Ubiquiti may have a lot to answer to after recent allegations of their possible downplaying of January’s breach. The allegation involves an attacker gaining access to Ubiquiti’s Amazon Web Services (AWS) account via an employee’s account with root (read/write admin or higher permissions) level access to all of Ubiquiti’s AWS accounts. The whistleblower alleged that the … [Read more...]
Attempted PHP Backdoor Foiled
The PHP Group, the collection of developers responsible for maintaining the reference source code and implementation for the popular web scripting language PHP, made the decision to retire their self-maintained code repository server and move to GitHub after an unknown threat actor inserted a backdoor into the core PHP code library through a git pull request. The change, … [Read more...]
DevilXploit and Website Defacement
Sporting and competition are a mainstay of the human spirit. And in that spirit, we find new ways to compete. A classic example of this is website defacement, where a malicious hacker compromises a website and uses the page itself to show off their conquest. A WatchGuard customer recently submitted a domain that they flagged for phishing. We visited the page … [Read more...]
Alleged Acer REvil Ransomware Infection Breaks Record with $50+ Million Demand
The REvil ransomware group has come to prominence recently by infecting networks around the world with ransomware and demanding large sums of money from their victims. The group commonly posts proof of their successful ransomware efforts on their blog, called Happy Blog, where one of their most recent victims, Acer, has appeared on the list. Acer has yet to confirm the … [Read more...]
China Suspected of Targeting Email Server During Elections in Australia
As reported by ABC Australia, an Australian government email server fell victim to what we suspect was the Exchange server vulnerability disclosed earlier this month. Officials detected Chinese hackers targeting Western Australia's parliamentary email server just nine days before the state’s elections, March 13th. The attack comes after another cyber attack last June, again … [Read more...]