Wednesday, May 12, 2021
ZDNet

Everything you need to know about the Colonial Pipeline ransomware attack

DarkSide has claimed responsibility for the catastrophic ransomware outbreak.
ZDNet

Colonial Pipeline ransomware attack: Everything you need to know

Updated: DarkSide has claimed responsibility for the catastrophic ransomware outbreak.
ZDNet

GitHub shifts away from passwords with security key support for SSH Git operations

Support has been added to bolster defense against account compromise.
ZDNet

DarkSide explained: the ransomware group responsible for Colonial Pipeline cyberattack

The group's existence is tied to a murky web of shorted stocks, criminality, and failed attempts to appear as Robin Hood.
ZDNet

Amazon seized, destroyed two million fake products sent to warehouses in 2020

Over 10 billion suspect listings were also wiped out during the year in a counterfeit crackdown.
ZDNet

Lemon Duck hacking group adopts Microsoft Exchange Server vulnerabilities in new attacks

Fake TLDs are now also being created to maximize the potential success of attacks.
ZDNet

Group pleads guilty to running bulletproof hosting service for criminal gangs, malware payloads

Zeus, SpyEye, Citadel, and the Blackhole exploit kit were among the strains stored through the host.
ZDNet

Group pleads guilty to running bulletproof hosting service for criminal gangs, malware payloads

Zeus, SpyEye, Citadel, and the Blackhole exploit kit were among the strains stored through the host.
ZDNet

New Moriya rootkit stealthily backdoors Windows systems

Unknown attackers may have been quietly exploiting networks in attacks reaching back to 2018.
ZDNet

IRS secures order to serve Kraken with customer data request on cryptocurrency traders

Users who have conducted $20,000 in transactions are now on the tax office’s radar.
ZDNet

Google teams up with Stop Scams to tackle financial fraud in the UK

Companies are stepping up to tackle scams on and offline.
ZDNet

Data leak implicates over 200,000 people in Amazon fake product review scam

Names, email addresses, and PayPal details were exposed and left online.
ZDNet

Ryuk ransomware finds foothold in bio research institute through student who wouldn’t pay for software

The incident started with a student who didn't want to pay for a license and ended with the loss of research.
ZDNet

Banking Trojan evolves from distribution through porn to phishing schemes

While starting out in Brazil, the malware may also now be present in Europe.
ZDNet

Panda Stealer dropped in Excel files, spreads through Discord to steal user cryptocurrency

The malware hones in on cryptocurrency funds as well as VPN credentials.
ZDNet

Three new malware families found in global finance phishing campaign

Doubledrag, Doubledrop, and Doubleback are the work of “experienced” threat actors.
ZDNet

Patch issued to tackle critical security issues present in Dell driver software since 2009

Five critical security issues have been discovered.
ZDNet

SAP admits to ‘thousands’ of illegal software exports to Iran

SAP says it accepts “full responsibility for past conduct.”
ZDNet

WeSteal: A ‘shameless’ cryptocurrency stealer sold in the underground

The brazen developer doesn’t even try to hide their creation’s true purpose.
ZDNet

ISC urges updates of DNS servers to wipe out new BIND vulnerabilities

The security flaws could lead to remote exploitation.
The Hacker News

Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild

Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild. The list of updated applications includes Adobe Experience Manager,...
The Register

Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data

Online lending apps and more given fifteen days to ‘rectify’ behaviour China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…
SecurityWeek

SAP Patches High-Severity Flaws in Business One, NetWeaver Products

SAP has released a total of six new security notes on its May 2021 Security Patch Day, along with updates for five other security notes, including three rated Hot News. read more
The Register

South Korea orders urgent review of energy infrastructure cybersecurity

No prizes for guessing why, as Colonial Pipeline outage stretches patience and looks like lasting a week South Korea’s Ministry of Trade, Energy and Infrastructure has ordered a review of the cybersecurity preparedness of the nation’s energy infrastructure.…
SecurityWeek

Ransomware Gang Threatens Release of DC Police Records

A Russian-speaking ransomware syndicate that stole data from the Washington, D.C., police department says negotiations over payment have broken down, with it rejecting a $100,000 payment, and it will release sensitive information that could put lives at risk if...