Last week Japanese automobile manufacturer Honda Motor disclosed a security incident that affected its IT systems in Japan and Europe. While the carmaker did not reveal the details of the attack, various reports suggest that the company became the victim of the EKANS (Snake) ransomware, which reportedly infected one of the carmaker's internal servers.
Researchers at the IBM X-Force Incident Response and Intelligence Services (IRIS) team detected a phishing campaign targeting a German multinational corporation (MNC) tasked with procurement of personal protective equipment (PPE) for healthcare workers, such as face masks and medical gear.
The hackers targeted more than 100 high-profile executives at a German multinational corporation. Overall, the researchers observed approximately 40 organizations being targeted in this campaign.
Microsoft patched a dangerous vulnerability in the Server Message Block (SMB) protocol as part of June Patch Tuesday release. The flaw dubbed SMBleed could allow attackers to leak kernel memory remotely or to achieve pre-auth remote code execution when chained with SMBGhost vulnerability, which was fixed three months ago.
Researchers from UK cyber-security firm Sophos have disclosed information about inner workings of the KingMiner botnet, which main purpose is to mine cryptocurrency.
In the observed attacks the KingMiner operators compromised MSSQL databases using brute-force attacks to guess username/password combinations of SQL servers. They then installed the xmrig cryptocurrency miner that would abuse the server's resources to generate profits for the gang.
Canada's Citizen Lab laboratory exposed a hack-for-hire espionage operation dubbed Dark Basin that has targeted thousands of individuals and hundreds of institutions all over the world, including advocacy groups, journalists, elected officials, lawyers, hedge funds and companies.
The Dark Basin operation has been linked to India-based company BellTroX InfoTech Services, a technology consultancy that advertised services such as “cyber intelligence” with the slogan “you desire, we do!”
As part of the investigation that started in 2017, CitizenLab discovered almost 28,000 shortened URLs containing e-mail addresses of targets. While the researchers initially suspected the campaign to be state-sponsored, later they came to a conclusion that Dark Basin is a hack-for-hire operation, given the variety of targets.
Researchers at Microsoft discovered a new attack vector against Kubernetes workloads that involves Kubeflow, a machine learning toolkit for Kubernetes.
According the experts, the attacks have been occurring since April, 2020, and they aim to install cryptojacking malware on Kubernetes clusters running Kubeflow instances exposed to the internet.
The researchers believe that the entry point for the attacks are misconfigured Kubeflow instances. Users often change the Kubeflow default settings for convenience purposes, which exposes the toolkit's admin panel on the internet.
Slovak police raided the premises of the state-run National Agency for Network and Electronic Services (NASES) as part of the investigation into the suspicious equipment connected to the state computer network GOVNET.
The police seized suspicious equipment and arrested four individuals related to NASES.
The authorities suspect that wiretapping devices were used to eavesdrop on all governmental e-mails and phone calls, which could pose a serious risk to national security. The police speculate that the espionage campaign could be the work of foreign intelligence services, or the private sector.