My Weekly Roundup #135
Cyberattack on News Corp, Believed Linked to China, Targeted Emails of Journalists, Others
The attack, discovered on Jan. 20, affected units including The Wall Street Journal, the New York Post and the U.K.
Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra
In December 2021, through its Network Security Monitoring service, Volexity identified a series of targeted spear-phishing campaigns against one of its customers from a threat actor it tracks as TEMP_Heretic.
Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine
Since November, geopolitical tensions between Russia and Ukraine have escalated dramatically. It is estimated that Russia has now amassed over 100,000 troops on Ukraine’s eastern border, leading some to speculate that an invasion may come next. On Jan.
Antlion: Chinese APT Uses Custom Backdoor to Target Financial Institutions in Taiwan
Chinese state-backed advanced persistent threat (APT) group Antlion has been targeting financial institutions in Taiwan in a persistent campaign over the course of at least 18 months.
Cyber Signals: Defending against cyber threats with the latest research, insights, and trends
We’re excited to introduce Cyber Signals, a cyber threat intelligence brief informed by the latest Microsoft threat data and research.
North Korea Hacked Him. So He Took Down Its Internet
For the past two weeks, observers of North Korea’s strange and tightly restricted corner of the internet began to notice that the country seemed to be dealing with some serious connectivity problems.
GitHub outage impacts Actions, Codespaces, Issues, Pull Requests
GitHub is currently down, affected by a worldwide outage preventing access to the website, issuing commits, cloning projects, or performing pull requests. The outage started at approximately 2:15 PM EST, with the website responding with HTTP 500 error codes, as shown below.
ESET antivirus bug let attackers gain Windows SYSTEM privileges
Slovak internet security firm ESET released security fixes to address a high severity local privilege escalation vulnerability affecting multiple products on systems running Windows 10 and later or Windows Server 2016 and above.
Catching the RAT called Agent Tesla
For the last few years, the Qualys Research Team has been observing an infamous “Malware-as-a-service” RAT (Remote Access Trojan) called Agent Tesla. It first appeared in 2014, and since then many variants have been deployed.
TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware
Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples.
Zoom For You — SEO Poisoning to Distribute BATLOADER and Atera Agent
While defending our customers against threats, Mandiant Managed Defense continues to see new threats that abuse trust in legitimate tools and products to carry out their attacks. These attacks are effective in getting past security defenses and staying undetected in a network.
Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware
The table below shows a small chronology of malicious implants masquerading as documents of interest being created with the same themes, which we associate with high confidence to the same ongoing campaign.
The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It
An earlier version of an out-of-bounds (OOB) vulnerability in Samba was disclosed via Trend Micro Zero Day Initiative’s (ZDI) Pwn2Own Austin 2021.
Windows Persistence Using WSL2
Consider supporting my work at https://ko-fi.com/themayor. I really enjoy exploitation in Windows environments. It is a landscape that is ripe with opportunities for privilege escalation, exploitation, and persistence opportunities.
How to tell if your phone has been hacked
Think your smartphone has been compromised by malware? Here’s how to spot the signs of a hacked phone and how to remove the hacker from your phone.
Quantum computing brings new security risks: How to protect yourself
This blog was written by an independent guest blogger. Although commercial quantum computing may still be decades away, government agencies and industry experts agree that now is the time to prepare your cybersecurity landscape for the future.
Shuckworm Continues Cyber-Espionage Attacks Against Ukraine
The Russia-linked Shuckworm group (aka Gamaredon, Armageddon) is continuing to conduct cyber-espionage attacks against targets in Ukraine.
Ukrainian cyberdefense in need of upgrades as tensions rise
Kyiv, Ukraine — Far from dramatic headlines, military maneuvers, and diplomatic threats, a silent war appears to already be unfolding in Ukrainian cyberspace.
Threat Assessment: BlackCat Ransomware
BlackCat (aka ALPHV) is a ransomware family that surfaced in mid-November 2021 and quickly gained notoriety for its sophistication and innovation.
Stories from the SOC - WannaCry malware
Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers.
Public datasets to help you tackle various cyber security problems using Machine Learning or other means. Happy Learning!!!
Teen tracking Elon Musk’s jet sells shirts showing Tesla boss smoking weed
The 19-year-old who has been tracking Elon Musk’s private jet is now selling merchandise, including shirts showing the world’s richest man smoking marijuana, to promote his flight surveillance-themed Twitter account.
Google introduces free Workspace plan in response to criticism
Join today’s leading executives online at the Data Summit on March 9th. Register here.
Satya Nadella: Microsoft has “permission to build the next Internet”
Not long after being promoted to the role of chief executive at Microsoft, in 2014, Satya Nadella had faced calls to ditch the tech group’s Xbox games division and concentrate its resources on cloud computing—to compete with rivals, such as Amazon.
The space station will come to a spectacular end in 2031
The International Space Station (ISS) will experience a dramatic end in about 10 years from now, hurtling to Earth before slamming into the Pacific Ocean. An updated ISS Transition Report released by NASA this week confirmed the station’s watery fate.
Producer: Star Trek: Strange New Worlds will connect to a famous wrathful villain
The Star Trek franchise continues to expand on Paramount+ with the upcoming prequel series, Star Trek: Strange New Worlds, which debuts in May.
This Ancient Crystal from Mars Could Shed Light on Alien Life
The precious Martian meteorite, which was found in Morocco in 2011, contains tiny zircon crystals that could only have been forged in a massive impact, a discovery that could rewrite the timeline of when Mars might have been habitable billions of years ago.
EXCLUSIVE iPhone flaw exploited by second Israeli spy firm-sources
WASHINGTON, Feb 3 (Reuters) - A flaw in Apple’s software exploited by Israeli surveillance firm NSO Group to break into iPhones in 2021 was simultaneously abused by a competing company, according to five people familiar with the matter.
Clearview: Glasses With Facial Recognition Are Here And The Air Force Has Them
Clearview AI, the facial recognition company backed by Facebook and Palantir investor Peter Thiel, is providing the U.S. Air Force with augmented reality glasses combined with facial recognition.
The UK Home Office finally responds to our questions about surveillance of Aspen Card users
We wrote to the Home Office as part of our campaign ‘STOP SPYING ON ASYLUM SEEKERS’, opposing the draconian surveillance of asylum seekers taking place through the Aspen Card.
Huge Multinational Security Firm Exposed Sensitive Airports Files
The SafetyDetectives cybersecurity team discovered a critical data leak affecting the prominent multinational security company, Securitas. Securitas, based in Sweden, provides a full suite of security services and products for corporate clients across a range of industries.
German Court Rules Websites Embedding Google Fonts Violates GDPR
A regional court in the German city of Munich has ordered a website operator to pay €100 in damages for transferring a user’s personal data — i.e., IP address — to Google via the search giant’s Fonts library without the individual’s consent.
Apple creates personal safety guide as AirTag concerns mount — not good enough, says privacy group
For more than one decade, Kurt Wimmer was this blog and this blogger’s First Amendment defender, representing me pro bono.
#NoPlaceToHide…for Stupid Ideas Like Backdooring End-To-End Encryption and Undermining Privacy
Government attempts to weaken cryptography to allow general surveillance are not new: they date back at least to the 1993 Clipper chip. Similarly, claims that children will be harmed by strong cryptography also go back many years.
Researchers use GPU fingerprinting to track users online
A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people’s GPUs to create unique fingerprints and use them for persistent web tracking.
10 great Beatles guitar moments you’ve never heard before
The new Super Deluxe edition of The Beatles’ final album Let It Be kicks off a bonanza of unseen and unheard material, including a new stereo mix of the original album, 27 previously unreleased session recordings, a four-track Let It Be EP, and the never released 14-track Get Back mix by engineer
Why gamers hate crypto, and music fans don’t
If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement. Platformer is an independent newsletter from Casey Newton that follows the intersection of Silicon Valley and democracy. Subscribe here.