London hospital ransomware legacy, PowerOFF takedown, Microsoft RedSun zero-day | #ransomware | #cybercrime

A ransomware attack that occurred in June 2024 by the Qilin ransomware group continues to reverberate. Internal documents show at least one NHS trust is still working without fully restored systems and managing large backlogs of delayed test results, restricted blood supplies, the theft and publication of sensitive patient data and delayed treatment of highly time sensitive conditions like cancer. As an example, clinicians at the South London and Maudsley NHS Foundation Trust were “warned not to rely on the timely return of blood results.” Critical results are being communicated by phone, while full reports are being delivered as paper or PDFs and manually uploaded into patient records. A recent study by King’s College London described ransomware as “the most significant current cyber threat to the NHS and warned that a single major technology failure could have serious consequences for patient safety.”

As a result of a takedown involving authorities from more than 20 countries, more than 50 domains supporting the PowerOff DDoS-for-hire service were seized and European authorities said they identified about 75,000 users of the sites. The sites “purport to launch tens of thousands of DDoS attacks per day,” prosecutors added. An FBI agent said “they purchased a Mythical Stress plan that offered a month of DDoS attacks for $45. Three victim IPs could be targeted at a time for an attack that would last 40 minutes.” One of the platforms taken down boasted of being used to launch more than 142 million DDoS attacks.

Microsoft is warning of a recent Microsoft Edge browser update that has introduced a bug that breaks right-click paste in chats in the Microsoft Teams desktop client. An advisory published on April 14 says users can still copy and paste content using keyboard shortcuts. The bug is the result of a recent browser update that “introduced a code regression in Microsoft Edge, which Microsoft Teams uses for certain functionality.”

A researcher going by the name of Chaotic Eclipse has “published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed RedSun.” This exploit is “for a local privilege escalation (LPE) flaw that grants SYSTEM privileges in Windows 10, Windows 11, and Windows Server on the latest April Patch Tuesday patches, when Windows Defender is enabled. The researcher stated, “when Windows Defender realizes that a malicious file has a cloud tag…the antivirus that’s supposed to protect decides that it is a good idea to just rewrite the file it found again to its original location.” This PoC has been independently confirmed by Will Dormann, principal vulnerability analyst at Tharros.

An interesting story appeared this week in Cyberscoop. AI-generated “ghost breaches” are emerging as a new cyber risk: false but convincing breach stories that trigger real-world crisis responses. The article highlights cases where entirely fictional incidents were reported as real, old resolved breaches resurfaced as “new,” and AI-generated quotes were falsely attributed to experts. These narratives can waste security resources, damage reputations, influence regulators and investors, and even help attackers make phishing or impersonation campaigns more believable. The authors argue that CISOs must expand beyond traditional threat intelligence to include “narrative intelligence,” monitor how their organizations are portrayed externally, coordinate closely with communications teams, and conduct regular AI audits to detect false stories early.

According to researchers at Fortinet FortiGuard Labs and Palo Alto Networks Unit 42, this activity involves the exploitation of security flaws in TBK DVR recording devices and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices. The CVE numbered vulnerability (CVE-2024-3721) has a CVSS score of 6.3, and the Mirai variant in question is called Nexcorium. Security researcher Vincent Li commented, “IoT devices are increasingly prime targets for large-scale attacks due to their widespread use, lack of patching, and often weak security settings” which can lead to DDoS attacks.”

As reported by Dutch regional broadcaster Omroep Gelderland it was able to track a Dutch air-defense frigate deployed to help protect France’s aircraft carrier Charles de Gaulle against missile threats, “by mailing a Bluetooth tracker concealed in a postcard to the ship.” This was made possible through a policy of the Dutch Ministry of Defense to allow mail and packages to be sent to soldiers and sailors in the Dutch armed forces. The report says the tracker remained active for about 24 hours before being discovered and disabled during mail sorting. The Ministry is reportedly changing its mail policies in response.

World, formerly Worldcoin and part of the Tools for Humanity start-up co-founded and chaired by Sam Altman, is now offering a technology through both Tinder and Zoom that allows users to prove they are human and not robots by bringing advanced eye-scanning technology to these apps. Users will then earn a “proof of humanity” badge which will be attached to their profile or name. Bots on Tinder currently make up 30% of active accounts and are used for romance scams. Zoom is looking to use this technology to counter the threat of deepfakes on its platform. In introducing the technology, Sam Altman said “there will soon be more stuff made by AI than is made by humans online,” adding “I’m not afraid for the future as long as we can tell between the two.’”

Spotify, Apple Podcasts, YouTube, RSS link, Amazon Music, add as an Alexa Skill, or search “Cybersecurity Headlines” on your favorite podcast app.