Community Resources + Organizations

Cyware News – Latest Cyber News

• Israeli communications company hit by major cyberattack September 21, 2021
  The company sent SMS messages to its clients on Sunday, saying that the perpetrators of the attack were "hackers from abroad." However, Voicenter claimed that the attack did not affect its work.
• TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines September 21, 2021
  Cisco Talos researchers recently discovered a new backdoor used by the Russian Turla APT group. They observed infections in the U.S., Germany, and, more recently, in Afghanistan.
• New Banking Trojan Abuses Public Platforms Including YouTube September 21, 2021
  ESET reported a new Numando banking Trojan that abuses YouTube, Pastebin, and other public platforms to fool victims into stealing their financial credentials. It can simulate mouse clicks, keyboard actions, hijack PC’s shutdown/restart functions, kill browser processes, and take screenshots. Banking customers are suggested to follow all the security practices to stay protected.
• Mirai Exploits OMIGOD Flaws in the Wild September 21, 2021
  Azure customers are requested to urgently address the OMIGOD flaw exploited by Mirai botnet operators. Microsoft has released additional guidance on securing Linux machines impacted by the critical flaw that concerns thousands of Azure customers and millions of endpoints. Due to no auto-update mechanism, customers have to update manually to protect endpoints from OMIGOD exploits.
• New Warning: APTs are Targeting Zoho ManageEngine September 21, 2021
  The FBI, CISA, and CGCYBER issued a joint advisory warning against the exploitation of a critical bug in the Zoho ManageEngine ADSelfService Plus software by the nation-state actors. Besides applying a patch, organizations are suggested to baseline the normal behavior in web server logs to spot a web shell when deployed.
• Capoae Uses Known Tricks to Target Linux and Windows September 21, 2021
  New Capoae malware strain is reportedly targeting WordPress and Linux systems worldwide. Written in GoLang, it exploited around four different RCE vulnerabilities. Moreover, the malware contains a port scanner to find open ports and services for further exploitation. Among other advice, experts recommend users never use weak or default credentials for deployed applications.
• Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage September 21, 2021
  The cryptomining trojan z0Miner has been taking advantage of Atlassian’s Confluence remote code execution (RCE) vulnerability assigned as CVE-2021-26084, which was disclosed by Atlassian in August.
• Supply Chain Attacks via Open-Source Repositories Spike September 21, 2021
  A report from Sonatype revealed that supply chain attacks on open-source public repositories have increased up to 650% year-over-year. The security firm has mentioned that the significant increase in supply-chain attacks has been mainly caused by the exploitation of flaws in popular open-source ecosystems. It is always recommended to strictly monitor the open-source projects used […]
• US Optometry Provider Simon Eye Hit by Data Breach Impacting 144,000 Patients September 21, 2021
  The possible compromise of sensitive personal data arose from unauthorized access to employee email accounts over a seven-day period between May 12-18, 2021, according to a data breach notice.
• Zero Trust: Follow a Model, Not a Tool September 21, 2021
  In terms of authentication, everything is a resource. Employees, user devices, data sources, services and more — they all have the same status: the system doesn’t let them in by default.