Late last night, Duvel Moortgat Brewery was hit by a ransomware attack, halting beer production in the company's bottling facilities.  Duvel is a Belgian beer brand best known for its strong and fruity golden pale ale bearing the same name.  The brewery also makes other popular abbey beers, such as Vedett, Maredsous, and La Chouffe, which are enjoyed all over the world.  The company said that they hope to restart production either today or tomorrow.  The company noted that their warehouses are stocked, so there should be no impact on distribution.

According to security researchers at Zscaler, a threat actor has been distributing remote access Trojans (RATs) on Android and Windows operating systems using online meeting lures.  The researchers noted that this campaign has been ongoing since at least December 2023.  The distributed RATs include Android-focused SpyNote RAT, Windows-focused NjRAT, and DCRat.  The researchers said that to lure the victims into downloading the RATs, the threat actor created several fake online meeting sites, impersonating brands like Microsoft-owned Skype, Google Meet, and Zoom.

Android recently announced security updates that resolve 38 vulnerabilities, including two critical severity issues in the System component.  Impacting Android 12, 12L, 13, and 14, and tracked as CVE-2024-0039 and CVE-2024-23717, the two critical flaws could lead to remote code execution and elevation of privilege, respectively.  Google noted that the most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed.

The US cybersecurity agency CISA recently added flaws impacting Pixel phones and Sunhillo software to its Known Exploited Vulnerabilities (KEV) catalog.  The exploited Pixel vulnerability is tracked as CVE-2023-21237.  The flaw was patched in June 2023, and Google warned that it had been aware of “limited targeted exploitation,” but the company published its security bulletin for Pixel phones a week after the general Android security bulletin, and CVE-2023-21237 went unnoticed.

Facebook and Instagram users worldwide have been logged out of the sites and are having trouble logging in, receiving errors that their passwords are incorrect.  This recent outage affects people worldwide, including the USA, Europe, and Asia.  Downdetector, a website that tracks when online services stop working, has received numerous reports indicating that the outage is not isolated to a specific region or country.

According to security researchers at Cisco Talos, the hacking group GhostSec has significantly increased its malicious activities over the past year.  This surge includes the emergence of GhostLocker 2.0, a new variant of ransomware developed by the group using the Golang programming language.  The researchers noted that GhostSec, in collaboration with the Stormous ransomware group, has been conducting double extortion ransomware attacks across multiple countries and business sectors.

Hackers operating from Ukraine’s Main Intelligence Directorate (GUR) have recently claimed another breach, this time against the Russian Ministry of Defense (MoD).  The GUR, part of Kyiv’s Ministry of Defense, said a “special operation” enabled it to breach the servers of the Russian MoD (Minoborony) to obtain sensitive documents.  The GUR claimed that the sensitive documents included orders and reports apparently circulated among over 2000 structural units of the ministry.

According to security researchers at WithSecure, the ALPHV/BlackCat ransomware group’s operations seem to have halted amid allegations of defrauding an affiliate involved in the Optum attack, which targeted the Change Healthcare platform, resulting in a loss of $22m.  The researchers noted that over the weekend, negotiation sites linked to the ransomware activities were confirmed to have been shut down, indicating a possibly deliberate dismantling of the gang’s infrastructure.

Georgia’s largest county, Fulton County, is still repairing the damage inflicted on its government a month ago by hackers who shut down office phone lines, left clerks unable to issue vehicle registrations or marriage licenses, and threatened to publicly release sensitive data they claimed to have stolen unless officials paid the ransom.  The ransomware syndicate LockBit took credit for the cyberattack in late January that temporarily crippled government services in Fulton County, which includes most of Atlanta.

American Express recently started warning customers that credit cards were exposed in a third-party data breach after one of its service providers was hacked.  In a data breach notification filed with the state of Massachusetts, American Express said that the breach occurred at one of its service providers used by their travel services division, American Express Travel Related Services Company.  The company said that the account information of some of their Card Members, including account information, may have been involved.