Ransomware gang hacks Ecuador’s largest private bank, Ministry of Finance
www.bleepingcomputer.com/news/security/ransomware-gang-hacks-ecuadors-largest-private-bank-ministry-of-finance/ A hacking group called ‘Hotarus Corp’ has hacked Ecuador’s Ministry of Finance and the country’s largest bank, Banco Pichincha, where they claim to have stolen internal data.
Ryuk ransomware now self-spreads to other Windows LAN devices
www.bleepingcomputer.com/news/security/ryuk-ransomware-now-self-spreads-to-other-windows-lan-devices/ “Through the use of scheduled tasks, the malware propagates itself – machine to machine – within the Windows domain,” ANSSI (short for Agence Nationale de la Sécurité des Systèmes d’Information) said in a report published today.. Original at
Cybercrime groups are selling their hacking skills. Some countries are buying
www.zdnet.com/article/cybercrime-groups-are-selling-their-hacking-skills-some-countries-are-buying/ A report by cybersecurity researchers at BlackBerry warns that the emergence of sophisticated cybercrime-as-a-service schemes means that nation states increasingly have the option of working with groups that can carry out attacks for them.. Researchers point to the existence of extensive hacking operations like Bahamut as an example of how sophisticated cyber-criminal campaigns have become.. Researchers note how “the profiles and geography of their victims are far too diverse to be aligned with a single bad actor’s interests”, suggesting that Bahamut is performing operations for different clients, keeping an eye out for jobs that would make them the most money and when it comes to funding, certain nation states have the most money to spend on conducting campaigns.
Google looks at bypass in Chromium’s ASLR security defense, throws hands up, won’t patch garbage issue
www.theregister.com/2021/02/26/chrome_aslr_bypass/ In early November, a developer contributing to Google’s open-source Chromium project reported a problem with Oilpan, the garbage collector for the browser’s Blink rendering engine: it can be used to break a memory defense known as address space layout randomization (ASLR).. About two weeks later, Google software security engineer Chris Palmer marked the bug “WontFix” because Google has resigned itself to the fact that ASLR can’t be saved Spectre and Spectre-like processor-level flaws can defeat it anyway, whether or not Oilpan can be exploited.
Microsoft open sources CodeQL queries used to hunt for Solorigate activity
www.microsoft.com/security/blog/2021/02/25/microsoft-open-sources-codeql-queries-used-to-hunt-for-solorigate-activity/ n this blog, well share our journey in reviewing our codebases, highlighting one specific technique: the use of CodeQL queries to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate. We are open sourcing the CodeQL queries that we used in this investigation so that other organizations may . perform a similar analysis. Note that the queries we cover in this blog simply serve to home in on source code that shares similarities with the source in the Solorigate implant, either in the syntactic elements (names, literals, etc.) or in functionality.