Microsoft January 2021 Patch Tuesday fixes 83 flaws, 1 zero-day

Posted by & filed under Ειδοποιήσεις.

With the January 2021 Patch Tuesday security updates release, Microsoft has released fixes for 83 vulnerabilities, with ten classified as Critical and 73 as Important. There is also one zero-day and one previously disclosed vulnerabilities fixed as part of the January 2021 updates. For information about the non-security Windows updates, you can read about today’s Windows 10 KB4598229… Read more »

DarkSide ransomware decryptor recovers victims’ files for free

Posted by & filed under Ειδοποιήσεις.

Romanian cybersecurity firm Bitdefender has released a free decryptor for the DarkSide ransomware to allow victims to recover their files without paying a ransom. DarkSide is a human-operated ransomware that has already earned millions in payouts since it started targeting enterprises in August 2020. The operation has seen a spike in activity between October and December 2020 when the amount… Read more »

Sunburst backdoor shares features with Russian APT malware

Posted by & filed under Security News.

Kaspersky researchers found that the Sunburst backdoor, the malware deployed during the SolarWinds supply-chain attack, shows feature overlaps with Kazuar, a .NET backdoor tentatively linked to the Russian Turla hacking group. Turla (aka VENOMOUS BEAR and Waterbug) has been coordinating information theft and espionage campaigns as far back as 1996 and is the main suspect behind attacks targeting the Pentagon and NASA, the U.S…. Read more »

Ryuk ransomware Bitcoin wallets point to $150 million operation

Posted by & filed under Ειδοποιήσεις.

Security researchers following the money circuit from Ryuk ransomware victims into the threat actor’s pockets estimate that the criminal organization made at least $150 million. They found that Ryuk operators primarily use two legitimate cryptocurrency exchanges to cash out the Bitcoin from paying victims as fiat money. Ryuk’s money circuit Threat intelligence companies Advanced Intelligence and HYAS tracked 61… Read more »

Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products

Posted by & filed under Ειδοποιήσεις.

Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), affects version 4.60 present in a wide-range of Zyxel devices, including Unified Security Gateway (USG),… Read more »