Russian APT29 Hackers’ Stealthy Malware Undetected for Years
The cybersecurity professionals around the world are busy protecting their client infrastructure. Today is just another day making sure the cyber security posture is up to date. Here are some articles worth reading.
Hackers associated with the Russian Federation Foreign Intelligence Service (SVR) continued their incursions on networks of multiple organizations after the SolarWinds supply-chain compromise using two recently discovered sophisticated threats.
The malicious implants are a variant of the GoldMax backdoor for Linux systems and a completely new malware family that cybersecurity company CrowdStrike now tracks as TrailBlazer.
continue reading: https://www.bleepingcomputer.com/news/security/russian-apt29-hackers-stealthy-malware-undetected-for-years/
LockBit Expands its Operations by Implementing a Linux Version of LockBit Ransomware that Targets VMware ESXi Servers
ockBit is the latest ransomware operation to add the support for Linux systems, experts spotted a new version that targets VMware ESXi virtual machines.
The move aims at expanding the audience of potential targets, including all the organizations that are migrating to virtualization environments.
The LockBit operations are advertising a new Linux version that targets VMware ESXi virtual machines since October 2021. According to Trend Micro, an announcement for LockBit Linux-ESXi Locker version 1.0 was advertising the Linux version in the underground forum “RAMP” since October.
continue reading: https://securityaffairs.co/wordpress/127248/cyber-crime/lockbit-ransomware-linux-vmware-esxi.html
Another lockbit news.
A Few Hours Ago Lockbit Ransomware Operators Announced to Have Stolen Data from Ministry of Justice of France
A few hours ago Lockbit ransomware operators have announced to have stolen data from Ministry of Justice of France and threatened to leak it. The countdown on the Tor leak site of the gang reveals that the gang gave 14 days to the French government to pay the ransom. The deadline for the payment has been fixed on 10 Feb, 2022 11:20:00.
At this time the ransomware gang has yet to report the volume of data stolen from the Ministry of Justice of France or to publish any sample of stolen documents.
continue reading: https://securityaffairs.co/wordpress/127267/cyber-crime/ministry-of-justice-of-france-lockbit.html
Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild
iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild.
Apple on Wednesday released 13 patches for serious security bugs in macOS and 10 for flaws in iOS/iPadOS. They include fixes for two zero-day bugs, one of which may have been exploited by attackers in the wild.
The first zero-day (CVE-2022-22587) is a memory-corruption issue that could be exploited by a malicious app to execute arbitrary code with kernel privileges. The bug specifically exists in the IOMobileFrameBuffer – a kernel extension that allows developers to control how a device’s memory handles the screen display, aka a framebuffer. It affects iOS, iPadOS and macOS Monterey, and Apple addressed it with improved input validation.
continue reading: https://threatpost.com/apple-zero-day-security-exploited/178040/
Attackers Connect Rogue Devices to Organizations’ Network with Stolen Office 365 Credentials
Attackers are trying out a new technique to widen the reach of their phishing campaigns: by using stolen Office 365 credentials, they try to connect rogue Windows devices to the victim organizations’ network by registering it with their Azure AD.
If successful, they are ready to launch the second wave of the campaign, which consists of sending more phishing emails to targets outside the organization as well as within (to expand their foothold).
continue reading: https://www.helpnetsecurity.com/2022/01/27/rogue-devices-organizations/
Millions of Routers, IoT Devices at Risk as Malware Source Code Surfaces on GitHuB
The authors of a dangerous malware sample targeting millions of routers and Internet of Things (IoT) devices have uploaded its source code to GitHub, meaning other criminals can now quickly spin up new variants of the tool or use it as is, in their own attack campaigns.
Researchers at AT&T Alien Labs first spotted the malware last November and named it “BotenaGo.” The malware is written in Go — a programming language that has become quite popular among malware authors. It comes packed with exploits for more than 30 different vulnerabilities in products from multiple vendors, including Linksys, D-Link, Netgear, and ZTE.
continue reading: https://www.darkreading.com/vulnerabilities-threats/source-code-for-malware-targeting-millions-of-routers-iot-devices-uploaded-to-github
Read more Cyber Security news at https://que.com/tag/cybersecurity