Sweden Shut Down Infectious Disease Database After Intrusions
June 2, 2021
@prajeetspeaks) • June 1, 2021 Get Permission
SmiNet, Sweden’s infectious diseases database, was temporarily shut down last week by the country’s public health agency, Folkhälsomyndigheten, following several attempted cyber intrusions. The Thursday shutdown interrupted the reporting of COVID-19 statistics.
The public health agency reports that it was able to restore the database on Friday. As a result of the temporary shutdown, the agency will not release an updated report on COVID-19 statistics until June 3, an agency spokesperson tells Information Security Media Group.
The agency has not disclosed whether the attack involved ransomware. It reported the incident to the police and to the Swedish Authority for Privacy Protection.
Mandiant reported that the compromises involving Pulse Secure’s VPN appliances were at organizations across the defense, government, high tech, transportation and financial sectors.
As cryptocurrency values continue to rise, cryptojacking becomes more attractive to cybercriminals. Now, a powerful hardware-based threat detection technology is being integrated into a Microsoft enterprise security product to help protect businesses from cryptojacking malware. The action integrates Intel Threat Detection Technology with Microsoft Defender for Endpoint.
minute read
Share this article:
One of the workaround XML files automatically deactivates protection from an earlier workaround: a potential path to older vulnerabilities being opened again.
Pulse Secure has issued a workaround for a critical remote-code execution (RCE) vulnerability in its Pulse Connect Secure (PCS) VPNs that may allow an unauthenticated, remote attacker to execute code as a user with root privileges.
Pulse Secure’s parent company, Ivanti, issued an out-of-band advisory on May 14. The company explained that this high-severity bug – identified as CVE-2021-22908 and rated CVSS 8.5 – affects Pulse Connect Secure versions 9.0Rx and 9.1Rx.
“Buffer Overflow in Windows File Resource Profiles in 9.X allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user,” according to the advisory. “As of version 9.1R3, this permission is not enabled by default.”
American Airlines flight 718, a Boeing 737 Max, is seen parked at its gate at Miami International Airport as passengers board for a flight to New York on December 29, 2020 in Miami, Florida. A campaign of remote access trojans is targeting the aerospace and travel industries. (Photo by Joe Raedle/Getty Images)
Microsoft Security Intelligence earlier this week tweeted out that it has been tracking a campaign of remote access trojans (RATs) targeting the aerospace and travel industries with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AysncRAT.
As part of the tweet exchange it was pointed out that attackers use the RATs for data theft, follow-on activity and additional payloads, including Agent Tesla, which they use for data exfiltration. The loader is under active development and is dubbed Snip3 by Morphisec.