Cyber Bites

New research by Google's Project Zero has recently discovered two exploit servers which were being used as watering hole attacks. The Project Zero report says "a highly sophisticated actor" who uses a complex targeting infrastructure is responsible for the attacks.  The Project Zero researchers said "they are well-engineered, complex code with a variety of novel exploitation methods, mature logging, sophisticated and calculated post-exploitation techniques, and high volumes of anti-analysis and targeting checks," and that "we believe...

Researchers at Kaspersky have recently discovered considerable similarities between the Sunburst and Kazuar backdoors. The similarities potentially link the Sunburst backdoors, used in the SolarWinds supply-chain attack, to a previously known Turla weapon. Kazuar, a malware written using the .NET framework, was first reported in 2017. These have been used in unison throughout various breaches over the past three years. Kaspersky claims that the Russian threat-actor, Turla (also known as Snake, Venomous Bear, Waterbug or...

After rioters stormed the U.S. Capitol last Wednesday, a hacker on Twitter archived the Trump supporters' posts on Parler to piece together the role the platform played in the insurgency. The hacker, who goes by @donk_enby on Twitter, claims her goal was to store every post relating to the assault before Parler was taken down. According to the Atlantic Council, Parler was used by conservatives and right wing extremists to plan the riot on January 6th....

Around 318 million social media account records, from platforms such as Instagram, Facebook and LinkedIn have been leaked online after SocialArks experience a cloud misconfiguration. Over 400GB of private and public data from 214 million social-media profiles has been exposed, with details of celebrities and social media influencers from all over the world being leaked. The data leak is the result of a misconfigured ElasticSearch database owned by SocialArks, a Chinese social-media management company. SocialArks...

Bitdefender, a Romanian cybersecurity firm, has released a free DarkSide ransomware decryptor which allows victims to recover their stole files without the need to pay a ransom. DarkSide is a ransomware that has been targeting organisations since August 2020 and since then has received a number of payouts, with a spike in its usage between October and December 2020. The decryptor by Bitdefender allows victims of DarkSide ransomware to scan their entire system in order...

37-year-old Russian Hacker, Andrei Tyurin was sentenced to 12 years in prison for the theft of personal information from several financial institutions, brokerage firms, financial news publishers and other large American companies. Among these was J.P. Morgan, which, as a result, suffered one of the largest thefts of U.S. customer data. More than 80 million J.P. Morgan Chase customers were affected. Tyurin was charged with computer intrusion, wire fraud, bank fraud, and illegal online gambling...

New Zeland's central bank, The Reserve Bank of New Zealand, has recently been hacked, with both personally and commercially sensitive information being stolen in the hack. News of the hack was first revealed on Sunday, and it has been reported that it was due to the breach of a third-party file sharing service which the bank use to store and share sensitive information. Fortunately, it's been reported that the hack did not affect the bank's...

Researchers at NinjaLab have discovered a vulnerability in Google's Titan physical security key which means it can be cloned. The vulnerability leaves the key exposed to hackers who can gain access to users accounts without the key's owner being aware. Physical two-factor authentication security keys, such as Titan, are known to be the strongest form of online security available as they require a username, password, and possession of the hardware key in order to gain...

The "free speech" social networking app Parler has been suspended from Google's Play Store after it failed to delete "egregious content". The app has also dropped offline after losing support from Amazon Web Services (AWS). Parler states that they are an "unbiased" social media platform, and is popular among those who have been removed from Twitter. Apple has also removed it from its App Store after previously warning to do so. Parler's chief executive John...

SolarWinds, the technology company that recently experienced a significant cyber-attack has hired Chris Krebs to deal with the fallout from the hack. Chris Krebs was Trump's former cybersecurity chief and has been hired by SolarWinds as an independent consultant. Krebs was head of the U.S. Cybersecurity Infrastructure and Security Agency (CISA), which alongside the FBI are leading the government's investigation into the SolarWinds attack. In a blog post SolarWinds' new CEO, Sudhakar Ramakrishna, said, "I...