Cybersecurity News

Cybersecurity Roundup, July 16, 2021

Not everyone can benefit from end-of-life products, but hackers surely can. SonicWall users can anytime become ransomware victims if they do not discontinue using certain products that have exhausted their shell life. Learn about four zero-day security flaws, some involved in global attack campaigns this year, as detailed by Google. Also, did you know a quarter of exploits being sold in the underground markets are over three years old? Keep reading for the top ten cybersecurity news from the past 24 hours.

  1. SonicWall warned customers of an imminent risk of ransomware attacks targeting Secure Mobile Access applicances and Secure Remote Access products.
  2. Google TAG disclosed four zero-day flaws across products that cybercriminals have exploited this year so far in three different campaigns, including an attack on Safari browser that targeted officials in Western Europe.
  3. Experts believe Romanian threat actors have likely been cracking passwords on Linux-based machines using a never-before-seen SSH brute-forcer, dubbed Diicot brute, in order to illicitly mine cryptocurrencies.
  4. The Zscaler team laid bare a spear-phishing campaign aimed at organizations based in Pakistan. The campaign deploys NetwiredRC RAT for information stealing purposes.
  5. Hackers gained access to the SSNs of 27 individuals in a ransomware attack by the Conti group that led to a partial shutdown of systems in the City of Tulsa for months.
  6. According to Trend Micro, 22% of exploits for sale in underground forums are more than three years old with CVE-2012-0158, a Microsoft RCE, being the oldest.
  7. The U.S. government is offering up to $10 million for information leading to the identification or location of any suspect who has been indulged, directly or indirectly, in cyber activities against the country’s critical infrastructure.
  8. KnowBe4 noted a sudden spike in phishing emails related to HR topics with 42% of phishing messages related to LinkedIn.
  9. Virsec, a San Jose-based application security company, raised $100 million in Series C funding led by BlueIO, with participation from Allen & Company LLC, Arena Holdings, Intuitive Venture Partners, and others.
  10. Endpoint security solutions provider Cybereason raised $275 million in Series F funding led by Liberty Strategic Capital.