π What’s going on in the cyber world today?
Linux Ransomware, VMware ESXi, Malware, Windows Recall, FBI, LockBit, Decryption Keys, Chinese Espionage, Southeast Asia, Phishing, General Dynamics, Spain, Ukraine, United Nations, Australia, Elm Grove, Wisconsin, Belgium, Media Outlets, La Libre Belgique, Robinsons Land, Toyota, Philippines, Kali Linux Released, Google Maps, Argentina, Crypto, RansomHub, Knight, Symantec
Listen to the full podcast
π¨Β Cyber Alerts
Researchers have identified a new Linux variant of the TargetCompany ransomware that targets VMware ESXi environments using a custom shell script to deliver and execute its payloads. Known also as Mallox, FARGO, and Tohnichi, the TargetCompany ransomware operation first emerged in June 2021, focusing on database attacks against organizations primarily in Taiwan, South Korea, Thailand, and India. The new variant ensures it has administrative privileges before continuing its malicious activities.
A high-profile government organization in Southeast Asia has been targeted by a complex, long-running Chinese state-sponsored cyber espionage operation known as Crimson Palace. The campaign aimed to maintain network access for cyberespionage, collecting sensitive military and technical information. Researchers identified three intrusion clusters linked to known Chinese threat actors, using novel evasion techniques and various malware to execute their attacks.
The FBI urges past LockBit ransomware victims to come forward after obtaining over 7,000 decryption keys. Law enforcement’s Operation Cronos takedown led to the seizure of servers containing these keys, aiding in victims’ data recovery. LockBit, despite infrastructure takedowns, remains active, prompting ongoing efforts to combat its cyber threats.
Cybersecurity experts reveal vulnerabilities in Microsoft’s Recall feature, designed to help users find past activities on Windows PCs. Despite Microsoft’s claims of requiring physical access and valid credentials, researchers demonstrate how malware can easily retrieve sensitive data collected by Recall. Concerns mount over potential privacy breaches and the need for enhanced security measures before Recall’s official release.
Phishing emails employ social engineering to trick users into executing malicious HTML attachments. Clicking a deceptive button initiates a sequence leading to the download and execution of harmful scripts, potentially facilitating malware downloads or sensitive data theft. Users should remain vigilant and exercise caution when handling email attachments to mitigate the risk of infection.
π₯ Cyber Incidents
Santa Barbara Systems, a subsidiary of General Dynamics in Spain, which is tasked with refurbishing tanks for delivery to Ukraine, has fallen victim to a cyberattack. The attack, reportedly claimed by a pro-Russia hacker group known as NoName, targeted the company’s website. Although the attack was swiftly detected, General Dynamics decided to temporarily disconnect its website as a precautionary measure until a thorough investigation is conducted to ensure the security of its systems.
UN Women Australia, a nonprofit advocating for women’s rights, confronts a significant cyber threat. Partnering with Cloudflare, they navigate challenges, highlighting the escalating cybersecurity needs of vulnerable organisations in 2024. With Cloudflare’s assistance, UN Women Australia fortifies its online security, safeguarding its operations and mission from future attacks.
The Village of Elm Grove in Wisconsin faces a recent cybersecurity breach, triggering swift investigation and law enforcement notification. After restoring network safety, ongoing assessments by cybersecurity experts ensue, ensuring comprehensive analysis. Enhanced security protocols are underway to safeguard against future threats, prioritizing data privacy and system integrity.
La Libre Belgique, DH, and LN24 grapple with a recent cyberattack, disrupting their operations. As a result, Thursday’s newspapers from La Libre are anticipated to be published in a simplified format, alongside the digital version, while potential disruptions in paper distribution are acknowledged.
Robinsons Land and Toyota Motor Philippines encounter a cyber attack, prompting concern over compromised personal data. The National Privacy Commission (NPC) confirms the breach, emphasizing the seriousness of the situation. NPC’s Compliance and Monitoring Division chief underscores the importance of companies promptly reporting breaches to ensure data security and privacy.
π’ Cyber News
Over 200,000 more workers needed to close talent gap, CyberSeek data reveals. The initiative, a collaboration of NISTβs NICE program, CompTIA, and Lightcast, aims to provide detailed insights into the cybersecurity job market. Despite a record 1.2 million cybersecurity workers in the US, the demand remains high, with network and system engineers, analysts, and officers topping the list of sought-after roles.
Kali Linux unveils its latest version, packed with eighteen new tools and crucial fixes for the Y2038 bug, addressing potential time-related system malfunctions. This release caters to cybersecurity experts and ethical hackers, offering enhanced penetration testing capabilities and network security research tools. Additionally, users can expect updated visual elements and desktop improvements, ensuring a smoother and more efficient experience.
Google has unveiled plans to revise the storage of Maps Timeline data, moving it to users’ devices rather than their Google accounts starting December 1, 2024. This shift, initially disclosed in December 2023, aligns with efforts to bolster user privacy, with the auto-delete function now defaulted to three months, down from 18 months.
Argentina has unveiled plans to introduce a national registry specifically tailored for cryptocurrency exchanges. Spearheaded by Argentina’s National Securities Commission (CNV), the initiative sees the launch of the Virtual Asset Service Provider (VASP) registry, with close to a hundred applications already submitted by individuals and legal entities, according to official government statements. Under the new framework, entities seeking to offer crypto trading services in Argentina must undergo a rigorous registration process, with operations permitted only upon confirmation of registration.
Security analysts reveal RansomHub’s roots in Knight ransomware, tracing its evolution from data theft to a major RaaS operation. Recent attacks on United Health and Christieβs underscore its growing prominence and the collaboration between cybercrime groups. Symantec’s findings suggest a separate actor now wields the Knight source code, fueling RansomHub’s rapid rise in the cyber underworld.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.