Apple Apologizes for Ignoring Zero Day Reports

Microsoft discovers new FoggyWeb espionage malware, Firefox Safepal Wallet scammed users out of currency, BloodyStealer malware swipes gamers' accounts, hit by DDoS, more

After security researcher Denis Tokarev revealed three unpatched iPhone zero day flaws, which he felt forced to publish because Apple ignored him, Apple sent him an apology email.

"We want to let you know that we are still investigating these issues and how we can address them to protect customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance. Please let us know if you have any questions,” Apple said in its email. (Lorenzo Franceschi-Bicchierai / Motherboard)

Related: Security Week, MacDailyNews, 9to5Mac, MacRumors, MacDailyNews

Microsoft has discovered new malware called FoggyWeb used by the Nobelium hacking group, the Russian Foreign Intelligence Service (SVR) hacking division, commonly known as APT29, The Dukes, or Cozy Bear. The malware deploys additional payloads and steals sensitive info from Active Directory Federation Services (AD FS) server.

The new malware is a "passive and highly targeted" backdoor that abuses the Security Assertion Markup Language (SAML) token. It is designed to exfiltrate sensitive information from compromised AD FS servers remotely. In April, the U.S. government formally attributed the massive SolarWinds espionage effort to Nobelium. (Sergiu Gatlan / Bleeping Computer)

Related: Microsoft Security, iTnews, Reddit - cybersecurity, The Hacker News

A malicious Firefox add-on named "Safepal Wallet" scammed users and emptied their cryptocurrency wallets.

One user named Cali discovered that Safepal Wallet transferred $4,000 worth of their coins to another wallet. Although the Safepal Wallet has been removed from the Mozilla add-on store, a phishing site set up by the threat actors is still up. (Ax Sharma / Bleeping Computer)

Related: TechRadar

Cybersecurity researchers at Kaspersky Lab discovered a new advanced trojan sold on Russian underground forums that they call BloodyStealer. The newly discovered malware comes with capabilities to steal users' accounts on popular online video game distribution services, including Steam, Epic Games Store, and EA Origin.

The researchers say they first detected the malicious tool in March 2021 advertised for sale at a price of 700 RUB (less than $10) for one month or $40 for a lifetime subscription. BloodySteaker attacks have been uncovered so far in Europe, Latin America, and the Asia-Pacific region. (Ravie Lakshmanan / The Hacker News)

Related: Hindustan Times, Reddit - cybersecurity, Spyware news, Engadget, Security Affairs, Securelist, The Hacker News

Voice over Internet Protocol (VoIP) services company has become the latest victim of DDoS attacks targeting VoIP providers.

On the afternoon of September 25, Bandwidth began reporting that they were experiencing unexpected failures with their voice and messaging services. VoIP service providers Twilio, Accent, DialPad,, and RingCentral that rely on telephony provided by Bandwidth maintain the outages are due to DDoS attacks. Bandwidth reports that their services are restored, and it is not clear if the threat actors stopped their attacks or were paid an extortion demand. (Lawrence Abrams / Bleeping Computer)

Related: Techradar

Share Metacurity

According to research conducted by the cybersecurity firm Censinet for the Ponemon Institute, almost a quarter of healthcare organizations hit with a ransomware attack in the last two years experienced an increase in the death rate following those incidents.

Slightly more than 40% of the 600 healthcare organizations surveyed say they had experienced a ransomware attack in the past two years. (Nicole Wetsman / The Verge)

Related: Fierce Healthcare, Healthcare IT News, SC Magazine, Censinet

The U.S. Federal Communications Commission (FCC) said it would open a $1.9 billion program to reimburse mostly rural U.S. telecom carriers for removing network equipment made by Chinese companies deemed national security threats such as Huawei and ZTE Corp.

The Commission previously estimated it would cost $1.837 billion to remove and replace Huawei and ZTE equipment from networks. (David Shepardson / Reuters)

Related: iTnews - Security, South China Morning Post, ZDNet Security, PhoneArena, Slashdot, FCC, GovernmentCyber

Microsoft CEO Satya Nadella called the company’s near-acquisition of video app TikTok the “strangest thing I’ve ever worked on.”

Donald Trump had ordered TikTok to separate its U.S. version from Chinese parent ByteDance supposedly due to national security concerns. Those concerns stemmed from fears that the government in Beijing could access TikTok user data or implant malware in the app’s software. (Paresh Dave / Reuters)

Related: Engadget, BusinessWorld, CNBC Technology, GeekWire Original

Cloudflare announced it now offers a pair of email safety and security offerings, Email Routing and Email Security DNS Wizard, to catch more phishing attempts.

The tool, primarily aimed at small and medium-sized business, allow customers to place Cloudflare in front of their email hosting providers, essentially allowing Cloudflare to receive and process emails before sending them through to the email providers. (Lily Hay Newman / Wired)

Related: Fast Company, CloudFlare, Business Wire Technology News, Security Week, Tech.Co, Security Brief, Techradar, Dark Reading, Slashdot

Under an executive order signed by Donald Trump on January 19, the Commerce Department is seeking comments on “regulations to govern the process and procedures that the Secretary will use to deter foreign malicious cyber actors’ use of United States Infrastructure as a Service (IaaS) products and assist in the investigation of transactions involving foreign malicious cyber actors.”

EO 13984 requires “more robust” record-keeping practices and user identification and verification standards to better assist investigative efforts. It also encourages adopting and adhering to security best practices to deter abuse of IaaS products. (Jordan Smith / Meritalk)

Related: GovInfoSecurity, Channel Futures, Federal Register

The National Institute of Standards and Technology (NIST) is taking public comment on the new draft of its Ransomware Profile until October 8.

The draft Profile selects and interprets the relevant sections of the NIST Cybersecurity Framework that are most relevant to help organizations protect against ransomware attacks. (Kelly Teal / Channel Futures)

Related: NIST

Cybersecurity company Coalition has raised $205 million in a Series E funding round.

Durable Capital, T. Rowe Price, and Whale Rock Capital co-led the round with participation from existing investors. (Carly Page / TechCrunch)

Related: Venture Beat, Globe Newswire, Crunchbase News

Cloud-based, AI-powered threat detection company SenseOn has raised $20 million in a Series A venture funding round.

Eight Roads Ventures led the round with participation from existing investors MMC Ventures, Crane Venture Partners, and Winton Ventures. (Jack Kennedy / Silicon Republic)

Related: Business Wire Technology News, TechCrunch, Security Week

Photo by Laurenz Heymann on Unsplash