A ransomware gang has begun to publish data on the dark web stolen from Australia's largest health insurer Medibank. The leaking of Mediabank's client data comes shortly after the company announced it would not pay a ransom to the extortionists. Curiously, the hackers have released details of insured customers, sorted into two files bearing the label "naughty-list" and "good-list." READ MORE...
A notorious ransomware group is offering to sell files allegedly stolen from German car parts giant Continental for $50 million. Continental reported in August that it had been targeted in a cyberattack that resulted in hackers accessing some of its systems. The company said at the time that the attack had been "averted" and that business activities were not affected. READ MORE...
A previously unknown Chinese APT (advanced persistent threat) hacking group dubbed 'Earth Longzhi' targets organizations in East Asia, Southeast Asia, and Ukraine. The threat actors have been active since at least 2020, using custom versions of Cobalt Strike loaders to plant persistent backdoors on victims' systems. According to a new Trend Micro report, Earth Longzhi has similar techniques, tactics, and procedures as 'Earth Baku,' both considered subgroups of the state-backed hacking group APT41. READ MORE...
No sooner had we stopped to catch our breath after reviewing the latest 62 patches (or 64, depending on how you count) dropped by Microsoft on Patch Tuesday…than Apple's latest security bulletins landed in our inbox. This time there were just two reported fixes: for mobile devices running the latest iOS or iPadOS, and for Macs running the latest macOS incarnation, version 13, better known as Ventura. READ MORE...
A new information-stealing malware named 'StrelaStealer' is actively stealing email account credentials from Outlook and Thunderbird, two widely used email clients. This behavior deviates from most info-stealers, which attempt to steal data from various data sources, including browsers, cryptocurrency wallet apps, cloud gaming apps, the clipboard, etc. The previously unknown malware was discovered by analysts at DCSO CyTec. READ MORE...
Check Point Research has detected a malicious open source code package that uses steganography to hide malicious code inside image files. The malicious package was available on PyPI, a package index widely used by Python developers. After being notified of it, PyPI's maintainers have removed the malicious package. The malicious package, apicolor, looks like one of many development packages available on PyPI. READ MORE...
More than two dozen Lenovo notebook models are vulnerable to malicious hacks that disable the UEFI secure-boot process and then run unsigned UEFI apps or load bootloaders that permanently backdoor a device, researchers warned on Wednesday. At the same time that researchers from security firm ESET disclosed the vulnerabilities, the notebook maker released security updates for 25 models, including ThinkPads, Yoga Slims, and IdeaPads. READ MORE...
An analysis of the numerous LDAP queries that Russian cyberespionage group APT29 had made to the Active Directory system has led to the discovery of a vulnerability in Windows' 'credential roaming' functionality. Also referred to as Cozy Bear, the Dukes, and Yttrium, APT29 is a Russian cyberespionage group likely sponsored by the Russian Foreign Intelligence Service (SVR). READ MORE...