Articles By This Author
The Spanish government has fallen victim to a ransomware attack on Tuesday that impacted the IT systems of the Servicio Público de Empleo Estatal (SEPE), the agency that manages and pays out government unemployment benefits. The incident affected the agency’s backend systems and public website.
More than 46,000 of a total of 250,000 Exchange email servers are still unpatched against four critical vulnerabilities that have been under heavy attacks over the past few days. For the past days, DIVD has scanned the internet for Exchange servers, verified if the patch was installed, and then moved to notify organizations that have failed to update.
Law enforcement agencies from the Netherlands and Belgium have shut down today Sky ECC, a company that provided a secure encrypted messaging platform to criminals organizations across the world. Authorities said they infiltrated the platform in mid-February 2021 and have managed to intercept live messages exchanged through the company’s servers.
South Korean national police have announced today the arrest of a 20-year-old suspect on charges of distributing and infecting victims with the GandCrab ransomware. The suspect, whose name was not released, operated as a customer of the GandCrab Ransomware-as-a-Service (RaaS) cybercrime operation.
The ongoing mass exploitation campaign targeting Microsoft Exchange email servers has expanded in less than a week to include attacks from multiple nation-state hacking groups and cybercrime operations alike. The attacks —first disclosed last week by Microsoft— are related to four vulnerabilities that security researchers are calling ProxyLogon.
Secureworks links the second threat actor exploiting SolarWinds Orion servers to a Chinese threat actor it calls Spiral. This is the group who exploited CVE-2020-10148 (Orion API authentication bypass) to install the SUPERNOVA web shell on Orion servers throughout late 2020.
Catalan police arrested four suspects last week on suspicion of managing FluBot, an Android malware strain that infected at least 60,000 devices, with most victims located in Spain. Four men, aged between 19 and 27, were arrested in Barcelona on Tuesday, March 2.
In a paper published today, a team of academics from the University of Illinois at Urbana-Champaign have published details about a new side-channel attack against the internal architecture of modern CPUs. In a research paper published tonight and titled “Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical,” UIUC researchers looked at a part of modern multi-core CPUs that hasn’t been analyzed before —namely, the ring interconnect.
The operators of the REvil (aka Sodinokibi) ransomware said they plan to expand their arsenal of extortion tactics against victims who refuse to pay ransom demands. New tactics will include calling journalists or business partners to expose a victim’s breach and launching DDoS attacks against a company’s IT infrastructure in order to delay recovery efforts.
The US National Security Agency and the Cybersecurity and Infrastructure Security Agency have published this week a joint advisory urging companies to adopt DNS-based security solutions as part of a concept the agencies are calling Protective DNS (PDNS).