Cyber Security News — Past 24 hours | 30.05.2021
FireEye: Transportation and Telecom Firms Being Hit in Chinese Espionage
In a blog post published Thursday, Mandiant analysts said, «Chinese cyber-espionage activity has shown a larger tolerance for risk and is less restrained by diplomatic considerations than previously characterized». In a separate incident disclosed by Microsoft in March, alleged Chinese spies used vulnerabilities in the Exchange Server software to steal email inboxes from U. On Thursday, a request for comment on Mandiant’s findings was not immediately answered by a representative for the Chinese Embassy in Washington, D. Pulse Connect Secure is used by at least 24 federal entities, with some national-security-focused research laboratories openly announcing the use of the software. According to a representative from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency , the Pulse Connect Secure cyberattack may have compromised at least five civilian agencies. According to the security firm, the claimed Chinese spies covered up traces of many of their hacks in some of the Pulse Connect breaches as Mandiant prepared to reveal the operation last month.
«The greater ambition and risk tolerance demonstrated by Chinese policymakers since 2019 indicate that the tempo of Chinese state-sponsored activity may increase in the near future and that the Chinese cyber threat apparatus presents a renewed and serious threat to U. » .
Kaspersky detected a new method of cyber attacks on corporate data
Kaspersky Lab noted that the new attacks differ from cyberattacks using encryption viruses in that the scammers do not use specially created malware, but the standard BitLocker Drive Encryption technology included in the Windows operating system. The company explained that scammers get into the corporate network with the help of phishing emails that are sent on behalf of different companies in order to obtain user data or vulnerabilities in the system. As the company said, as soon as the scammers get access to the server, which contains information about all corporate devices, they can completely encrypt the IT infrastructure of the organization. Golovanov, scammers make phishing emails without taking into account the specifics of the enterprise and are widespread.
Earlier, Kaspersky Lab recorded hacker attacks on ten Russian financial and transport companies using a previously unknown Quoter ransomware program, as well as phishing emails with a banking Trojan program. The hackers sent out phishing emails with topics such as «Request for refund» or «Copies of Last Month’s documents».
5 Top Cybersecurity Threats to Businesses
Cybersecurity threats are unpredictable but taking a closer look at them and implementing proper security measures seems like a wise decision.
The technology that we use today comes with a lot of benefits for businesses.
According to the latest reports, an average cost of a data breach in 2020 was $3.86 million. If you don’t want to lose both your money and invaluable data, you need to look out for cyber threats.
Ransomware has become one of the most common cyber threats not just for businesses but for individual users as well. Ransomware attacks are aimed at holding your files hostage until you pay a ransom.
Every patch comes with a set of changes — for example, it allows your computer to recognize and eliminate newly-created malware. It also fixes the so-called bugs — software errors that can make your system exposed to cyber threats.
An insider threat can deal serious damage to your company. It is so because an insider has access to sensitive information that they can use to steal customer data or sabotage the business.
Malicious content poses a serious risk to every business which owns a website or blog — whether it’s a large corporation or an entrepreneur. Because malicious content is usually hosted on sites that are full of ads or pop-ups, there is no limit as to how many people can get exposed to it.
A Final Note
Technology is evolving, and while that brings many benefits for business owners, it also can be a cause of many issues that can jeopardize any company’s future.
VMware Urges Patching Critical RCE Vulnerability In vCenter Server
VMware vCenter Server Vulnerability In a recent blog post, VMware has shed light on a critical RCE vulnerability in the vCenter Server. Highlighting the importance of these patches, VMware stated, In this era of ransomware, it is safest to assume that an attacker is already inside the network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible. The vendors describe the first bug, CVE-2021–21985, as a critical-severity remote code execution flaw that received a 9.8 CVSS score. This bug existed due to lack of input validation in the Virtual SAN Health Check plug-in in the vCenter Server. Regarding its impact, VMware stated in an advisory, A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. Explaining the impact of this bug upon exploitation, the advisory reads, A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT