2021, Authentication, Encryption and Information Security

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Broken Authentication 5. Broken Authentication 5. Mitigation: implement authentication and authorization controls according to the role-based access model.

Passwords

Passwords Authentication Architecture Risk

Understanding the Core Principles of Information Security

Centraleyes

NOVEMBER 1, 2023

To build a robust information security strategy, one must understand and apply the core principles of information security. This blog post will delve into the fundamental principles underpinning effective information security principles and practices. Is The Demise of the CIA Triad Imminent?

Information Security

Information Security Encryption Risk Authentication

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. According to a report published by blockchain analytics company Chainalysis, the Hive ransomware is one of the top 10 ransomware strains by revenue in 2021. key files.

Encryption

Encryption Ransomware Cybercrime Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

In December 2021, experts at Check Point Research observed the resurgence of the Phorpiex botnet. The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. Reference the provided resources for establishing DMARC authentication.

Phishing

Phishing Ransomware Security Awareness Authentication

GravityRAT returns disguised as an end-to-end encrypted chat app

Security Affairs

NOVEMBER 13, 2021

Threat actors are distributing the GravityRAT remote access trojan masqueraded as an end-to-end encrypted chat application named SoSafe Chat. Threat actors are distributing the GravityRAT RAT masqueraded as an end-to-end encrypted chat application named SoSafe Chat. in) used by the attackers. Pierluigi Paganini.

Encryption

Encryption Malware Media Authentication

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

DECEMBER 31, 2021

Below is the list of flaws discovered by the researchers: CVE-2021-20173 : Post Authentication Command Injection via SOAP Interface. CVE-2021-20174 : Default HTTP Communication (Web Interface). CVE-2021-20175 : Default HTTP Communication (SOAP Interface). CVE-2021-23147 : Insufficient UART Protection Mechanisms.

Firmware

Firmware Encryption Authentication Passwords

What Can Businesses Do to Adapt to the Evolving Technology, Breach Threats and Regulatory Challenges?

Thales Cloud Protection & Licensing

MAY 18, 2021

Tue, 05/18/2021 - 12:57. Increased remote working and accelerated cloud transformation have driven organizations to rethink how they do security, especially cloud security. Best practices such as Bring Your Own Encryption (BYOE) make sure that cloud service providers cannot see the data hosted inside their environment.

Technology

Technology Encryption Digital transformation Authentication

French intel found flaws in Bluetooth Core and Mesh specs

Security Affairs

MAY 24, 2021

Researchers identified a vulnerability affecting the Passkey authentication in BR/EDR Secure Simple Pairing in Bluetooth Core Specifications 2.1 BR/EDR Secure Connections Pairing in Bluetooth Core Specifications 4.1 and LE Secure Connections Pairing in Bluetooth Core Specifications 4.2 through 5.2, through 5.2.

Wireless

Wireless Authentication Mobile Encryption

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group. It consists of two components, the loader and the encrypted main payload. The backdoor uses AES-ECB encryption for C2 communications.

Malware

Malware Encryption Telecommunications Authentication

Microsoft publishes mitigations for the PetitPotam attack

Security Affairs

JULY 26, 2021

A few days ago, security researcher Gilles Lionel (aka Topotam ) has discovered a vulnerability in the Windows operating system that allows an attacker to force remote Windows machines to authenticate and share their password hashes with him. Guidance at [link] — Security Response (@msftsecresponse) July 24, 2021.

Authentication

Authentication Passwords Encryption Hacking

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

The Last Watchdog

MAY 19, 2022

Nearly all CMS platforms, whether traditional or headless, offer some level of built-in security to authenticate users who are allowed to view, add, remove, or change content. Best security practices. According to the IBM Data Breach Report 2021 , data breaches in the United States reached $4.24 What can you do about it?

Data breaches

Data breaches Encryption Mobile Technology

Owowa, a malicious IIS Server module used to steal Microsoft Exchange credentials

Security Affairs

DECEMBER 15, 2021

Once a user has successfully authenticated on the OWA authentication web page, the Owawa module captures its credential. The module was most likely compiled between late 2020 and April 2021. The module verifies the successful authentication by checking that the OWA application is sending an authentication token back to the user.

Encryption

Encryption Authentication Passwords Internet

3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited

Security Affairs

APRIL 21, 2021

The three vulnerabilities addressed by the security vendor are: CVE-2021-20021 : Email Security Pre-Authentication Administrative Account Creation: A vulnerability in the SonicWall Email Security version 10.0.9.x ” reads the advisory published by FireEye. ” continues the analysis published by FireEye.

Authentication

Authentication Accountability Encryption Hacking

ModiPwn flaw in Modicon PLCs bypasses security mechanisms

Security Affairs

JULY 13, 2021

ModiPwn flaw (CVE-2021-22779) in some of Schneider Electric’s Modicon PLCs can allow attackers to bypass authentication mechanisms and take over the device. The vulnerability can allow attackers to bypass authentication mechanisms which can lead to native remote-code-execution on vulnerable PLCs.”

Authentication

Authentication IoT Engineering Encryption

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies

Thales Cloud Protection & Licensing

MARCH 23, 2022

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies. The continued high ranking of cloud as a target demonstrates a lack of maturity in cloud data security with limited use of encryption, perceived or experienced multi-cloud complexity and the rapid growth of enterprise data. 2021 Report.

Risk

Risk Encryption Ransomware Technology

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

Security Affairs

AUGUST 9, 2021

The Australian Cyber Security Centre (ACSC) warns of a surge of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021. The Australian Cyber Security Centre (ACSC) warns of an escalation in LockBit 2.0 ransomware attacks against Australian organizations in multiple industry sectors starting July 2021.

Ransomware

Ransomware Retail Manufacturing Encryption

Cox Media Group took down broadcasts after a ransomware attack

Security Affairs

OCTOBER 9, 2021

American media conglomerate Cox Media Group (CMG) was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021. The American media conglomerate Cox Media Group (CMG) announced it was hit by a ransomware attack that caused the interruption of the live TV and radio broadcast streams in June 2021.

Media

Media Ransomware Identity Theft Insurance

Nitroransomware demands gift codes as ransom payments

Security Affairs

APRIL 19, 2021

Has a Discord token stealer too… @demonslay335 pic.twitter.com/OayXQPcSEl — MalwareHunterTeam (@malwrhunterteam) April 17, 2021. Upon executing the ransomware, it will encrypt the victim’s file and will give 3 hours to them to provide a valid Discord nitro. ” states BleepingComputer.

Ransomware

Ransomware Encryption Malware Hacking

Some Synology products impacted by recently disclosed OpenSSL flaws

Security Affairs

AUGUST 29, 2021

Taiwan vendor Synology announced that recently disclosed vulnerabilities (CVE-2021-3711 and CVE-2021-3712) in the OpenSSL impact some of its products. The CVE-2021-3711 is a high-severity buffer overflow flaw that could allow an attacker to change an application’s behavior or cause the app to crash. Important Ongoing DSM 6.2

VPN

VPN Encryption Authentication Hacking

Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw

Security Affairs

JULY 26, 2023

A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface.” The CVE-2023-30799 flaw can be exploited by a remote and an authenticated attacker to escalate privileges from admin to ‘super-admin’ which allows it to get a root shell on the router.

Hacking

Hacking Passwords Authentication Encryption

Emsisoft releases free SynAck ransomware decryptor

Security Affairs

AUGUST 20, 2021

Emsisoft has released a free decryptor for SynAck Ransomware that can allow victims of the gang to decrypt their encrypted files. <gwmw The master decryption keys work for victims that were infected between July 2017 and early 2021. <gwmw style=”display:none;”>. The gang has now rebranded as the new El_Cometa group.

Ransomware

Ransomware Encryption Authentication Internet

B. Braun Infusomat pumps could be hacked to alter medication doses

Security Affairs

AUGUST 27, 2021

The five previously unreported vulnerabilities in the medical system are: CVE-2021-33886 – Use of Externally-Controlled Format String (CVSS 7.7) CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS 9.7) CVE-2021-33882 – Missing Authentication for Critical Function (CVSS 8.2)

Hacking

Hacking Authentication Internet Internet

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Use multifactor authentication where possible. Focus on cyber security awareness and training.

Ransomware

Ransomware DDOS Passwords Backups

FBI issued a flash alert on Lockbit ransomware operation

Security Affairs

FEBRUARY 5, 2022

The LockBit ransomware gang has been active since September 2019, in June 2021 the group announced the LockBit 2.0 enumerates system information to include hostname, host configuration, domain information, local drive configuration, remote shares, and mounted external storage devices. Like other ransomware gangs, Lockbit 2.0

Ransomware

Ransomware Backups Encryption Accountability

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

The Mirai -based Moobot botnet was first documented by Palo Alto Unit 42 researchers in February 2021, in November 2021, it started exploiting a critical command injection flaw ( CVE-2021-36260 ) in the webserver of several Hikvision products. Since September 2022, Moobot botnet was spotted targeting vulnerable D-Link routers.

Energy and Utilities

Energy and Utilities Government Firewall Malware

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Security Affairs

FEBRUARY 14, 2022

Secret Service (USSS) to provide information on BlackByte ransomware. As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).” ” reads the advisory.

Ransomware

Ransomware Accountability Firmware Antivirus

DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure

Security Affairs

FEBRUARY 10, 2023

Threat actors use various exploits of common vulnerabilities, including CVE 2021-44228 , CVE-2021-20038 , and CVE-2022-24990. threat actors use virtual private networks (VPNs) and virtual private servers (VPSs) or third-country IP addresses to hide the origin of the attacks. Gain Access [ TA0001 ].

Ransomware

Ransomware Healthcare Cryptocurrency Government

Emsisoft created a free decryptor for past victims of the BlackMatter ransomware

Security Affairs

OCTOBER 24, 2021

The researchers found a vulnerability in the encryption process implemented in the BlackMatter ransomware that allowed them to recover encrypted files for free. More details can be found here: [link] — Fabian Wosar (@fwosar) October 24, 2021. BlackMatter then remotely encrypts the hosts and shared drives as they are found.

Ransomware

Ransomware Encryption Backups Healthcare

Nexus, an emerging Android banking Trojan targets 450 financial apps

Security Affairs

MARCH 23, 2023

The authors claim that Nexus has been entirely written from scratch, but the researchers found similarities between Nexus and the SOVA banking trojan , which appeared on the threat landscape in August 2021. Like other malware, Nexus doesn’t infect systems located in Russia and CIS countries.

Banking

Banking Cryptocurrency Malware Advertising

Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA

Security Affairs

SEPTEMBER 1, 2021

. “Although FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday, malicious cyber actors have launched serious ransomware attacks during other holidays and weekends in 2021.” Securing and monitoring Remote Desktop Protocol endpoints.

Ransomware

Ransomware Risk Encryption Passwords

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

“Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. Use multifactor authentication with strong pass phrases where possible.

Ransomware

Ransomware Passwords Backups Firmware

Telehealth: A New Frontier in Medicine—and Security

SecureList

FEBRUARY 1, 2022

Kaspersky’s own research found that as of 2021 91% of global medical providers had implemented telehealth capabilities. Now, more than two years since the start of the pandemic, some of the homebrew telehealth projects have since grown and become more stable and secure. In 2021, the situation did not improve.

Phishing

Phishing Healthcare IoT Authentication

UK newspaper The Telegraph exposed a 10TB database with subscriber data

Security Affairs

OCTOBER 5, 2021

The unsecured database was discovered on September 14, 2021, it included internal logs and subscriber information. Subscriber data exposed includes full names, email addresses, device info, URL requests, IP addresses, authentication tokens, and unique reader identifiers. — Bob Diachenko (@MayhemDayOne) September 16, 2021.

Media

Media Passwords Engineering Encryption

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Security Affairs

APRIL 23, 2021

(QNAP), a leading computing, networking and storage solution innovator, today issued a statement in response to recent user reports and media coverage that two types of ransomware (Qlocker and eCh0raix) are targeting QNAP NAS and encrypting users’ data for ransom. qlocker @QNAP_nas — Jack Cable (@jackhcable) April 22, 2021.

Ransomware

Ransomware Backups Media Malware

Experts spotted a backdoor that borrows code from CIA’s Hive malware

Security Affairs

JANUARY 16, 2023

In April 2017, Wikileaks published some documents about the project, describing it as a sort of malware command and control infrastructure used by the US agency to control its malicious code and exfiltrate information from the target systems. The backdoor has to two task, beacon and trigger.

Malware

Malware Encryption Authentication Hacking

YTStealer info-stealing malware targets YouTube content creators

Security Affairs

JUNE 29, 2022

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators.

Malware

Malware Authentication Software Accountability

The new maxtrilha trojan is being disseminated and targeting several banks

Security Affairs

SEPTEMBER 12, 2021

A new banking trojan dubbed maxtrilha (due to its encryption key) has been discovered in the last few days and targeting customers of European and South American banks. The victims’ data is encrypted and sent to the C2 server geolocated in Russia. Figure 4: Maxtrilha samples disseminated in August and September 2021.

Banking

Banking Malware Internet Internet

Flaws in Realtek RTL8170C Wi-Fi module allow hijacking wireless communications

Security Affairs

JUNE 3, 2021

.” The vulnerabilities impact all embedded and IoT devices that use the Realtek RTL8710C module, they could be exploited only by attackers on the same Wi-Fi network or know the network’s pre-shared key (PSK) used to authenticate wireless clients on local area networks. ” continues the report.

Wireless

Wireless IoT Encryption Firmware

FBI warns of increase in PYSA ransomware attacks targeting education

Malwarebytes

MARCH 17, 2021

PYSA, aka Mespinoza, is a malware capable of exfiltrating data and encrypting users’ critical files and data stored on their systems. link] pic.twitter.com/NOPAcEFxM8 — FBI Buffalo (@FBIBuffalo) March 16, 2021. To prevent attacks: Install security updates for operating systems, software, and firmware as soon as they are released.

Education

Education Ransomware Phishing Passwords

US CISA, FBI, and NSA warn an escalation of Conti ransomware attacks

Security Affairs

SEPTEMBER 22, 2021

link] #Cybersecurity #Ransomware pic.twitter.com/UQ7bZCtu0e — US-CERT (@USCERT_gov) September 22, 2021. The advisory urges organizations to take supplementary measures to increase their level of security. The advisory published by the US agencies provides the following mitigations: Use multi-factor authentication.

Ransomware

Ransomware Cybercrime Authentication Healthcare

FTC extends deadline by six months for compliance with some changes to financial data security rules

CyberSecurity Insiders

MARCH 21, 2023

Initial changes to the Safeguards Rule Initially, the Federal Trade Commission approved changes to the Safeguards Rule in October 2021. These changes included updated criteria for financial institutions, providing more specific requirements about which safeguards they must include in their information security programs.

Cryptocurrency

Cryptocurrency Identity Theft Authentication Banking

New GTPDOOR backdoor is designed to target telecom carrier networks

Security Affairs

MARCH 4, 2024

In October 2021, CrowdStrike uncovered a campaign after the investigation of a series of security incidents in multiple countries. If the implant is active, a specially crafted empty TCP packet is returned, accompanied by information regarding the host’s responsiveness.

Telecommunications

Telecommunications Firewall Mobile Malware

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The joint advisory provides detailed info on tactics, techniques, and procedures (TTPs) associated with APT28’s attacks conducted in 2021 that exploited the flaw in Cisco routers. The Russia-linked APT28 conducted the attacks in 2021 and targeted a small number of entities in Europe, U.S. ” reads the joint advisory. through 12.4

Malware

Malware Firmware Government Education

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

According to Coveware, a company that offers incident response services to organizations impacted by ransomware attacks, Conti is the second most common ransomware family that victim organizations have reported in the first quarter of 2021. Earlier versions appended the.CONTI extension to encrypted files.

Healthcare

Healthcare Ransomware Encryption Passwords

Top 10 web application vulnerabilities in 2021–2023

Understanding the Core Principles of Information Security

Webinars

Trending Sources

New Hive ransomware variant is written in Rust and use improved encryption method

Webinars

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

GravityRAT returns disguised as an end-to-end encrypted chat app

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

What Can Businesses Do to Adapt to the Evolving Technology, Breach Threats and Regulatory Challenges?

French intel found flaws in Bluetooth Core and Mesh specs

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Microsoft publishes mitigations for the PetitPotam attack

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

Owowa, a malicious IIS Server module used to steal Microsoft Exchange credentials

3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited

ModiPwn flaw in Modicon PLCs bypasses security mechanisms

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

Cox Media Group took down broadcasts after a ransomware attack

Nitroransomware demands gift codes as ransom payments

Some Synology products impacted by recently disclosed OpenSSL flaws

Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw

Emsisoft releases free SynAck ransomware decryptor

B. Braun Infusomat pumps could be hacked to alter medication doses

Avoslocker ransomware gang targets US critical infrastructure

FBI issued a flash alert on Lockbit ransomware operation

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

BlackByte ransomware breached at least 3 US critical infrastructure organizations

DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure

Emsisoft created a free decryptor for past victims of the BlackMatter ransomware

Nexus, an emerging Android banking Trojan targets 450 financial apps

Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA

FBI warns of ransomware attacks targeting the food and agriculture sector

Telehealth: A New Frontier in Medicine—and Security

UK newspaper The Telegraph exposed a 10TB database with subscriber data

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Experts spotted a backdoor that borrows code from CIA’s Hive malware

YTStealer info-stealing malware targets YouTube content creators

The new maxtrilha trojan is being disseminated and targeting several banks

Flaws in Realtek RTL8170C Wi-Fi module allow hijacking wireless communications

FBI warns of increase in PYSA ransomware attacks targeting education

US CISA, FBI, and NSA warn an escalation of Conti ransomware attacks

FTC extends deadline by six months for compliance with some changes to financial data security rules

New GTPDOOR backdoor is designed to target telecom carrier networks

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Stay Connected