News

Description: Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at: https://msrc.microsoft.com/update-guide/en-us/releaseNote/2021-Aug Reports indicated that an elevation of privilege vulnerability in Microsoft Windows 10 and some versions of Windows Server (CVE-2021-36948) is being actively exploited and multiple vulnerabilities in Microsoft Windows…

eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices

A new Android Trojan codenamed FlyTrap has hit at least 140 countries since March 2021 and has spread to over 10,000 victims through social media hijacking, third-party app stores, and sideloaded applications. Zimperium’s zLabs mobile threat research teams recently found several previously undetected applications using Zimperium’s z9 malware engine and on-device detection. Following their forensic…

A new criminal carding marketplace promoted itself by leaking data for one million credit cards that have been stolen between 2018 and 2019. Carding can be defined as the trafficking and use of stolen credit cards. Credit cards usually get stolen through point-of-sale malware, magecart attacks on websites, and by using information-stealing trojans. The credit cards are sold…

Fraud Management & Cybercrime , Governance & Risk Management , Patch Management Pondurance: Ransomware Group Used Backdoors That Persist Prajeet Nair (@prajeetspeaks) • August 10, 2021     Some patched on-premises Microsoft Exchange email servers are still proving to be vulnerable. The Conti ransomware group is now leveraging backdoors that persist, cybersecurity consulting firm Pondurance…

Governance & Risk Management , IT Risk Management , Next-Generation Technologies & Secure Development Updated Security Approach Designed to Mitigate Ransomware, Nation-State Attack Risks Scott Ferguson (Ferguson_Writes) • August 10, 2021     Ron Ross, NIST Fellow and one of the co-authors of an updated guide to cyber resiliency As ransomware and nation-state attacks have…

The cybersecurity team of zLabs Zimperium has recently detected several applications that have stolen the passwords of thousands of Facebook users.  Not only this, but the Zlab security researchers have also checked this attack, and they claimed that the malware used in this attack was dubbed as “FlyTrap.” According to the report, FlyTrap has been…

John Deere, Researchers Spar Over Impact of Vulnerabilities Jeremy Kirk (jeremy_kirk) • August 9, 2021     Flaws in John Deere systems could have allowed an attacker to remotely take over equipment, such as this row crop tractor. (Photo: John Deere) Numerous vulnerabilities uncovered in tractor manufacturer John Deere’s systems underscore the cyber risks that…