New Malware Targets Windows Subsystem for Linux to Evade Detection

The Hacker News reports an new malware focusing on Linux systems.

A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines.

The "distinct tradecraft" marks the first instance where a threat actor has been found abusing WSL to install subsequent payloads.

Read further on The Hacker News


Stolen Credentials Led to Data Theft at United Nations

The Threat Post reported on cybersecurity incident in U.N.O. caused by credentials theft.

A threat actor used stolen credentials from a United Nations employee to breach parts of the UN’s network in April and steal critical data, a spokesman for the intergovernmental organization has confirmed.

That data lifted from the network can be used to target agencies within the UN, which already has experienced and responded to “further attacks” linked to the breach, Stéphane Dujarric, spokesman for the UN Secretary-General, told Bloomberg, which broke the news in a report published Thursday.

Read further on The Threat Post


Critical Cosmos Database Flaw Affected Thousands of Microsoft Azure Customers

The Hacker News reported on critical Cosmos database flow which can potentially affect thousands of Azure customers.

Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization.

The flaw, which grants read, write, and delete privileges, has been dubbed "ChaosDB," with Wiz researchers noting that "the vulnerability has a trivial exploit that doesn't require any previous access to the target environment, and impacts thousands of organizations, including numerous Fortune 500 companies."

Read further on The Hacker News


Trilight Security Has Been Featured 4th Among Top 40 IT Service Companies in Estonia

The Manifest, a renowned business news and how-to website, a sister website of Clutch, which is a famous B2B ratings and reviews platform. The Manifest launched in February 2018 and since then won a reputation for the data-driven benchmarks, how-to guides and agency shortlist.

In August, 2021, The Manifest published its new shortlist TOP 40 IT SERVICES COMPANIES IN ESTONIA, where Trilight Security has been featured at high fourth place among top Estonian IT Services companies, and basically, the top company regarding cybersecurity specialization.

Trilight Security Team is proud to get yet another confirmation of its skills and efforts in cybersecurity field.

Read the shortlist on The Manifest


This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection

The Hacker News published a report on the malware cheating Windows Defender

Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign.

"The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers said in a report shared with The Hacker News. "The malware arrives on target systems by posing as cracked installers. It downloads a malware sprayer that obtains a list of URLs from the C2 server and downloads the payloads from the received links."

Read more on The Hacker News


CISA Publishes Catalog of Poor Security Practices

The DARKReading edition published a list of poor security practices

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) is creating a catalog of poor security practices that increase risk for organizations, especially those supporting designated critical infrastructure or what it calls National Critical Functions (NCFs).

Security professionals, including the team at CISA, often focus on promoting best practices they should take, wrote CISA Executive Assistant Director Eric Goldstein in a blog post on the news. It's equally important, he continued, that they focus on stopping poor security practices as well.

Read more on the DARKReading.


5 Critical Steps to Recover From a Ransomware Attack

The Hacker News published a short manual on essential steps for recovery after ransomware attack.

Hackers are increasingly using ransomware as an effective tool to disrupt businesses and fund malicious activities.

A recent analysis by cybersecurity company Group-IB revealed ransomware attacks doubled in 2020, while Cybersecurity Ventures predicts that a ransomware attack will occur every 11 seconds in 2021.

Read further on The Hacker News


DarkSide Ransomware Gang Extorted $90 Million from Several Victims in 9 Months

The Hacker News reported on ransomeware campaign of DarkSide.

"In total, just over $90 million in bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets," blockchain analytics firm Elliptic said. "According to DarkTracer, 99 organisations have been infected with the DarkSide malware - suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million."

Read further on the Hacker News


Global Phishing Attacks Spawn Three New Malware Strains

The Threat Post reported on large scale phishing attack.

Two waves of global financial phishing attacks that swamped at least 50 organizations in December have delivered three new malware families, according to a report from FireEye’s Mandiant cybersecurity team.

On Tuesday, the team said that they’ve dubbed the hitherto-unseen malware strains  Doubledrag, Doubledrop, and Doubleback. What Mandiant called the “trifecta” spear-phishing campaign twice hit a wide swath of industries worldwide: first on Dec. 2, 2020, with a second wave launched between Dec. 11 and Dec. 18, 2020.

Read further on The Threat Post


3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances

The Hacker News informed that SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild.

Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidiary on March 26, 2021, after the cybersecurity firm detected post-exploitation web shell activity on an internet-accessible system within a customer's environment that had SonicWall's Email Security (ES) application running on a Windows Server 2012 installation. A third flaw (CVE-2021-20023) identified by FireEye was disclosed to SonicWall on April 6, 2021

Read more on The Hacker News