March 4, 2021

FireEye researchers spotted a new sophisticated second-stage backdoor that was likely linked to threat actors behind the SolarWinds hack. Malware researchers at FireEye discovered a new sophisticated second-stage backdoor, dubbed Sunshuttle, while analyzing the servers of an organization that was compromised as a result of the SolarWinds supply-chain attack. The new malware is dubbed Sunshuttle, and it was […]

The post Sunshuttle, the fourth malware allegedly linked to SolarWinds hack appeared first on Security Affairs.

Read More Sunshuttle, the fourth malware allegedly linked to SolarWinds hack

Learn how Microsoft Cloud App Security helps manage your SaaS apps and services, protecting against cyber threats, data leaks, and lack of compliance.

The post A better cloud access security broker: Securing your SaaS cloud apps and services with Microsoft Cloud App Security appeared first on Microsoft Security.

Read More A better cloud access security broker: Securing your SaaS cloud apps and services with Microsoft Cloud App Security

VMware released a security patch for a remote code execution vulnerability that affects the VMware View Planner product. VMware released a security patch for a remote code execution flaw, tracked as CVE-2021-21978, that affects the VMware View Planner. The View Planner is a free tool for Performance Sizing and Benchmarking of Virtual Desktop Infrastructure environments. […]

The post VMware addresses Remote Code Execution issue in View Planner appeared first on Security Affairs.

Read More VMware addresses Remote Code Execution issue in View Planner

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive related to recently fixed Microsoft Exchange zero-days.  The US Cybersecurity and Infrastructure Security Agency (CISA) has issued the Emergency Directive 21-02 in response to the disclosure of zero-day vulnerabilities in Microsoft Exchange.  This week Microsoft has released emergency out-of-band security updates that address four […]

The post CISA emergency directive urges to fix Microsoft Exchange zero-days appeared first on Security Affairs.

Read More CISA emergency directive urges to fix Microsoft Exchange zero-days

Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool. Here’s the timeline:

The timeline basically seems to be, according to Check Point:

  • 2013: NSA’s Equation Group developed a set of exploits including one called EpMe that elevates one’s privileges on a vulnerable Windows system to system-administrator level, granting full control. This allows someone with a foothold on a machine to commandeer the whole box.
Read More Chinese Hackers Stole an NSA Windows Exploit in 2014

Group-IB published a report titled “Ransomware Uncovered 2020-2021”. analyzes ransomware landscape in 2020 and TTPs of major threat actors. Group-IB, a global threat hunting and adversary-centric cyber intelligence company, has presented its new report “Ransomware Uncovered 2020-2021”. The research dives deep into the global ransomware outbreak in 2020 and analyzes major players’ TTPs (tactics, techniques, and procedures). By […]

The post Group-IB: ransomware empire prospers in pandemic-hit world. Attacks grow by 150% appeared first on Security Affairs.

Read More Group-IB: ransomware empire prospers in pandemic-hit world. Attacks grow by 150%