“Killware”: Is it just as bad as it sounds?
blog.malwarebytes.com/cybercrime/2021/10/killware-is-it-just-as-bad-as-it-sounds/ On October 12, after interviewing US Secretary of Homeland Security Alejandro Mayorkas, USA TODAY’s editorial board warned its readers about a dangerous new form of cyberattack under this eye-catching headline: “The next big cyberthreat isn’t ransomware. It’s killware. And it’s just as bad as it sounds.”
us-cert.cisa.gov/ncas/alerts/aa21-291a First seen in July 2021, BlackMatter is ransomware-as-a-service (Raas) tool that allows the ransomware’s developers to profit from cybercriminal affiliates (i.e., BlackMatter actors) who deploy it against victims. BlackMatter is a possible rebrand of DarkSide, a RaaS which was active from September 2020 through May 2021. BlackMatter actors have attacked numerous U.S.-based organizations and have demanded ransom payments ranging from $80, 000 to $15, 000, 000 in Bitcoin and Monero.
Multiple vulnerabilities in popular WordPress plugin WP Fastest Cache
blog.malwarebytes.com/malwarebytes-news/2021/10/multiple-vulnerabilities-in-popular-wordpress-plugin-wp-fastest-cache/ Multiple vulnerabilities have been found in the popular WordPress plugin WP Fastest Cache during an internal audit by the Jetpack Scan team. Jetpack reports that it found an Authenticated SQL Injection vulnerability and a Stored XSS (Cross-Site Scripting) via Cross-Site Request Forgery (CSRF) issue.
BlackByte ransomware decryptor released
www.zdnet.com/article/blackbyte-ransomware-decryptor-released/ Anew form of malware found in a recent IT incident appears to have been inspired by other strains known to reap their operators’ huge financial rewards — but is likely the work of amateurs. Dubbed BlackByte and discovered by Trustwave, the Windows-based ransomware is considered “odd” due to some of the design and function decisions made by its creators.
State-backed hackers breach telcos with custom malware
www.bleepingcomputer.com/news/security/state-backed-hackers-breach-telcos-with-custom-malware/ A previously unknown state-sponsored actor is deploying a novel toolset in attacks targeting telecommunication providers and IT firms in South Asia. The goal of the group tracked as Harvester by researchers at Symantec who spotted it is to collect intelligence in highly targeted espionage campaigns focusing on IT, telecom, and government entities
Microsoft asks admins to patch PowerShell to fix WDAC bypass
www.bleepingcomputer.com/news/microsoft/microsoft-asks-admins-to-patch-powershell-to-fix-wdac-bypass/ Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control (WDAC) enforcements and gain access to plain text credentials.
Sinclair TV stations crippled by weekend ransomware attack
www.bleepingcomputer.com/news/security/sinclair-tv-stations-crippled-by-weekend-ransomware-attack/ TV stations owned by the Sinclair Broadcast Group broadcast television company went down over the weekend across the US, with multiple sources telling BleepingComputer a ransomware attack caused the downtime. Lisäksi:
www.businesswire.com/news/home/20211018005490/en/Sinclair-Broadcast-Group-Provides-Information-On-Cybersecurity-Incident – – Sinclair Broadcast Group Provides Information On Cybersecurity Incident. Lisäksi:
EU National Telecom Authorities analyse Security Supervision and Latest Security Threat
www.enisa.europa.eu/news/enisa-news/eu-national-telecom-authorities-analyse-security-supervision-latest-security-threats The EU National Telecom Authorities met in Athens, Greece for the 35th meeting of the ECASEC group. The European Union Agency for Cybersecurity also hosted the 1st Telecom Security Forum on this occasion.
TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings
threatpost.com/tiktok-gamer-targets-among-us-steam/175546/ The latest TikTok attacks are getting served to gamers on the platform disguised as “free” or “hacked” versions of games like Among Us, free Steam accounts and more, according to a new report from Malwarebytes Labs.
REvil Ransomware Gang Goes Underground After Tor Sites Were Compromised
thehackernews.com/2021/10/revil-ransomware-gang-goes-underground.html REvil, the notorious ransomware gang behind a string of cyberattacks in recent years, appears to have gone off the radar once again, a little over a month after the cybercrime group staged a surprise return following a two-month-long hiatus. Lisäksi:
Hacker steals government ID database for Argentina’s entire population
therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/ A hacker has breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population, data that is now being sold in private circles.
In Cyberwar, Attribution Can Be Impossible and That’s OK
www.darkreading.com/analytics/in-cyberwar-attribution-can-be-impossible—and-that-s-okay For most of human history, battle lines have been clearly demarcated. Physical borders, trenches, and satellite imagery have shown us launch sites, front lines, and enemy targets. Technology has allowed opponents to trace every inch of a weapon’s path. Historically, we have been able to determine the source of a strike and know who we’re up against with clarity.