[ad_1]
Ukraine, Poland targeted in new ransomware attack, Microsoft says
A newly discovered hacker group has attacked shipping and logistics companies in Ukraine and Poland with new hacks. The attackers targeted a wide range of systems within an hour on Tuesday, Microsoft said in a blog post on Friday, Microsoft said, adding that it could not yet link the attack to any known group, but found the hack close. It echoes previous attacks by Russian government-affiliated cyber teams that have disrupted Ukrainian government agencies. The new ransomware, named “Prestige,” overlaps with other data-destroying cyberattacks involving the “FoxLoad,” or “HermeticWiper” malware.
(Reuters)
Wi-Fi spy drones snoop on financial companies
In a Twitter thread, security researcher Greg Linares said the hacking incident at an unnamed US East Coast private equity firm was discovered when the financial firm spotted unusual activity on its internal Atlassian Confluence page. The company’s security team responded and found that users with MAC addresses used to access parts of the company’s Wi-Fi network were also logging in at home several kilometers away. On the roof they found 2 Phantom drones, one with a modified Pineapple Wi-Fi device, and the other with a bag containing a Raspberry Pi, some batteries, a GPD mini laptop, a 4G modem, and other Wi-Fi devices. Sophos Senior Researcher Sean Gallagher said Register The attack described is something people have done “warwalking” with Wi-Fi Pineapples or equivalent. .
(register)
Indian power giant Tata Power has been hit by a cyber attack
In a brief statement released on Friday, the Mumbai-based company said the attack affected some IT systems. Tata Power has not disclosed any details on this matter. When asked by TechCrunchPR representatives refused to answer questions related to the nature of the attack and the impact on the organization, and refused to say that any information was stolen.
(TechCrunch)
Taiwan Funds $900 Million in New Businesses from Silicon Valley Summit
Taiwan’s Economy Minister Wang Mei-hua met with senior executives from NVIDIA, Cisco, Applied Materials, and Synopsys, adding that she “received a lot of interest” from them. The visit is expected to bring US research and development investment back to Taiwan, which has worth 900 million US dollars, although the position of the island as a producer has made America a Concerned that they are too dependent on Taiwan, especially China increasing its military. Exercises to assert their sovereignty claims.
(Reuters)
Thanks to this week’s episode sponsor, SafeBase
Dutch police cheat DeadBolt ransomware out of decryption key
The Dutch National Police, in collaboration with the cyber security company Responders.NU, tricked the DeadBolt hacker group into handing over 155 decryption keys under the guise of ransom money. This is achieved by paying in bitcoin but canceling transactions before they are included in the block. This means, the decryption code is sent immediately without waiting for blockchain verification that the bitcoin transaction is legitimate. Responders.NU security expert Rickey Gevers said BleepingComputer “The attackers found out within minutes, but we were able to capture 155 keys.” That means 90% of victims who report a deadbolt attack to the police get a free decryption key.”
(hacker news)
A vulnerability in Microsoft Office 365 allows hackers to encrypt emails
Researchers from cloud and endpoint protection provider WithSecure have discovered an unpatched flaw in Microsoft Office 365 Message Encryption (OME). The flaw allows hackers to decipher the contents of encrypted messages. OME uses an Electronic Key Book (ECB) block cipher, which leaks structural information about the message. This means that if the attacker receives many emails, they can infer the content of the message by analyzing the location and frequency of patterns in the message and matching it with other emails. Although this requires some sophistication, it indicates that just because emails are encrypted, does not mean they are safe from threats.
(Venturebeat)
Nearly 900 servers were hacked using the Zimbra zero-day flaw
A critical Zimbra Collaboration Suite (ZCS) vulnerability has existed for zero days without a patch for nearly 1.5 months. The vulnerability tracked as CVE-2022-41352 is a remote code execution flaw that allows an attacker to send an email with a malicious file attachment that plants a web shell on the ZCS server while, at the same time, bypassing antivirus checks. According to Kaspersky, various APTgroups actively exploited the flaw immediately after it was reported on the Zimbra forum.
(Computer Bleeping)
Last week in ransomware
The most interesting news of the last week related to the story of the Dutch police DeadBolt Ransomware mentioned earlier in this news. Other interesting ransomware research includes websites for adults who fake pushing data wipers, TTPs in Black Basta, information about the new Prestige Ransomware that targets Ukraine and Poland (as mentioned in this news, and Magniber ransomware is installed via JavaScript files. Some attacks that have been made public. Last week the CommonSpirit health organization that admitted the attack includes ransomware, while the Taiwanese chip manufacturer ADATA denied that they received a previous attack by RansomHouse and said that the data will be republished from the 2021 breach by RagnarLocker.
(Computer Bleeping)
[ad_2]
Source link