Cybercrime

Malware & Threats

Issued by: Security Week

The attackers are a group that uses the BlackMatter ransomware and the victim is Fort Dodge, Iowa-based New Cooperative, which has 60 members and offers agronomy, grain, feed, energy, and software solutions. New Cooperative has confirmed that it’s dealing with a “cybersecurity incident” that has impacted some of its systems. The company says it has…

Vulnerabilities

Issued by: Security Week

Tracked as CVE-2021-40539 and rated critical severity (CVSS score of 9.8), the vulnerability has been exploited since August 2021 to execute code remotely and take over vulnerable systems. Affecting the representational state transfer (REST) application programming interface (API) URLs of the self-service password management and single sign-on solution, the issue is an authentication bypass bug…

Malware & Threats

Issued by: Security Week

The development, first reported by Business Insider, comes as German federal prosecutors probe alleged cyber attacks against lawmakers during the campaign to choose a new parliament and a successor to Chancellor Angela Merkel. “At the end of August the website of the Federal Returning Officer only had limited accessibility for a few minutes due to…

Malware & Threats

Issued by: Security Week

Microsoft’s guidance was published just as researchers noticed that one of the vulnerabilities is already being exploited in the wild. It appears that the Mirai botnet is attempting to compromise vulnerable systems and that it also closes port 5896 (OMI SSL port) to keep other attackers out. An open-source Web-Based Enterprise Management (WBEM) implementation, OMI…

Malware & Threats

Issued by: Security Week

Poly Network fired off a tweet Wednesday saying hackers had returned $260 million worth of the digital assets taken in a heist a day earlier valued at $613 million. Polygon had urged the thieves to return the stolen fortune and provided online addresses for transfers. “Seven minutes prior to sending the first transaction returning some…

Network Security

Issued by: Security Week

The Infrastructure Investment and Jobs Act includes funding for roads, bridges, transportation safety, public transit, railways, electric vehicle infrastructure, airports, ports, waterways, broadband internet, environmental remediation, and power infrastructure. The White House said this week that the bill will also invest approximately $2 billion to “modernize and secure federal, state, and local IT and networks;…

Malware & Threats

Issued by: Security Week

An example of hacked malware was discovered when researchers detected a user downloading a cracked copy of the credential stuffing tool Sentry MBA from a Turkish-language cracking forum. Sentry MBA includes features to bypass website security controls, such as CAPTCHA challenges and web application firewalls. “Threat actors,” say researchers in the HP Wolf Security Threat…

Malware & Threats

Issued by: Security Week

The Intezer team identified a series of unprotected instances operated by organizations in technology, finance, and logistics sectors, which allowed anyone to deploy workflows. In some cases, the nodes have been targeted by malicious actors to deploy crypto-miners. An open-source, container-native workflow engine that runs on Kubernetes, Argo Workflows allows users to run parallel jobs…