Channel Nine cyber-attack disrupts live broadcasts in Australia
www.bbc.com/news/world-australia-56554641 “Our IT teams are working around the clock to fully restore our systems which have primarily affected our broadcast and corporate business units. Publishing and radio systems continue to be operational,” the company said in a statement.. See also:
Docker Hub images downloaded 20M times come with cryptominers
www.bleepingcomputer.com/news/security/docker-hub-images-downloaded-20m-times-come-with-cryptominers/ Researchers found that more than two-dozen containers on Docker Hub have been downloaded more than 20 million times for cryptojacking operations spanning at least two years. Docker Hub is the largest library of container applications, allowing companies to share images internally or with their customers, or the developer community to distribute open-source projects. The researcher estimates that the cryptojacking activity involving these containers enabled the attackers to mine about $200, 000 worth of cryptocurrency.. See also:
unit42.paloaltonetworks.com/malicious-cryptojacking-images/
PHP’s Git server hacked to add backdoors to PHP source code
www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/ The official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team. The code plants a backdoor for obtaining easy Remote Code Execution (RCE) on a website running this hijacked version of PHP. See also:
news-web.php.net/php.internals/113838
Hades Ransomware Gang Exhibits Connections to Hafnium
threatpost.com/hades-ransomware-connections-hafnium/165069/ The Hades ransomware gang has several unique characteristics that set it apart from the rest of the pack, according to researchers including potentially having more than extortion on the to-do list. The group appears to use multiple nation-state tools and techniques.
Ransomware admin is refunding victims their ransom payments
www.bleepingcomputer.com/news/security/ransomware-admin-is-refunding-victims-their-ransom-payments/ Ziggy ransomware shut down in early February. In a short announcement, the administrator of the operation said that they were “sad” about what they did and that they “decided to publish all decryption keys.” After announcing the end of the operation, the administrator of Ziggy ransomware is now stating that they will also give the money back.
Malware Analysis with elastic-agent and Microsoft Sandbox
isc.sans.edu/forums/diary/Malware+Analysis+with+elasticagent+and+Microsoft+Sandbox/27248/ Using Microsoft Sandbox and elastic-agent to analyze malware samples.
OVH reveals it’s scrubbing servers to get smoke residue off before rebooting
www.theregister.com/2021/03/29/ovh_restoration_update/ Quite a few have come back online, but it takes seven hours to restore each rack. French cloud operator OVH has revealed how it is cleaning every server it thinks can be returned to service in its scorched Strasbourg data centres.
As Covid-19 Vaccines Ramp Up, So Do Covid-19 Scams
www.forbes.com/sites/waynerash/2021/03/29/as-covid-19-vaccines-ramp-up-so-do-covid-19-scams/ The bogus websites have become phishing emails and phishing text messages. Now we have fake pollsters, fake messages from your HR department, fake cures and fake vaccine appointments. Scammers are using concern about the pandemic to steal identities and money.. In the year since Forbes first covered the scams preying on fears of the Covid-19 coronavirus, this area of cybercrime has simply exploded.
