Enforcement Agency, also delivered another important type of disruption: sowing long-term mistrust and doubt. Anom was the latest in a long line of services supposedly built by criminals, for criminals, that were in turn used by authorities against criminals. For whatever reason, criminals appear to mistrust mainstream encrypted communications services, perhaps fearing that they have been backdoored or otherwise co opted by law enforcement or intelligence agencies.โ
Title:ย Attackers Take Advantage of New Google Docs Exploit
Date Published:ย June 17, 2021
https://www.avanan.com/blog/attackers-take-advantage-of-new-google-doc-exploit
Excerpt:ย โThis Google Docs page may look familiar to those who share Google Docs outside of their organization. This, however, isnโt that page. Itโs a custom HTML page made to look like that familiar Google Docs share page.ย The attacker wants the victim to โClick here to download the documentโ and once the victim clicks on that link, they will be redirected to the actual malicious phishing website where their credentials will be stolen through another web page made to look like the Google Login portal. As you can see, that is not Googleโs website.โ