Attacks, Threats, and Vulnerabilities
US Cyber Command, CISA warn of hackers exploiting critical VMware flaw (CyberScoop) Hackers have been leveraging a critical flaw in the software that Silicon Valley vendor VMware uses to manage virtual machines in large data centers, U.S. Cyber Command warned on Saturday. The flaw allows an attacker to execute code remotely and potentially infiltrate sensitive computing environments that run on VMware’s widely used server management software.
Ransomware Struck Another Pipeline Firm—and 70GB of Data Leaked (Wired) LineStar Integrity Services was hacked around the same time as Colonial Pipeline, but radical transparency activists have brought the attack to light.
Phishing Malware Hijacks Bitcoin Addresses and Delivers New Agent Tesla Variant (Fortinet Blog) FortiGuard Labs recently captured a new phishing campaign in which a MS Excel document attached to a spam email downloaded and executed several pieces of VBscript code. Used to hijack bitcoin addre…
US truck and military vehicle maker Navistar discloses data breach (BleepingComputer) Navistar International Corporation (Navistar), a US-based maker of trucks and military vehicles, says that unknown attackers have stolen data from its network following a cybersecurity incident discovered at the end of last month.
Military Vehicles Maker Navistar Reports Data-Theft Cyberattack (SecurityWeek) Truck maker Navistar International Corporation confirms data stolen in cyberattack that affected some operations.
CyRC Vulnerability Advisory: Denial of service vulnerabilities in RabbitMQ, EMQ X, and VerneMQ (Software Integrity Blog) CVE-2021-22116, CVE-2021-33175, and CVE-2021-33176 are denial of service vulnerabilities in three popular open source message broker applications.
Report: New Ransomware Variant Targeting Microsoft Exchange Servers (Health IT Security) A Sophos report shows threat actors, with likely ties to REvil ransomware, are deploying a new malware variant by exploiting flaws in Microsoft Exchange Servers.
Hackers Using Microsoft Against Itself (Avanan) Using a spoofed “onmicrosoft.com” address can fool email scanners.
De Blasio: No info compromised at this time in hack of city law department (NY1) Watch the full interview here.
Faculty members delve into recent ransomware attacks (University of Miami) University of Miami cybersecurity and supply chain experts explain why cybercriminals are finding infrastructure a lucrative target.
Four Security Vulnerabilities were Found in Microsoft Office (Check Point Software) Check Point Research (CPR) urges Windows users to update their software, after discovering four security vulnerabilities that affect products in Microsoft
Authorities Warns of New Surge in Ransomware on Education Sector (Infosecurity Magazine) Ransomware has led to the loss of student coursework, school financial records and data relating to COVID-19 testing