Security Research
Indicators of Compromise Associated with IcedID
FBI reporting has indicated a recent increase in IcedID malware acting as a “dropper,” infecting victims with additional malware. Examples of ransomware variants dropped by IcedID include Defray777,...
APT ACTORS EXPLOITING NEWLY IDENTIFIED CVE-2021-40539 IN MANAGEENGINE ADSELFSERVICE PLUS
This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure...
SIM Swapping Attacks to Steal Cryptocurrency to Become Prominent
Unidentified actors are conducting subscriber identity module (SIM) attacks and stealing cryptocurrency from victims, resulting in financial loss to cryptocurrency investors. Reporting indicates,...
Stabbing Attack Injures Multiple Victims on Passenger Train
A yet to be identified male attacker, armed with a knife, stabbed at least 10 passengers on board a commuter train in the Japanese capital, Tokyo, on Friday night, August 6. The attack occurred on...
Beware of Grandparent Fraud Scheme Using Couriers
Criminal actors target elderly U.S. citizens in a grandparent fraud scheme in which they arrange for couriers to pick up bail money in person at the victim’s residence. Criminals telephonically...
Xylazine Abuse Presents Potential for Weaponization
Xylazine abuse and overdoses have occurred since at least the 1980s, however, within the last decade, several U.S. states and territories have reported spikes in xylazine misuse, including Texas,...
Montana Rail Link Employee Reports Signals Tampering Incident
Illegal tampering with rail signals is an ongoing safety and security concern, especially at rail crossings. One diligent Montana Rail Link employee’s reporting of a security incident likely saved...
CVE-2021-1675 and CVE-2021-34527 – PrintNightmare
Fortify 24x7 is tracking various public weaponized exploits for a remote code execution vulnerability affecting the Windows Print Spooler service (spoolsv.exe): CVE-2021-1675 and an out of band...
CVE-2021-36934 – HiveNightmare
Summary The default configuration in Microsoft Windows 10 v1809 and newer includes an elevation of privilege vulnerability, because of overly permissive Access Control Lists (ACLs) in the Security...