TFun dot org – Information Security newsfeed from around the world in English and French. Find it all in one place… here.

More Cybersecurity Firms Confirm Being Hit by SolarWinds Hack

26/01/2021Eduard Kovacs

Cybersecurity companies Mimecast and Qualys have apparently been targeted by the threat actor that breached the systems of IT management solutions provider SolarWinds as part of a sophisticated supply chain attack. Fidelis Cybersecurity has also confirmed being hit, but it’s unclear if it was specifically targeted. read more Source: Security Week

Ghost hack – criminals use deceased employee’s account to wreak havoc

26/01/2021Paul Ducklin

Most companies are quick to remove ex-staff from the payroll, but often not so quick to shut down their network access. Source: Naked Security Sophos New feed

Cyber Criminals trying to hack Russian popular Telegram channels using ads from GeekBrains

26/01/2021E Hacking News

The owners of the Telegram channels noted that scammers under the guise of advertising offers send malicious files. ” In particular, they can be represented by advertising managers of the GeekBrains educational platform”, Nikita Mogutin, the co-founder of the Telegram channel Baza (more than 310,000 subscribers), wrote on Facebook. Owner of the Telegram channel Madonna […]

NAT Slipstreaming 2.0 Exposes Devices on Internal Networks to Remote Attacks

26/01/2021Ionut Arghire

A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise any device on the local network, according to researchers at enterprise IoT security firm Armis. read more Source: Security Week

North Korea Targets Security Researchers in Elaborate 0-Day Campaign

26/01/202126/01/2021Elizabeth Montalbano

Hackers masquerade as security researchers to befriend analysts and eventually infect fully patched systems at multiple firms with a malicious backdoor. Source: Threatpost.com

Google Says Chrome Cookie Replacement Plan Making Progress

26/01/2021Associated Press

Google says it’s making progress on plans to revamp Chrome user tracking technology aimed at improving privacy even as it faces challenges from regulators and officials. read more Source: Security Week

Several DDoS Attack Records Broken in 2020

26/01/202126/01/2021Eduard Kovacs

Several companies that provide services for mitigating distributed denial-of-service (DDoS) attacks reported seeing records being broken in 2020. read more Source: Security Week

DDoS Campaign Exposed by the Security Firm Radware

26/01/2021Viplav Kushwah

Security firm Radware uncovered the threat actors’ campaign named ‘distributed denial-of-service’ (DDoS). This campaign was launched to target the same set of victims from September 2020 after the companies failed to pay the initial ransom between five and ten bitcoins ($160,000 and $320,000) as demanded by the threat actors. According to the reports, an […]

Business executives targeted with Office 365-themed phishing emails

26/01/2021Zeljka Zorz

An ongoing campaign powered by a phishing kit sold on underground forums is explicitly targeting high-ranking executives in a variety of sectors and countries with fake Office 365 password expiration notifications, Trend Micro researchers warn. The compromised login credentials are likely then sold on those same forums for $250 per account (or even higher). The […]

Australian Corporate Regulator Discloses Breach Involving Accellion Software

26/01/202126/01/2021Ionut Arghire

The Australian Securities and Investments Commission (ASIC) on Monday disclosed a security incident that involved Accellion software. read more Source: Security Week