April 30, 2021 at 03:58PM

■■■■□ A financially motivated threat actor exploited a zero-day bug in Sonicwall SMA 100 Series VPN appliances to deploy new ransomware known as FiveHands on the networks of North American and European targets. https://www.bleepingcomputer.com/news/security/new-ransomware-group-uses-sonicwall-zero-day-to-breach-networks/ https://t.me/cKure/7792

April 30, 2021 at 01:09PM

■■■□□ Microsoft security researchers have discovered over two dozen critical remote code execution (RCE) vulnerabilities in Internet of Things (IoT) devices and Operational Technology (OT) industrial systems. https://www.bleepingcomputer.com/news/security/microsoft-finds-critical-code-execution-bugs-in-iot-ot-devices/ https://t.me/cKure/7791

April 30, 2021 at 01:08PM

■■■■□ Cyber espionage. Kaspersky spots CIA malware with backdoor capabilities. Dubbed Purple Lambert by Kaspersky; the malware passively listens to network traffic and search for a “magic packet.” https://www.hackread.com/kaspersky-cia-malware-backdoor-capabilities/ https://t.me/cKure/7790

April 29, 2021 at 09:33PM

■□□□□ Data-Leak: Digital Ocean springs a leak: Miscreant exploits hole to peep on unlucky customers’ billing details for two weeks. https://go.theregister.com/feed/www.theregister.com/2021/04/29/digital_ocean_data_leak/ https://t.me/cKure/7785

April 29, 2021 at 09:32PM

■■■□□ Center for Threat-Informed Defense teams up with Microsoft, partners to build the ATT&CK for Containers matrix. https://www.microsoft.com/security/blog/2021/04/29/center-for-threat-informed-defense-teams-up-with-microsoft-partners-to-build-the-attck-for-containers-matrix/ https://t.me/cKure/7784