Southampton County in Virginia last week started informing individuals that their personal information might have been compromised in a ransomware attack. The incident was identified in September, when a threat actor accessed a server at Southampton and encrypted the data that was stored on it. The county says that it took steps to contain the attack immediately after identifying it, and that it launched an investigation into the incident, to determine the type of data that might have been compromised. READ MORE...
A hack-for-hire group known as Bahamut has been targeting Android users with trojanized versions of legitimate VPN applications, ESET reports. An advanced persistent threat (APT) actor focused on cyberespionage, Bahamut was initially detailed in 2017, but continues to be active, leveraging a fake online empire of social media personas, websites, and applications, which has allowed it to fly under the radar. READ MORE...
The Russian criminal crew Sandworm is launching another attack against organizations in Ukraine, using a ransomware that analysts at Slovakian software company ESET are calling RansomBoggs. In a Twitter thread, the ESET researchers wrote that they had detected RansomBoggs deployed within the networks of "multiple organizations in Ukraine." While some aspects of RansomBoggs are different from the malware that has been linked to Sandworm the deployment methods are similar, they wrote. READ MORE...
Acer has fixed a high-severity vulnerability affecting multiple laptop models that could enable local attackers to deactivate UEFI Secure Boot on targeted systems. The Secure Boot security feature blocks untrusted operating systems bootloaders on computers with a Trusted Platform Module (TPM) chip and Unified Extensible Firmware Interface (UEFI) firmware to prevent malicious code like rootkits and bootkits from loading during the startup process. READ MORE...
The Black Basta ransomware group is using Qakbot malware - also known as QBot or Pinkslipbot - to perpetrate an aggressive and widespread campaign using an .IMG file as the initial compromise vector. More than 10 different customers have been targeted by the campaign in the last two weeks, mostly focused on companies based in the US. According to a threat advisory posted by the Cybereason Global SOC (GSOC) on Nov. 23, the infections begin with either a spam or phishing email. READ MORE...
A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices. READ MORE...
As the global tournament enters its second full week in Qatar, FIFA World Cup scams are proliferating as cybercriminals aim to score big from unsuspecting fans, according to data collected by cybersecurity firm Group-IB. As widely expected ahead of the games, scammers have set up a variety of ways to harvest personal information and steal money from people trying to buy merchandise or tickets online or searching for on-site work during the games, the researchers found. READ MORE...
The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday warned organizations that a critical Oracle Fusion Middleware vulnerability patched in early 2022 is being exploited in attacks. The security hole, tracked as CVE-2021-35587, impacts Oracle Access Manager, which provides the Oracle Fusion Middleware single sign-on (SSO) solution. The affected product is used by many major organizations, such as VMware, Huawei, and Qualcomm, according to the researchers who found the vulnerability. READ MORE...