Energy group ERG reports minor disruptions after ransomware attack
www.bleepingcomputer.com/news/security/energy-group-erg-reports-minor-disruptions-after-ransomware-attack/ Italian energy company ERG reports “only a few minor disruptions” affecting its information and communications technology (ICT) infrastructure following a ransomware attack on its systems.
Linux version of BlackMatter ransomware targets VMware ESXi servers
www.bleepingcomputer.com/news/security/linux-version-of-blackmatter-ransomware-targets-vmware-esxi-servers/ The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware’s ESXi virtual machine platform.
Disgruntled ransomware affiliate leaks the Conti gang’s technical manuals
therecord.media/disgruntled-ransomware-affiliate-leaks-the-conti-gangs-technical-manuals/ A disgruntled member of the Conti ransomware program has leaked today the manuals and technical guides used by the Conti gang to train affiliate members on how to access, move laterally, and escalate access inside a hacked company and then exfiltrate its data before encrypting files.
Ransomware Gangs and the Name Game Distraction
krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/ It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. We hang on to these occasional victories because history tells us that most ransomware moneymaking collectives don’t go away so much as reinvent themselves under a new name, with new rules, targets and weaponry. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation.
Prometheus TDS: The $250 service behind recent malware attacks
www.bleepingcomputer.com/news/security/prometheus-tds-the-250-service-behind-recent-malware-attacks/ Security researchers investigating multiple malware distribution campaigns found that an underground traffic distribution service called Prometheus is responsible for delivering threats that often lead to ransomware attacks. Among the malware families that Prometheus TDS has dished out so far are BazarLoader, IcedID, QBot, SocGholish, Hancitor, and Buer Loader, all of them commonly used in intermediary attack stages to download more damaging payloads.
EU officials investigating breach of Cybersecurity Atlas project
therecord.media/eu-officials-investigating-breach-of-cybersecurity-atlas-project/ The European Commission is investigating a breach of its Cybersecurity Atlas project after a copy of the site’s backend database was put up for sale on an underground cybercrime forum on Monday. While by the nature of being a public inventory of contacts details, the data in the Cybersecurity Atlas and its members was supposed to be public and accessible by design, The Record was able to confirm that this information was an SQL database dump of the project’s Drupal website rather than being a scrape of data listed on the official site.
Tutkimus: Puolet Suomen väestöstä joutunut teknisen tuen huijausten kohteeksi viimeisen vuoden aikana
news.microsoft.com/fi-fi/2021/08/04/tech-support-scam-research-2021/ Microsoftin teettämän tutkimuksen mukaan puolet Suomessa asuvista aikuisista on altistunut teknisen tuen huijauksille, ja 3 % on menettänyt rahaa näissä huijauksissa. Puhelinyhteydenottojen ja sähköpostin lisäksi huijarit hyödyntävät nyt myös esimerkiksi ammattimaisen näköisesti tehtyjä verkkosivuja ja ponnahdusikkunoita.
Saitko tällaisen sähköpostin? Kavala huijaus yrittää viedä sometilisi
www.tivi.fi/uutiset/tv/83471bdc-f5f1-44c6-a6de-2cb78a8ef73d Tietojenkalastelijat pyrkivät hyödyntämään tekijänoikeusloukkausten yleisyyttä Instagram-tilien kaappaamiseksi. Traficomin Kyberturvallisuuskeskus tiedottaa Twitterissä liikkeellä olevasta sähköpostihuijauksesta, jonka tavoitteena on kaapata uhrin Instagram-tili.
Spam and phishing in Q2 2021
securelist.com/spam-and-phishing-in-q2-2021/103548/ In Q2 2021, corporate accounts continued to be one of the most tempting targets for cybercriminals. To add to the credibility of links in emails, scammers imitated mailings from popular cloud services. This technique has been used many times before. A fake notification about a Microsoft Teams meeting or a request to view an important document traditionally takes the victim to a phishing login page asking for corporate account credentials.
Lessons Learned From Examining More Than a Decade of Public ICS/OT Exploits
Facebook bans academics who researched ad transparency and misinformation on Facebook
www.theverge.com/2021/8/4/22609020/facebook-bans-academic-researchers-ad-transparency-misinformation-nyu-ad-observatory-plug-in The researchers say their work is being silenced. Facebook has banned the personal accounts of academics who researched ad transparency and the spread of misinformation on the social network. Facebook says the group violated its term of service by scraping user data without permission. But the academics say they are being silenced for exposing problems on Facebook’s platform.
How a fake network pushes pro-China propaganda
www.bbc.com/news/world-asia-china-58062630 A sprawling network of more than 350 fake social media profiles is pushing pro-China narratives and attempting to discredit those seen as opponents of China’s government, according to a new study. The aim is to delegitimise the West and boost China’s influence and image overseas, the report by the Centre for Information Resilience (CIR) suggests.
New CISA chief announces Joint Cyber Defense Collaborative with private sector
therecord.media/new-cisa-chief-announces-joint-cyber-defense-collaborative-with-private-sector/ The new Cybersecurity and Infrastructure Security Agency Director Jen Easterly appealed to the private sector for help fending off digital attackers and announced an initiative called the Joint Cyber Defense Collaborative (JCDC) partnering with major tech and cybersecurity firms Thursday at the Black Hat Security conference. The initial partners in the program are Crowdstrike, Palo Alto, FireEye, Amazon Web Services, Google, Microsoft, AT&T, Verizon, and Lumen, according to Easterly.
Security company warns of Mitsubishi industrial control vulnerabilities
www.zdnet.com/article/security-company-warns-of-mitsubishi-industrial-control-vulnerabilities/ Nozomi Networks Labs has discovered five vulnerabilities affecting Mitsubishi safety PLCs.
Microsoft announces new Super Duper Secure Mode’ for Edge
therecord.media/microsoft-announces-new-super-duper-secure-mode-for-edge/ Microsoft said today it plans to run an experiment in its Edge web browser where it will intentionally disable an important performance and optimization feature [V8 JIT] in order to enable more advanced security upgrades in what the company is calling Edge Super Duper Secure Mode.
Messaging Apps Have an Eavesdropping Problem
www.wired.com/story/signal-facebook-messenger-eavesdropping-vulnerabilities/ Vulnerabilities in Signal, Facebook Messenger, Google Duo, and more all point to a pervasive privacy issue. “I find interaction-less bugs to be the most interesting class of vulnerabilities just because they’re so useful to attackers, ” Silvanovich says. “If a user doesn’t have to do anything, that’s the easiest thing.”