minute read
Share this article:
Up to 4,000 stolen files have been released by hackers who launched a ransomware attack against the Scottish Environmental Protection Agency on Christmas Eve.
On the heels of a ransomware attack against the Scottish Environmental Protection Agency (SEPA), attackers have now reportedly published more than 4,000 files stolen from the agency – including contracts and strategy documents.
After hitting SEPA on Christmas Eve with the attack, cybercriminals encrypted 1.2GB of information. The attack has affected SEPA’s email systems, which remain offline as of Thursday, according to the agency. However, SEPA, which Scotland’s environmental regulator, stressed on Thursday that it will not “engage” with the cybercriminals.
Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite.
Cisco is warning of multiple, critical vulnerabilities in its software-defined networking for wide-area networks (SD-WAN) solutions for business users.
Cisco issued patches addressing eight buffer-overflow and command-injection SD-WAN vulnerabilities. The most serious of these flaws could be exploited by an unauthenticated, remote attacker to execute arbitrary code on the affected system with root privileges.
“Cisco has released software updates that address these vulnerabilities,” according to Cisco in a Wednesday advisory. “There are no workarounds that address these vulnerabilities.”
One critical-severity flaw (CVE-2021-1299) exists in the web-based management interface of Cisco SD-WAN vManage aoftware. This flaw (which ranks 9.9 out of 10 on the CVSS scale) could allow an authenticated, remote attacker to gain root-level access to an affected system and execute arbitr
minute read
Share this article:
Researchers have traced the origins of a campaign – infecting SQL servers to mine cryptocurrency – back to an Iranian software firm.
Researchers have made new discoveries surrounding the source of a previously-uncovered cryptomining operation that has targeted internet-facing database servers.
The campaign, dubbed MrbMiner, was discovered in September 2020 downloading and installing a cryptominer on thousands of SQL servers. Now, researchers with Sophos have tracked the origin of the campaign to what they claim is a small software development company based in Iran.
“The name of an Iran-based software company was hardcoded into the miner’s main configuration file,” said researchers with Sophos in a Thursday analysis. “This domain is connected to many other zip files also containing copies of the miner. These zip files have in turn been downloaded from other domains, one of which is mrbftp.xyz.”