<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 5/17/2023

SHARE

Top News

US Offering $10M Reward for Russian Man Charged With Ransomware Attacks

Mikhail Pavlovich Matveev, a 30-year-old Russian national, has been charged by the US Justice Department for his alleged role in numerous ransomware attacks, including ones targeting critical infrastructure. Matveev - known online as Wazawaka, m1x, Boriselcin, and Uhodiransomwar - has been charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. READ MORE...

Breaches

Yum Brands faces class action suits from employees after ransomware attack

Yum Brands is facing class action litigation in U.S. federal and state courts in connection with the January ransomware attack, the company said in a filing with the Securities and Exchange Commission last week. The company said several class action lawsuits were filed in April by current and former employees alleging privacy violations in connection with the attack. READ MORE...

Hacking

Lancefly APT Targeting Asian Government Organizations for Years

For at least three years, an advanced persistent threat (APT) actor has been targeting government organizations in South and Southeast Asia for intelligence gathering, Symantec reports. Dubbed Lancefly, the APT has been actively targeting government organizations in the region since 2020, but also hit communications and technology organizations between 2020 and 2021, and entities in the aviation, education, and telecoms sectors since mid-2022. READ MORE...


Qilin Ransomware Operation Outfits Affiliates With Sleek, Turnkey Cyberattacks

Ransomware-as-a-service (RaaS) operation Qilin has been arming its affiliates with malware and supporting services to target education, healthcare, and other critical sectors of the worldwide economy, paying out an industry-leading 80% to 85% of takings to the partners. Researchers from Group-IB were able to infiltrate the Qilin operation in March, and what they found was a one-stop shop for aspiring cybercriminals to get their hands on advanced, customizable ransomware. READ MORE...

Malware

Malware turns home routers into proxies for Chinese state-sponsored hackers

Researchers on Tuesday unveiled a major discovery-malicious firmware that can wrangle a wide range of residential and small office routers into a network that stealthily relays traffic to command-and-control servers maintained by Chinese state-sponsored hackers. A firmware implant, revealed in a write-up from Check Point Research, contains a full-featured backdoor that allows attackers to establish communications and file transfers with infected devices. READ MORE...


FBI confirms BianLian ransomware switch to extortion only attacks

A joint Cybersecurity Advisory from government agencies in the U.S. and Australia, and published by the Cybersecurity and Infrastructure Security Agency (CISA,) is warning organizations of the latest tactics, techniques, and procedures (TTPs) used by the BianLian ransomware group. BianLian is a ransomware and data extortion group that has been targeting entities in the U.S. and Australian critical infrastructure since June 2022. READ MORE...


Attackers Target macOS With 'Geacon' Cobalt Strike Tool

Heads up: threat actors are now deploying a Go-language implementation of Cobalt Strike called Geacon that first surfaced on GitHub four years ago and had remained largely under the radar. They are using the red-teaming and attack-simulation tool to target macOS systems in much the same way they have used Cobalt Strike for post-exploit activity on Windows platforms the past few years. READ MORE...

Exploits/Vulnerabilities

KeePass flaw allows retrieval of master password, PoC is public

A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software's memory, says the researcher who unearthed the flaw. The bad news is that the vulnerability is still unfixed and that a PoC exploitation tool - aptly named KeePass 2.X Master Password Dumper - is publicly available, but the good news is that the password can't be extracted remotely just by exploiting this flaw. READ MORE...

On This Date

  • ...in 1792, the New York Stock Exchange is formed.
  • ...in 1866, avant-garde composer Erik Satie, best known for his "Gymnopedies", is born in Honfleur, France.
  • ...in 1954, the Supreme Court rules unanimously against the practice of racial segregation in schools, in the case of Brown v. Board of Education.
  • ...in 1965, musician, film composer, and Nine Inch Nails founder Trent Reznor is born in New Castle, PA.