(844) 627-8267
(844) 627-8267

BigHead and RedEnergy ransomware, more MOVEIt problems | #ransomware | #cybercrime

New ‘Big Head’ ransomware displays fake Windows update alert

This recently emerged ransomware strain may be spreading through malvertising that promotes fake Windows updates and Microsoft Word installers. Two samples of the malware were initially analyzed by Fortinet, and on Friday, Trend Micro published a technical report on Big Head that claiming that both those variants and a third they sampled originate from a single operator who is likely experimenting with different approaches to optimize their attacks. Big Head ransomware is a .NET binary that installs three AES-encrypted files on the target system: one is used to propagate the malware, another is for Telegram bot communication, and the third encrypts files and can also show the user a fake Windows update.

(Bleeping Computer)

RedEnergy stealer-as-a-ransomware threat targeting energy and telecom sectors

A sophisticated stealer-as-a-ransomware threat dubbed RedEnergy has been spotted in the wild targeting energy utilities, oil, gas, telecom, and machinery sectors in Brazil and the Philippines. Researchers at Zscaler stated, the .NET malware “possesses the ability to steal information from various browsers, enabling the exfiltration of sensitive data, while also incorporating different modules for carrying out ransomware activities.” The objective, they noted, is to couple data theft with encryption with the goal of inflicting maximum damage to the victims. What makes it novel is the use of reputable LinkedIn pages to target victims, redirecting users clicking on the website URLs to a bogus landing page that prompts them to update their web browsers by clicking on the appropriate icon (Google Chrome, Microsoft Edge, Mozilla Firefox, or Opera), doing so which results in the download a malicious executable.

(The Hacker News)

Three new MOVEit bugs spur CISA warning as more victims report breaches

The federal government warned on Friday that three new vulnerabilities have been discovered in the MOVEit file transfer software. Progress Software released a new package of patches to resolve the three bugs, labeled CVE-2023-36932, CVE-2023-36933 and CVE-2023-36934. These latest issues are the fourth, fifth and sixth problems found in the software since May. Brett Callow, a threat analyst for Emsisoft who has been tracking the situation, said the number of reported victims has now reached at least 230.

(The Record)

More than 42,000 affected by ransomware attack on pro bono California law firm

The Law Foundation of Silicon Valley notified regulators in California and Maine this week that the February ransomware attack on their offices resulted in the leak of significant PII including Social Security numbers, medical records, immigration numbers, digital signatures and much more. In March, the AlphV/Black Cat ransomware group took credit for the attack.

(The Register)

Thanks to this week’s episode sponsor, Opal

Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal’s mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit opal.dev.

Charming Kitten hackers use new ‘NokNok’ malware for macOS

Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that targets macOS systems. The campaign started in May and relies on a different infection chain than previously observed, with LNK files deploying the payloads instead of the typical malicious Word documents seen in past attacks from the group. Charming Kitten is also known as APT42 or Phosphorus and has launched at least 30 operations in 14 countries since 2015, according to according to Mandiant. Google has linked the threat actor to the Iranian state, more specifically, the Islamic Revolutionary Guard Corps (IRGC).

(Bleeping Computer)

Following BreachForum’s takedown, its replacement emerges

Less than a month after the high-profile takedown in June 23 of the notorious cybercrime bazaar BreachForums, a new version is already active, and Oleg Dyorov, head of the cybercrime investigation team within Group-IB’s threat intelligence unit, says “it is expected that more cybercriminals, old-timers and new ones, will join the new forum, which is more likely to lead to various high-profile leaks, publications and sales of various databases.” The FBI arrested Conor Fitzpatrick, the alleged administrator of the original BreachForums, in March at his family home in New York, months before seizing the site’s infrastructure. As soon as Fitzpatrick was in custody, a flurry of forums, new and old, jostled for position, leading to rival operators hacking into competitors’ forums and leaking user databases.


39% of businesses faced a cloud environment data breach last year

A new cloud security report from Thales shows that more than a third (39%) of businesses have experienced a data breach in their cloud environment last year, an increase on the 35% reported in 2022. In addition, human error was reported as the leading cause of cloud data breaches by over half (55%) of those surveyed. Three quarters (75%) of businesses said that more than 40% of data stored in the cloud is classified as sensitive, compared to 49% of businesses this time last year. More than a third (38%) ranked Software as a Service (SaaS) applications as the leading target for hackers, closely followed by cloud-based storage (36%).

(Security Magazine)

Nickelodeon probes claims of massive data leak as SpongeBob fans rejoice

Nickelodeon says it is probing claims that “decades old” material was stolen from it and leaked online. This follows reports on social media that someone had dumped 500GB of snatched animation files. Hilarity, and many SpongeBob SquarePants memes, ensued. A spokesperson from Nickelodeon confirmed they are aware of the social media posts that allege the theft, and are investigating. They confirm also that the alleged leaked content appears related to production files and not employee or user data. If the material is genuine, it would include never-released TV shows and scripts belonging to the animation department.

(The Register)

Source link

National Cyber Security