February 25, 2021

The Chinese hacking group, tracked as TA413, used a malicious Firefox add-on in a cyberespionage campaign aimed at Tibetans. China-linked cyberespionage group TA413 targeted Tibetan organizations across the world using a malicious Firefox add-on, dubbed FriarFox, that allowed them to steal Gmail and Firefox browser data and deliver malware on infected systems. “We attribute this […]

The post China-linked TA413 group target Tibetan organizations appeared first on Security Affairs.

Read More China-linked TA413 group target Tibetan organizations

The U.S. Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. That’s a tiny share of the estimated tens of billions of dollars in jobless benefits states have given to identity thieves in the past year. To help reverse that trend, many states are now turning to a little-known private company called ID.me. This post examines some of what that company is seeing in its efforts to stymie unemployment fraud.

Read More How $100M in Jobless Claims Went to Inmates

Cisco addressed over a dozen vulnerabilities in its products, including three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. Cisco released security updates to address over a dozen vulnerabilities affecting multiple products, including three critical flaws impacting its ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software. The most severe vulnerability […]

The post Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS appeared first on Security Affairs.

Read More Cisco fixes three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS

Today, the Supreme Court of Canada announced that it will not be going forward with large telecom incumbents’ request to appeal their case against the CRTC’s mandated wholesale rate correction from nearly two years ago.
The post Supreme Court of Canada…

Read More Supreme Court of Canada rejects telecom incumbents’ appeal of CRTC’s 2019 rate-correction ruling

A vicious cycle of events is leading to more attacks against the public sector, according to BlackBerry’s 2021 Threat Report, and Canada is in a great position to be blindsided by cyberattacks against its critical infrastructure.

The post Canada’s critical infrastructure an ‘area of increasing concern’ says BlackBerry report first appeared on IT World Canada.

Read More Canada’s critical infrastructure an ‘area of increasing concern’ says BlackBerry report

North Korea-linked Lazarus APT group has targeted the defense industry with the custom-backdoor dubbed ThreatNeedle since 2020. North Korea-linked Lazarus APT group has targeted the defense industry with the backdoor dubbed ThreatNeedle since early 2020. The state-sponsored hackers targeted organizations from more than a dozen countries. The experts discovered the custom backdoor while investigating an […]

The post North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor appeared first on Security Affairs.

Read More North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

We are sharing the CodeQL queries that we used to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate so that other organizations may perform a similar analysis.

The post Microsoft open sources CodeQL queries used to hunt for Solorigate activity appeared first on Microsoft Security.

Read More Microsoft open sources CodeQL queries used to hunt for Solorigate activity

Google Project Zero team disclosed the details of a recently patched remote code execution vulnerability (CVE-2021-24093) in Windows Operating system. White hat hacker at Google Project Zero disclosed the details of a recently patched Windows vulnerability, tracked as CVE-2021-24093, that can be exploited for remote code execution in the context of the DirectWrite client. DirectWrite […]

The post Google discloses technical details of Windows CVE-2021-24093 RCE flaw appeared first on Security Affairs.

Read More Google discloses technical details of Windows CVE-2021-24093 RCE flaw

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Recorded Future provides deep, detailed insight into emerging threats by automatically collecting, analyzing, and orga…

Read More Recorded Future’s free Cyber Daily newsletter brings trending threat insights straight to your inbox

The security breaches in cyber-security have been dominating the world for a long time. As cyber-attacks are growing rapidly, the chances of failing in this trap have been increasing. Having the necessary security measures in place still does not indicate that the IT infrastructure is free from risks. To ensure a better working environment and […]

The post Top 5 Reasons to Invest in Penetration Testing Today appeared first on CyberDB.

Read More Top 5 Reasons to Invest in Penetration Testing Today

A Chinese security researcher published a PoC code for the CVE-2021-21972 vulnerability in VMware Center, thousands of vulnerable servers are exposed online. A Chinese security researcher published the Proof-of-concept exploit code for the CVE-2021-21972 RCE vulnerability affecting VMware vCenter servers. vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi […]

The post Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw appeared first on Security Affairs.

Read More Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw

I am a co-author on a report published by the Hoover Institution: “Chinese Technology Platforms Operating in the United States.” From a blog post:

The report suggests a comprehensive framework for understanding and assessing the risks posed by Chinese technology platforms in the United States and developing tailored responses. It starts from the common view of the signatories — one reflected in numerous publicly available threat assessments — that China’s power is growing, that a large part of that power is in the digital sphere, and that China can and will wield that power in ways that adversely affect our national security. However, the specific threats and risks posed by different Chinese technologies vary, and effective policies must start with a targeted understanding of the nature of risks and an assessment of the impact US measures will have on national security and competitiveness. The goal of the paper is not to specifically quantify the risk of any particular technology, but rather to analyze the various threats, put them into context, and offer a framework for assessing proposed responses in ways that the signatories hope can aid those doing the risk analysis in individual cases…

Read More On Chinese-Owned Technology Platforms

The day after VMware released fixes for a critical RCE flaw (CVE-2021-21972) found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems. We’ve detected mass scanning activity targeting vulnerable VMware vCenter servers (https://t.co/t3Gv2ZgTdt). Query our API for “tags=CVE-2021-21972” for relevant indicators and source IP addresses. #threatintel https://t.co/AcSZ40U5Gp — Bad Packets (@bad_packets) February 24, 2021 “In our opinion, the RCE vulnerability in the vCenter Server can pose no less a … More

The post Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP! appeared first on Help Net Security.

Read More Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!