Cyber criminals using a ransomware-as-a-service scheme have been spotted complaining that the group they rent the malware from could be using a hidden backdoor to grab ransom payments for themselves.
REvil is one of the most notorious and most common forms of ransomware around and has been responsible for several major incidents. The group behind REvil lease their ransomware out to other crooks in exchange for a cut of the profits these affiliates make by extorting Bitcoin payments in exchange for the ransomware decryption keys that the victims need.
But it seems that cut isn’t enough for those behind REvil: it was recently disclosed that there’s a secret backdoor coded into their product, which allows REvil to restore the encrypted files without the involvement of the affiliate.
New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught
Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks.
“This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization’s tenant,” researchers from Secureworks Counter Threat Unit (CTU) said in a report published on Wednesday.
Federal Indictment in Chicago Charges Turkish National With Directing Cyber Attack on Multinational Hospitality Company
An alleged cyber attacker from Turkey has been indicted in federal court in Chicago for allegedly orchestrating a distributed denial-of-service (DDoS) attack on a Chicago-based multinational hospitality company.
In August 2017, IZZET MERT OZEK used the WireX botnet, which consisted of compromised Google Android devices, to direct large amounts of network traffic to the hospitality company’s website, preventing legitimate users from completing hotel bookings, according to an indictment returned Tuesday in U.S. District Court in Chicago. The hospitality company, which managed luxury hotels and resorts, was headquartered in Chicago and the servers for its website were located in northern Illinois.
4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan
Insikt Group has detected separate intrusion activity targeting a mail server of Roshan, one of Afghanistan’s largest telecommunications providers, linked to 4 distinct Chinese state-sponsored threat activity groups. This includes activity we attribute to the Chinese state-sponsored groups RedFoxtrot and Calypso APT, as well as 2 additional clusters using the Winnti and PlugX backdoors that we have been unable to link to established groups at this time.
Notably, data exfiltration activity for these intrusions, particularly the Calypso APT activity and the unknown threat actor using the Winnti malware, spiked throughout August and September 2021, coinciding with major geopolitical events such as the withdrawal of US troops and a resurgence in Taliban control. This focus on intelligence gathering targeting one of Afghanistan’s largest telecommunications providers is likely in part driven by the Chinese Communist Party’s (CCP) purported desire to expand influence within Afghanistan under renewed Taliban rule.
Thousands of University Wi-Fi Networks Expose Log-In Credentials
Multiple configuration flaws in a free Wi-Fi network used by numerous universities can allow access to usernames and passwords of students and faculty who connect to the system from Android and Windows devices, researchers have found.
A research team from WizCase, led by researcher Ata Hakçıl, reviewed 3,100 configurations of Eduroam at universities throughout Europe, finding that more than half of them have issues that can be exploited by threat actors. The misconfiguration danger could extend to other organizations globally as well, they added.
Read more Cyber Security News at https://que.com/tag/cybersecurity/