2021 - Cyber Security Informer

Microsoft Patch Tuesday, December 2021 Edition

Krebs on Security

DECEMBER 14, 2021

“Basically the perfect ending to cybersecurity in 2021 is a 90s style Java vulnerability in an open source module, written by two volunteers with no funding, used by large cybersecurity vendors, undetected until Minecraft chat got pwned, where nobody knows how to respond properly,” researcher Kevin Beaumont quipped on Twitter.

Internet

Internet Internet Backups Data breaches

2021 Cyber Review: The Year Ransomware Disrupted Infrastructure

Lohrman on Security

DECEMBER 19, 2021

2021 will be remembered as the most disruptive year so far when it came to cyber attacks, with ransomware impacting businesses and governments — including critical infrastructure — as never before.

Ransomware

Ransomware Cyber Attacks Government

Microsoft Patch Tuesday, March 2021 Edition

Krebs on Security

MARCH 9, 2021

The IE weakness — CVE-2021-26411 — affects both IE11 and newer EdgeHTML-based versions, and it allows attackers to run a file of their choice by getting you to view a hacked or malicious website in IE.

DNS

DNS Internet Internet Software

Thoughts on the OWASP Top 10 2021

Daniel Miessler

SEPTEMBER 12, 2021

This post will talk about my initial thoughts on The OWASP Top 10 release for 2021. Let me start by saying that I have respect for the people working on this project, and that as a project maintainer myself, I know how impossibly hard this is.

Software

Software Information Security

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

In this webinar you will learn: What digital compliance looks like for remote, in-office, and hybrid businesses What factors to look for when evaluating your company's data privacy and security posture The ins and outs of HIPAA/SOC 2 in the context of a transition What tools or security measures your company can easily implement August 4, 2021 at 11:00 (..)

Data privacy

Why No HTTPS? The 2021 Version

Troy Hunt

AUGUST 12, 2021

More than 3 years ago now, Scott Helme and I launched a little project called Why No HTTPS? It listed the world's largest websites that didn't properly redirect insecure requests to secure ones.

VPN

Security and Human Behavior (SHB) 2021

Schneier on Security

JUNE 4, 2021

Today is the second day of the fourteenth Workshop on Security and Human Behavior. The University of Cambridge is the host, but we’re all on Zoom. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself.

Risk

Data Breach Numbers, Costs and Impacts All Rise in 2021

Lohrman on Security

OCTOBER 10, 2021

By almost any measure, the breadth, depth and impact of data breaches have dramatically increased during the COVID-19 pandemic. Here’s a roundup of the numbers.

Data breaches

U.S. Authorities recovered $31 Million Related to 2021 Uranium Finance cyber heist

Security Affairs

MARCH 3, 2025

authorities have recovered $31 million in cryptocurrency stolen during the 2021 cyberattacks on Uranium Finance. authorities recovered $31 million in cryptocurrency stolen in 2021 cyberattacks on Uranium Finance, which is a decentralized finance (DeFi) protocol built on Binances BNB Chain.

Cryptocurrency

Cryptocurrency Hacking Cyber Attacks Marketing

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? During this session he will cover: Major attacks of 2021. The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. Ransomware growth trends and stats. The costs and impact of a ransomware attack.

Ransomware

Microsoft Patches Six Zero-Day Security Holes

Krebs on Security

JUNE 8, 2021

Among the zero-days are: – CVE-2021-33742 , a remote code execution bug in a Windows HTML component. – CVE-2021-31955 , an information disclosure bug in the Windows Kernel. – CVE-2021-31956 , an elevation of privilege flaw in Windows NTFS.

Backups

Backups Ransomware Cyber threats Phishing

Upcoming Speaking Engagements

Schneier on Security

JULY 14, 2021

This is a current list of where and when I am scheduled to speak: I’m speaking at Norbert Wiener in the 21st Century , a virtual conference hosted by The IEEE Society on Social Implications of Technology (SSIT), July 23-25, 2021. I’m speaking at DEFCON 29 , August 5-8, 2021. I’ll be speaking at an Informa event on September 14, 2021.

Internet

Internet Internet Technology

Linux-Targeted Malware Increased by 35%

Schneier on Security

JANUARY 24, 2022

Crowdstrike is reporting that malware targeting Linux has increased considerably in 2021: Malware targeting Linux systems increased by 35% in 2021 compared to 2020. XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021. Lots of details in the report.

Malware

Malware Accountability

Upcoming Speaking Engagements

Schneier on Security

AUGUST 14, 2021

This is a current list of where and when I am scheduled to speak: I’m speaking (via Internet) at SHIFT Business Festival in Finland, August 25-26, 2021. I’ll be speaking at an Informa event on September 14, 2021. I’m keynoting CIISec Live —an all-online event—September 15-16, 2021. Details to come.

Data privacy

Data privacy Internet Internet Cybersecurity

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association

August 18, 2021 at 11:00 am PDT, 2:00 pm EDT, 7:00 pm BST Best practices to retain full control over your payments data using payment orchestration. How to make sure that transactions are routed to the fastest, most cost-effective PSP every time. This is an exclusive webinar you won't want to miss!

Marketing

U.S. Offered $10M for Hacker Just Arrested by Russia

Krebs on Security

DECEMBER 4, 2024

“Don’t s**t where you live, travel local, and don’t go abroad,” Wazawaka wrote in January 2021 on the Russian-language cybercrime forum Exploit. Earlier this year, Russian authorities arrested at least two men for allegedly operating the short-lived Sugarlocker ransomware program in 2021.

Cybercrime

Cybercrime Ransomware Cryptocurrency Government

Perfectl Malware

Schneier on Security

OCTOBER 14, 2024

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said.

Malware

Malware Cryptocurrency Internet Internet

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

codes in 2021 using the password “ ceza2003 ” [full disclosure: Constella is currently an advertiser on KrebsOnSecurity]. Archive.org’s history for that domain shows that in 2021 it featured a website for a then 18-year-old Altu ara from Ankara, Turkey. LinkedIn finds this same altugsara[.]com

Hacking

Hacking Cybercrime Advertising Data breaches

Microsoft Issues Emergency Patch for Windows Flaw

Krebs on Security

JULY 7, 2021

At issue is CVE-2021-34527 , which involves a flaw in the Windows Print Spooler service that could be exploited by attackers to run code of their choice on a target’s system. Microsoft says it has already detected active exploitation of the vulnerability.

Backups

Backups Software Engineering

Ransomware Attacks and Response: What You Need to Know Now

Lohrman on Security

NOVEMBER 7, 2021

Not only is ransomware the top cybersecurity story in 2021, but new twists, turns and countermeasures keep coming. Here are the latest headlines and what news you need.

Ransomware

Ransomware Cybersecurity

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Krebs on Security

SEPTEMBER 8, 2021

According to a security advisory from Redmond, the security hole CVE-2021-40444 affects the “MSHTML” component of Internet Explorer (IE) on Windows 10 and many Windows Server versions. Virtually every month in 2021 so far, Microsoft has been forced to respond to zero-day threats targeting huge swaths of its user base.

Software

Software Engineering Internet Internet

Hiding Vulnerabilities in Source Code

Schneier on Security

NOVEMBER 1, 2021

This potentially devastating attack is tracked as CVE-2021-42574, while a related attack that uses homoglyphs –- visually similar characters –- is tracked as CVE-2021-42694.

Engineering

The Consumer Authentication Strength Maturity Model (CASMM)

Daniel Miessler

MARCH 24, 2021

Mar 24, 2021 — Thanks to Andrew R. Mar 24, 2021 — Someone mentioned that there are higher ranks of authentication out there, which I agree with, but this is specifically for everyday users. Mar 24, 2021 — We can pronounce the acronym as “Chasm”, as in, “Lets see how deep into the chasm you are…” ??.

Authentication

Authentication Passwords Internet Internet

Experts found multiple flaws in Mercedes-Benz infotainment system

Security Affairs

JANUARY 21, 2025

In May 2019, Security researchers with Tencent Security Keen Lab identified five vulnerabilities , tracked as CVE-2021-23906, CVE-2021-23907, CVE-2021-23908, CVE-2021-23909, and CVE-2021-23910, in the latest infotainment system in Mercedes-Benz cars.

Software

Software Architecture Media Engineering

Four REvil Ransomware members sentenced for hacking and money laundering

Security Affairs

OCTOBER 27, 2024

In November 2021, the US Department of Justice charged Vasinskyi, REvil ransomware affiliate, for orchestrating the ransomware attacks on Kaseya MSP platform that took place on July 4, 2021.

Ransomware

Ransomware Hacking Malware Cybercrime

Upcoming Speaking Engagements

Schneier on Security

OCTOBER 14, 2021

This is a current list of where and when I am scheduled to speak: I’ll be speaking at an Informa event on November 29, 2021. Details to come. The list is maintained on this page.

Beg Bounties

Troy Hunt

NOVEMBER 8, 2021

Here's the thread: I f **g hate beg bounties 😡 pic.twitter.com/Giv4JRRaty — Troy Hunt (@troyhunt) November 6, 2021. Hammad continued a few minutes later: pic.twitter.com/uoaGstoASH — Troy Hunt (@troyhunt) November 6, 2021 And there we have it.

Scams

Scams Data breaches InfoSec Social Engineering

500M Avira Antivirus Users Introduced to Cryptomining

Krebs on Security

JANUARY 8, 2022

In January 2021, Avira was acquired by Tempe, Ariz.-based NortonLifeLock announced Avira Crypto in late October 2021 , but multiple other antivirus products have flagged Avira’s installer as malicious or unsafe for including a cryptominer as far back as Sept. Founded in 2006, Avira Operations GmbH & Co. Avira Free Antivirus).

Antivirus

Antivirus Cryptocurrency Identity Theft Software

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Prioritize fixing vulnerabilities exploited by Ghost, such as ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207). Patching and vulnerability management Apply timely security updates to operating systems, software, and firmware. Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts.

Ransomware

Ransomware IoT Encryption Social Engineering

Law Enforcement Access to Chat Data and Metadata

Schneier on Security

DECEMBER 10, 2021

A January 2021 FBI document outlines what types of data and metadata can be lawfully obtained by the FBI from messaging apps. Rolling Stone broke the story and it’s been written about elsewhere. I don’t see a lot of surprises in the document. Lots of apps leak all sorts of metadata: iMessage and WhatsApp seem to be the worst.

Backups

Backups Encryption

Possible Government Surveillance of the Otter.ai Transcription App

Schneier on Security

FEBRUARY 17, 2022

It read: “Hey Phelim, to help us improve your Otter’s experience, what was the purpose of this particular recording with titled ‘Mustafa Aksu’ created at ‘2021-11-08 11:02:41’?”. The next day, I received an odd note from Otter.ai, the automated transcription app that I had used to record the interview. Turns out it’s hard to tell.

Surveillance

Surveillance Government

The Subsequent Waves of log4j Vulnerabilities Aren’t as Bad as People Think

Daniel Miessler

DECEMBER 18, 2021

From the Apache advisory: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 Look for ${event:Message} or ${ctx:*} in your log4j2 properties or xml files — d0nut (@d0nutptr) December 15, 2021. POV: you follow me pic.twitter.com/Xw33fmji1A — d0nut (@d0nutptr) December 15, 2021. Shame on me.

Internet

Internet Internet Information Security

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

Security Affairs

FEBRUARY 13, 2025

“ Since 2021, Seashell Blizzard’s subgroup has exploited vulnerable infrastructure using scanning tools, evolving TTPs for persistence and lateral movement. Since 2021, Seashell Blizzards subgroup has used web shells for persistence, the group was observed exploiting Microsoft Exchange (CVE-2021-34473) and Zimbra (CVE-2022-41352).

Telecommunications

Telecommunications DNS Passwords Hacking

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Security Affairs

JANUARY 4, 2025

. “These incidents have been publicly attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has been active since at least 2021, often targeting organizations within U.S. critical infrastructure sectors.“

Cybersecurity

Cybersecurity IoT Hacking Technology

Nasty Printer Driver Vulnerability

Schneier on Security

JULY 22, 2021

The bug (CVE-2021-3438) has lurked in systems for 16 years, researchers at SentinelOne said, but was only uncovered this year. If exploited, cyberattackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights. It carries an 8.8

Encryption

Encryption Accountability

New T-Mobile Breach Affects 37 Million Accounts

Krebs on Security

JANUARY 19, 2023

In August 2021, T-Mobile acknowledged that hackers made off with the names, dates of birth, Social Security numbers and driver’s license/ID information on more than 40 million current, former or prospective customers who applied for credit with the company.

Mobile

Mobile Accountability Data breaches Identity Theft

People Are Increasingly Choosing Private Web Search

Schneier on Security

JANUARY 6, 2022

The privacy-oriented search engine netted more than 35 billion search queries in 2021 , a 46.4% DuckDuckGo has had a banner year : And yet, DuckDuckGo. jump over 2020 (23.6 That’s big.

Engineering

Engineering Internet Internet

Netgear urges users to upgrade two flaws impacting WiFi router models

Security Affairs

FEBRUARY 4, 2025

Netgear addressed two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117 , impacting multiple WiFi router models and urged customers to install the latest firmware. Netgear disclosed two critical flaws impacting multiple WiFi router models and urges customers to address them. ” reads the advisory.

Firmware

Firmware Authentication Hacking Information Security

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

The vulnerabilities impact the Mazda Connect Connectivity Master Unit (CMU) system installed in multiple car models, including the Mazda 3 model year 2014-2021. Like in so many cases, these vulnerabilities are caused by insufficient sanitization when handling attacker-supplied input.” ” reads the advisory.

Hacking

Hacking Firmware Software Manufacturing

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection

Data collection Authentication Government Hacking

Inside Ireland’s Public Healthcare Ransomware Scare

Krebs on Security

DECEMBER 13, 2021

The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. Ireland’s Health Service Executive (HSE), which operates the country’s public health system, got hit with Conti ransomware on May 14, 2021.

Healthcare

Healthcare Ransomware Antivirus Hacking

Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities

Security Affairs

MARCH 13, 2025

Authenticated SSRF Attempt (No CVE Assigned; See Right Link) Zimbra Collaboration Suite SSRF Attempt Organizations should promptly patch and secure affected systems, apply mitigations for targeted CVEs, and restrict outbound access to necessary endpoints.

Authentication

Authentication Hacking Software Information Security

FBI Shuts Down Chinese Botnet

Schneier on Security

SEPTEMBER 19, 2024

Those devices were used to help infiltrate sensitive networks related to universities, government agencies, telecommunications providers, and media organizations… The botnet was launched in mid-2021, according to the FBI, and infected roughly 260,000 devices as of June 2024.

Telecommunications

Telecommunications Media Malware Internet

When Apps Go Rogue

Schneier on Security

AUGUST 30, 2023

With more official macOS features added in 2021 that enabled the “Night Shift” dark mode, the NightOwl app was left forlorn and forgotten on many older Macs. Interesting story of an Apple Macintosh app that went rogue. Basically, it was a good app until one particular update…when it went bad.

Microsoft Patch Tuesday, December 2021 Edition

2021 Cyber Review: The Year Ransomware Disrupted Infrastructure

Trending Sources

Microsoft Patch Tuesday, March 2021 Edition

Thoughts on the OWASP Top 10 2021

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Why No HTTPS? The 2021 Version

Security and Human Behavior (SHB) 2021

Data Breach Numbers, Costs and Impacts All Rise in 2021

U.S. Authorities recovered $31 Million Related to 2021 Uranium Finance cyber heist

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Microsoft Patches Six Zero-Day Security Holes

Upcoming Speaking Engagements

Linux-Targeted Malware Increased by 35%

Upcoming Speaking Engagements

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

U.S. Offered $10M for Hacker Just Arrested by Russia

Perfectl Malware

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Microsoft Issues Emergency Patch for Windows Flaw

Ransomware Attacks and Response: What You Need to Know Now

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Hiding Vulnerabilities in Source Code

The Consumer Authentication Strength Maturity Model (CASMM)

Experts found multiple flaws in Mercedes-Benz infotainment system

Four REvil Ransomware members sentenced for hacking and money laundering

Upcoming Speaking Engagements

Beg Bounties

500M Avira Antivirus Users Introduced to Cryptomining

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Law Enforcement Access to Chat Data and Metadata

Possible Government Surveillance of the Otter.ai Transcription App

The Subsequent Waves of log4j Vulnerabilities Aren’t as Bad as People Think

Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Nasty Printer Driver Vulnerability

New T-Mobile Breach Affects 37 Million Accounts

People Are Increasingly Choosing Private Web Search

Netgear urges users to upgrade two flaws impacting WiFi router models

Mazda Connect flaws allow to hack some Mazda vehicles

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Inside Ireland’s Public Healthcare Ransomware Scare

Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities

FBI Shuts Down Chinese Botnet

When Apps Go Rogue

Stay Connected