"FBI Unveils 7,000 Decryption Keys to Aid LockBit Victims"

"FBI Unveils 7,000 Decryption Keys to Aid LockBit Victims"

The Federal Bureau of Investigation (FBI) has over 7,000 decryption keys to help "LockBit" ransomware victims. A disruptive international law enforcement operation against LockBit earlier this year resulted in the recovery of these decryption keys. The LockBit group provides Ransomware-as-a-Service (RaaS) to a global network of affiliates, enabling criminals to launch their own cyberattacks. The operation took down LockBit's data leak website and uncovered information about the gang.

Submitted by Gregory Rigby on

"Linux Version of TargetCompany Ransomware Focuses on VMware ESXi"

"Linux Version of TargetCompany Ransomware Focuses on VMware ESXi"

A new Linux variant of "TargetCompany" ransomware targets VMware ESXi environments with a custom shell script to deliver and execute payloads. The TargetCompany ransomware operation, also known as "Mallox," "FARGO," and "Tohnichi," emerged in June 2021, targeting organizations in Taiwan, South Korea, Thailand, and India with MySQL, Oracle, and SQL Server database attacks. Avast made a free decryption tool available for variants released up to February 2022. The gang resumed targeting vulnerable Microsoft SQL servers in September and threatened victims with data leaks.

Submitted by Gregory Rigby on

"Interpol and FBI Break Up a Cyber Scheme in Moldova to Get Asylum for Wanted Criminals"

"Interpol and FBI Break Up a Cyber Scheme in Moldova to Get Asylum for Wanted Criminals"

Interpol and the FBI recently cracked down on attempts in Moldova to sabotage one of the international police agency’s key tools, the Red Notice system.  The joint sting, which also involved cooperation with French and British authorities, uncovered an international criminal organization with ties to individuals in Russia, Ukraine, and Belarus suspected of cybercrime.  Interpol noted that the suspected individuals paid intermediaries and public figures in Moldova to inform wanted criminals of their Red Notice status.

Submitted by Adam Ekwall on

"RansomHub Extortion Gang Linked to Now-Defunct Knight Ransomware"

"RansomHub Extortion Gang Linked to Now-Defunct Knight Ransomware"

Security researchers at Symantec have started analyzing the relatively new RansomHub ransomware-as-a-service and believe it has evolved from the currently defunct Knight ransomware project.  Knight ransomware launched in late July 2023 as a re-brand of the Cyclops operation and started breaching Windows, macOS, and Linux/ESXi machines to steal data and demand a ransom.

Submitted by Adam Ekwall on

"Chinese Threat Clusters Triple-Team High-Profile Asia Government Org"

"Chinese Threat Clusters Triple-Team High-Profile Asia Government Org"

A trio of Chinese state-aligned threat clusters under the name "Operation Crimson Palace" stole military and political secrets from a government organization in Southeast Asia. Sophos reported on Operation Crimson Palace's sophistication and coordination, involving new malware tools, over 15 Dynamic Link Library (DLL) sideloading methods, and novel evasion methods. This article continues to discuss findings regarding Operation Crimson Palace.

Submitted by Gregory Rigby on

"New Techniques Emerge to Stop Audio Deepfakes"

"New Techniques Emerge to Stop Audio Deepfakes"

Audio deepfakes are becoming more dangerous, which prompted the US Federal Trade Commission (FTC) to launch its Voice Cloning Challenge. Academics and industry contestants had to develop ideas to prevent, monitor, and evaluate malicious voice cloning. Three teams approached the problem differently, showing that audio deepfakes pose complex and evolving harms that require a multipronged, multidisciplinary approach. Artificial Intelligence (AI)-generated synthetic voices for speech-impaired people are a benefit of voice cloning.

Submitted by Gregory Rigby on

"FBI Warns of Rise in Work-From-Home Scams"

"FBI Warns of Rise in Work-From-Home Scams"

The Federal Bureau of Investigation (FBI) has warned about increased work-from-home scams. The advisory states that scammers call or message potential victims posing as reputable businesses or recruiting agencies. Scammers often require victims to pay cryptocurrency to supposed employers to access additional earnings or unlock their work. Despite a fake interface showing income, victims cannot withdraw. Scammers may demand cryptocurrency payments, use simple job descriptions, and not require references during the hiring process.

Submitted by Gregory Rigby on

"Ransomware Gang Leaks Data From Australian Mining Company"

"Ransomware Gang Leaks Data From Australian Mining Company"

Northern Minerals, an Australian rare-earth metals producer, reported a data breach after a ransomware group released data stolen from the company. The announcement followed the BianLian ransomware gang's release of Northern Minerals' operational, human resources, management, project, and email data on its Tor-based leak site. The cybergang claims to have stolen project and mining research data, financial data, shareholder and investor data, employee personal data, and corporate email archives.

Submitted by Gregory Rigby on

"NsaRescueAngel Backdoor Account Again Discovered in Zyxel Products"

"NsaRescueAngel Backdoor Account Again Discovered in Zyxel Products"

Taiwan-based networking device manufacturer Zyxel recently announced three critical severity vulnerabilities in two discontinued NAS products that could lead to command injection and arbitrary code execution.  The first two flaws tracked as CVE-2024-29972 and CVE-2024-29973, are command injection bugs that can be exploited without authentication via crafted HTTP POST requests.  Another unauthenticated issue, CVE-2024-29974, could allow attackers to execute arbitrary code by uploading crafted configuration files.

Submitted by Adam Ekwall on

"225,000 More Cybersecurity Workers Needed in US: CyberSeek"

"225,000 More Cybersecurity Workers Needed in US: CyberSeek"

According to security researchers at CyberSeek, over 200,000 more cybersecurity workers are needed in the United States to close the talent gap.  Currently, there are more than 1.2 million cybersecurity workers in the United States.

Submitted by Adam Ekwall on
Subscribe to