According to IT consultancy Tietoery, online services at some Swedish government agencies and shops have been disrupted in a ransomware attack believed to have been carried out by a Russian hacker group.  The company claims that the problem could take weeks to fix.  Tietoery noted that one of its data centers in Sweden was attacked overnight Friday to Saturday, knocking out online purchases at the country’s biggest cinema chain and some department stores and shops.

Sandwich chain Subway has recently launched an investigation after the notorious LockBit ransomware group claimed over the weekend that it hacked into the company’s systems and stole vast amounts of information.  LockBit claimed that they exfiltrated their SUBS internal system, which includes hundreds of gigabytes of data and all financial expects of the franchise, including employee salaries, franchise royalty payments, master franchise commission payments, restaurant turnovers, etc.

Aircraft leasing giant AerCap has recently confirmed falling victim to ransomware after an emerging cybercrime gang claimed responsibility for the attack.  The company says that the intrusion occurred on January 17.  The company noted that they have complete control of all of their IT systems, and to date, they have suffered no financial loss related to this incident.  AerCap says that it had notified law enforcement immediately after identifying the attack and that its investigation into the incident has yet to determine if any data was compromised or exfiltrated.

A team of computer science researchers developed a new method for identifying security vulnerabilities that leave people exposed to Account Takeover (ATO) attacks. In such attacks, hackers gain unauthorized access to online accounts. Most mobile devices now contain a complex ecosystem of interconnected operating software and apps. In conjunction with the growth in connections among online services, there has been a rise in opportunities for hackers to exploit security flaws.

According to security researcher Dolev Taler, a recently patched vulnerability in Microsoft Outlook that allows attackers to steal users' NTLM v2 hashes can be exploited by adding two headers to an email containing a specially crafted file. NTLM v2, the latest version of the NTLM cryptographic protocol, is used by Microsoft Windows to authenticate users to remote servers through password hashes. Taler and his colleagues from Varonis Threat Labs discovered two new ways attackers can obtain users' NTLM v2 hashes and apply them for offline brute-force or authentication relay attacks.

Attackers have used TeamViewer quite frequently to gain initial access to target systems. Organizations use TeamViewer to provide remote support, collaboration, and access to endpoint devices. Huntress researchers recently observed two attempted ransomware deployment incidents that involved TeamViewer. The attacks targeted two different endpoint devices belonging to Huntress customers. Both incidents involved failed attempts to install what appeared to be ransomware created using a leaked LockBit 3.0 builder.

Security researchers analyzed over 10,000 scripts used by the Parrot Traffic Direction System (TDS) and discovered an evolution involving optimizations that make malicious code more stealthy against security mechanisms. The cybersecurity company Avast discovered Parrot TDS in April 2022. The TLD is believed to have been active since 2019 as part of a campaign that targets vulnerable WordPress and Joomla sites with JavaScript code capable of redirecting users to a malicious location.

According to researchers at the mobile security company Oversecured, several public and popular libraries that have been abandoned but are still used in Java and Android applications are vulnerable to a new software supply chain attack method called MavenGate. Access to projects can be hijacked through domain name purchases, and because most default build configurations are vulnerable, determining whether an attack is taking place would be difficult, if not impossible.

Trezor recently issued a security alert after identifying a data breach on January 17 due to unauthorized access to their third-party support ticketing portal.  The popular hardware cryptocurrency wallet vendor stated that the investigation into the incident is ongoing, but it found no evidence so far that users' digital assets were compromised in the incident.  The company stressed that none of its user's funds had been compromised through the incident.

Russian state hackers recently managed to compromise the email accounts of some of Microsoft’s senior leadership team members using basic brute-force techniques.  Microsoft revealed on Friday that the “Midnight Blizzard” group (aka Nobelium, APT29, Cozy Bear) was detected on its systems on January 12.  The fact that brute-force tactics worked indicates that the compromised email accounts were not protected with multi-factor authentication (MFA).  Password spray attacks involve threat actors trying commonly used and easy-to-guess passwords to unlock multiple accounts at once.