IT Security Newsletter - 2/29/2024
LockBit ransomware returns to attacks with new encryptors, servers
The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption. Last week, the NCA, FBI, and Europol conducted a coordinated disruption called 'Operation Cronos' against the LockBit ransomware operation. As part of this operation, law enforcement seized infrastructure, retrieved decryptors, and converted the ransomware gang's data leak site into a police press portal. READ MORE...
ALPHV/BlackCat threatens to leak data stolen in Change Healthcare cyberattack
The ALPHV/BlackCat ransomware group has claimed responsibility for the cyberattack that targeted Optum, a subsidiary of UnitedHealth Group (UHG), causing disruption to the Change Healthcare platform and affecting pharmacy transactions across the US. Last December, US law enforcement successfully shut down the ransomware group's websites, and the FBI developed a decryption tool. Despite this setback, the group quickly recovered and resumed its activities. READ MORE...
Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack
The notorious North Korean threat group known as Lazarus exploited a Windows zero-day vulnerability for privilege escalation in attacks involving a rootkit named FudModule, according to cybersecurity firm Avast. The vulnerability is tracked as CVE-2024-21338 and it was observed by Avast in Lazarus attacks last year. The security company developed a proof-of-concept (PoC) exploit and sent it to Microsoft in August 2023. READ MORE...
GitHub besieged by millions of malicious repositories in ongoing attack
GitHub is struggling to contain an ongoing attack that's flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency from developer devices, researchers said. The malicious repositories are clones of legitimate ones, making them hard to distinguish to the casual eye. An unknown party has automated a process that forks legitimate repositories. READ MORE...
Cisco Patches High-Severity Vulnerabilities in Data Center OS
Technology giant Cisco on Wednesday released its semiannual FXOS and NX-OS security advisory bundle with information on four vulnerabilities, including two high-severity flaws in NX-OS software. The first of the high-severity bugs, CVE-2024-20321, exists because External Border Gateway Protocol (eBGP) traffic "is mapped to a shared hardware rate-limiter queue", allowing an unauthenticated, remote attacker to send large amounts of traffic and cause a denial-of-service (DoS) condition. READ MORE...
Calendar Meeting Links Used to Spread Mac Malware
Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target's calendar at Calendly, a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems. READ MORE...
Malicious AI models on Hugging Face backdoor users' machines
At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor. Hugging Face is a tech firm engaged in artificial intelligence (AI), natural language processing (NLP), and machine learning (ML), providing a platform where communities can collaborate and share models, datasets, and complete applications. READ MORE...
Cyberattackers Lure EU Diplomats With Wine-Tasting Offers
Europeans are known to enjoy fine wine, a cultural characteristic that's been used against them by attackers behind a recent threat campaign. The cyber operation aimed to deliver a novel backdoor by luring European Union (EU) diplomats with a fake wine-tasting event. Researchers at Zscaler's ThreatLabz discovered the campaign, which specifically targeted officials from EU countries with Indian diplomatic missions. READ MORE...
BEAST AI needs just a minute of GPU time to make an LLM fly off the rails
Computer scientists have developed an efficient way to craft prompts that elicit harmful responses from large language models (LLMs). All that's required is an Nvidia RTX A6000 GPU with 48GB of memory, some soon-to-be-released open source code, and as little as a minute of GPU processing time. The researchers at the University of Maryland in the US call their technique BEAST, which (sort of) stands for BEAm Search-based adversarial aTtack. READ MORE...
- ...in 1944, US forces catch Japanese troops off-guard and easily take control of the Admiralty Islands in Papua New Guinea.
- ...in 1952, The first pedestrian "Walk/Don't Walk" signs are installed at 44th Street and Broadway at Times Square.
- ...in 1964, President Lyndon B. Johnson reveals the U.S. secretly developed the Lockheed A-11 jet fighter.
- ...in 1972, Henry "Hank" Aaron becomes first baseball player to sign a baseball contract for $200,000 a year.