technology – Page 3 – Cybersecurity Today

BazaCall Campaigns

“BazaCall: Phony call centers lead to exfiltration and ransomware” via Eric Avena | Microsoft Security Blog

“Our continued investigation into BazaCall campaigns, those that use fraudulent call centers that trick unsuspecting users into downloading the BazaLoader malware, shows that this threat is more dangerous than what’s been discussed publicly in other security blogs and covered by the media. Apart from having backdoor capabilities, the BazaLoader payload from these campaigns also gives a remote attacker hands-on-keyboard control on an affected user’s device, which allows for a fast network compromise. In our observation, attacks emanating from the BazaCall threat could move quickly within a network, conduct extensive data exfiltration and credential theft, and distribute ransomware within 48 hours of the initial compromise.”

More detail: https://www.microsoft.com/security/blog/2021/07/29/bazacall-phony-call-centers-lead-to-exfiltration-and-ransomware/

Microsoft Updates Workaround for ACL and SAM Vulnerability

CVE-2021-36934 | Windows Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934

MosaicLoader Malware Hiding in Search Ads

“This password-stealing Windows malware is distributed via ads in search results” via Danny Palmer | ZDNet

“MosaicLoader can be used to steal passwords, install cryptocurrency miners and deliver trojan malware warn researchers, who say those behind it want to sell access to Windows PCs on to other cyber criminals.”

More detail: https://www.zdnet.com/article/this-password-stealing-windows-malware-is-distributed-via-ads-in-search-results/

Bug hunters asked to probe Microsoft Teams mobile apps, can earn up to $30k – Help Net Security

Bug hunters asked to probe Microsoft Teams mobile apps, can earn up to $30k
— Read on www.helpnetsecurity.com/2021/07/20/bug-hunters-microsoft-teams/

Nasty Linux systemd security bug revealed | ZDNet

Nasty Linux systemd security bug revealed
— Read on www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/

Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections

Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections https://threatpost.com/nso-group-data-pegasus/167897/

China’s New Law Requires Researchers to Report All Zero-Day Bugs to Government

New Law in China Requires Researchers to Report All Zero-Day Bugs to Government
— Read on thehackernews.com/2021/07/chinas-new-law-requires-researchers-to.html

Malaysian authorities crush 1,069 crypto mining rigs with a steamroller | Engadget

Malaysian authorities crush 1,069 crypto mining rigs with a steamroller
— Read on www.engadget.com/malaysia-crush-1069-crypto-mining-rigs-steamroller-131251559.html

Now HelloKitty Ransomware targets VMWare Servers

“Linux version of HelloKitty ransomware targets VMware ESXi servers” via Lawrence Abrams | Bleeping Computer

“The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware’s ESXi virtual machine platform for maximum damage.

As the enterprise increasingly moves to virtual machines for easier backup and resource management, ransomware gangs are evolving their tactics to create Linux encryptors that target”…

More detail: https://www.bleepingcomputer.com/news/security/linux-version-of-hellokitty-ransomware-targets-vmware-esxi-servers/

Singapore Invests in Advancement of A.I. and Cybersecurity Research

“Singapore is launching a $50 million program to advance research on AI and cybersecurity” via Saheli Roy Choudhury | CNBC

“SINGAPORE — Singapore plans to invest $50 million in a program to support research on AI and cybersecurity for future communications structures, Deputy Prime Minister Heng Swee Keat announced on Tuesday.

As part of the Future Communications Research & Development Programme, Singapore plans to set up new communications testbeds in 5G and beyond-5G, support technology development, and build up a…”

More detail: https://www.cnbc.com/2021/07/13/singapore-to-launch-50-million-program-in-ai-cybersecurity-research-for-5g.html