Routers at risk. Bkav code on Raidforums? Magniber exploits PrintNightmare. More stolen


Attacks, Threats, and Vulnerabilities

Google and Open Redirects: Preventing Your Users from Becoming a Victim of Attacks (GreatHorn) The GreatHorn Intelligence Team has identified an increase of 84% in phishing attacks leveraging Google’s open redirects using Google Meet and Google DoubleClick between Q1 2021 and Q2 2021. The use of the open redirects on these platforms allows for threat actors to evade detection by most email security solutions, allowing emails to land in […]

Magecart Group 8: Patterns in Hosting Reveal Sustained Attacks on E-Commerce (RiskIQ) Magecart Group 8 has been targeting online retailers since 2016. This distinct skimming group first came to light when RiskIQ, led by researcher Yonathan Klijnsma, analyzed its skimmer in 2017 and exposed attacks on Nutribullet in February 2020 and MyPillow and Amerisleep in 2019.

Phishing Lures Imitate Government Bodies Offering COVID-19 Relief (WMC Global) WMC Global has noticed a sharp spike in phishing attacks targeting consumers using COVID-19 phishing lures. Specifically, these lures have impersonated US…

Auth Bypass Bug Exploited, Affecting Millions of Routers (Threatpost) Three days after disclosure, cyberattackers are taking over home routers from 20 vendors and ISPs in order to add them to a Mirai-variant botnet used for carrying out DDoS attacks.

Home and small business routers under attack – how to see if you are at risk (Naked Security) Practical advice for homes and small businesses, following news that a recently disclosed router bug is actively being exploited by crooks.

July 2021’s Most Wanted Malware: Snake Keylogger Enters Top 10 for First Time (Check Point Software) Check Point Research reports that Trickbot is the most prevalent malware for the third month running, while Snake Keylogger enters the index for the first

Cybersecurity firm Bkav source codes leaked, put on sale for $250,000 – VnExpress International (VnExpress International) The source codes for certain products of major Vietnamese cybersecurity firm Bkav are being offered on sale on a data leak forum for a total of $250,000.

PrintNightmare vulnerability weaponized by Magniber ransomware gang (The Record by Recorded Future) The operators of the Magniber ransomware have weaponized the infamous PrintNightmare vulnerability and are now attempting to breach Windows systems in South Korea.

Hacker grabs $600m in cryptocash from blockchain company Poly Networks (Naked Security) Where have all the cryptocoins gone? Will we ever get them back?

Over half of crypto tokens stolen in $610 mln hack now returned, Poly Network says (Reuters) Hackers behind one of the biggest ever digital coin heists have now returned over half of the $610 million-plus they stole, the cryptocurrency platform targeted by the hack said on Thursday.

Hackers Return Portion of Record Crypto Heist Haul (SecurityWeek) Poly Network said that hackers have sent back a portion of the digital loot from a record haul valued at more than $600 million.

Cryptocurrency heist hacker returns $260m in funds (BBC News) The hacker behind the $600m Poly Network cryptocurrency heist has posted a Q&A on the blockchain.

Crypto Hackers Stole More Than $600 Million From DeFi Network, Then Gave Some of It Back (Wall Street Journal) Hackers stole cryptocurrencies worth more than $600 million from Poly Network, a decentralized finance platform, in one of the largest crypto heists of recent years.

Poly Network attacker returns $256 million of the stolen cryptocurrency (The Block) The Poly Network exploiter has started returning the stolen crypto assets less than a day after their ID was reportedly obtained.

Accenture breached in highly-targeted ransomware attack (NYSE:ACN) (SeekingAlpha) Accenture (ACN) is the latest target of ransomware hackers who threatened to release stolen data within several hours of the breach. Read more about the ransomware atta

Accenture claims ‘no impact’ in apparent ransomware attack (AP NEWS) Cybercriminals have breached Accenture in an apparent ransomware attack but the global consulting giant says the incident was immediately contained with no impact on it or its systems.

Accenture says Lockbit ransomware attack caused ‘no impact’ (ZDNet) The IT giant was listed on Lockbit’s leak website, and the group said the data came from an “insider”, but there was ‘no impact’ on operations or clients.

Accenture fends off ransomware attack (CRN Australia) Said there was “no impact” on the company or its customers.

Accenture downplays ransomware attack as LockBit gang leaks corporate data (The Record by Recorded Future) Fortune 500 company Accenture has fell victim to a ransomware attack but said today the incident did not impact its operations and has already restored affected systems from backups.

Four years after FBI shut it down, AlphaBay dark web marketplace claims it’s back in business – CyberScoop (CyberScoop) It might be time to update the obituary of one of the web’s most notorious marketplaces for hacking tools and drugs. Four years after the FBI shut down AlphaBay, which registered a reported $1 billion in transactions, a scammer is touting the launch of a new version of the illicit marketplace, according to threat intelligence firm Flashpoint. In an online posting earlier this week,

Researchers Create ‘Master Faces’ to Bypass Facial Recognition (Motherboard) According to the paper, their findings imply that facial recognition systems are “extremely vulnerable.”

New Attack Sends Phishing Via DocuSign (Avanan) Attackers have begun to send phishing links directly through DocuSign.

WSJ News Exclusive | Covid-19 Vaccine Scammers Target Authorities in Dozens of Countries Including Italy and Colombia (Wall Street Journal) Criminal organizations and individuals claiming access to Covid-19 vaccines have contacted authorities in dozens of countries including Italy and Colombia, hoping they will sign illegitimate contracts for millions of dollars.

A Critical Random Number Generator Flaw Affects Billions of IoT Devices (The Hacker News) Billions of IoT devices are affected by a critical flaw in the hardware random number generators.

Fundamental Flaw in RNGs Affects Many IoT Devices (Decipher) The use of weak random number generators in many IoT devices undermines the security of the encryption keys those devices generate.

You’re Doing IoT RNG (Bishop Fox) Learn why hardware random number generators (RNG) used by billions of IoT devices to create encryption keys don’t always generate random numbers.

Decryption Key for Ransomware Delivered via Kaseya Attack Made Public (SecurityWeek) A key that can be used to decrypt files encrypted by the REvil ransomware delivered in the Kaseya attack has been made public.

Cobalt Strike Vulnerability Affects Botnet Servers (Schneier on Security) Cobalt Strike is a security tool, used by penetration testers to simulate network attackers. But it’s also used by attackers — from criminals to governments — to automate their own attacks. Researchers have found a vulnerability in the product.

Transnet proves it — no company is safe from cyberattacks, fraud prevention service warns (TimesLIVE) The recent cyberattack on Transnet is a serious wakeup call and a reminder that, in the technology age, no company is safe from cyber criminals, according to the Southern African Fraud Prevention Service.

Data Breach at Georgia Health System (Infosecurity Magazine) Hacker accessed patient data for six months before staging ransomware attack

Hacker had access to Georgia health system’s IT network 6 months before ransomware strike (Becker’s Hospital Review) Savannah, Ga.-based St. Joseph’s/Candler began notifying patients and empl
oyees Aug. 10 that their personal information was exposed by an unauthorized third party between December 2020 and June 2021. 

Singaporean telco leaked personal data of over 57,000 customers (Register) StarHub’s breach announcement came a month after discovery of customer file on dump site

May cyberattack cost Scripps nearly $113M in lost revenue, more costs (FierceHealthcare) A major cyberattack that disrupted care cost Scripps Health nearly $113 million in lost revenue and additional costs, the San Diego-based system reported.

Security Patches, Mitigations, and Software Updates

Microsoft August 2021 Patch Tuesday fixes 3 zero-days, 44 flaws (BleepingComputer) Today is Microsoft’s August 2021 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 44 flaws, so please…


Read More:Routers at risk. Bkav code on Raidforums? Magniber exploits PrintNightmare. More stolen