"Decryptor for Babuk Ransomware Variant Released After Hacker Arrested"

"Decryptor for Babuk Ransomware Variant Released After Hacker Arrested"

Cisco Talos researchers collaborated with Dutch police to obtain a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that resulted in the arrest of the ransomware's operator. Tortilla is a Babuk ransomware variant that appeared in the wild shortly after the original malware's source code was leaked on a hacker forum. The threat actor used ProxyShell exploits on Microsoft Exchange servers to deploy the data-encrypting malware.

Submitted by Gregory Rigby on

"Water Curupira Hackers Actively Distributing PikaBot Loader Malware"

"Water Curupira Hackers Actively Distributing PikaBot Loader Malware"

In 2023, a threat actor known as Water Curupira was observed actively distributing the PikaBot loader malware through spam campaigns. According to Trend Micro researchers, PikaBot's operators conducted phishing campaigns against victims using two components, a loader and a core module, which enabled unauthorized remote access and the execution of arbitrary commands via an established connection with their command-and-control (C2) server. The activity began in the first quarter of 2023 and continued until the end of June before resuming in September.

Submitted by Gregory Rigby on

"Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs"

"Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs"

According to security researchers at Cisco Threat Detection and Response, the number of organizations named a CVE Numbering Authority (CNA) and the number of Common Vulnerabilities and Exposures (CVE) identifiers assigned in 2023 has increased compared to the previous year.  The researchers noted that 28,902 CVEs were published in 2023, up from 25,081 in 2022.  This is an average of nearly 80 new CVEs per day.  The number of published CVEs has been steadily increasing since 2017.

Submitted by Adam Ekwall on

"Bosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production Lines"

"Bosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production Lines"

According to security researchers at Nozomi Networks, vulnerabilities found in Bosch Rexroth nutrunners used in the automotive industry could be exploited by hackers seeking direct financial gain or threat actors looking to cause disruption or reputational damage to the targeted organization.  The researchers found security holes in Bosch Rexroth’s NXA015S-36V-B product, a cordless, handheld pneumatic torque wrench (also known as a nutrunner) designed for safety-critical tightening operations.

Submitted by Adam Ekwall on

"Nigerian Gets 10 Years For Laundering Scam Funds"

"Nigerian Gets 10 Years For Laundering Scam Funds"

A Nigerian national is going to go to jail for 10 years and one month and is ordered to pay almost $1.5m in restitution after being convicted of serious money laundering offenses.  Olugbenga Lawal, 33, of Indianapolis, Indiana, was convicted in August last year of conspiring to commit money laundering after three co-conspirators had already pleaded guilty to the same crime.  According to the Department of Justice (DoJ), he laundered millions of dollars generated by various internet fraud schemes, including romance scams and business email compromise (BEC).

Submitted by Adam Ekwall on

"Slow the Scroll: Users Less Vigilant About Misinformation on Mobile Phones"

"Slow the Scroll: Users Less Vigilant About Misinformation on Mobile Phones"

According to a team led by researchers at Pennsylvania State University, people process information more efficiently on mobile phones but are less vigilant about misinformation than on Personal Computers (PCs), especially when users have developed a mobile phone routine or habit. The researchers also discovered that PC users are more likely to click on malicious links in phishing e-mails. Their findings have implications for cybersecurity and highlight the need for more alerts on mobile devices to combat misinformation and warnings on PCs to reduce susceptibility to phishing attempts.

Submitted by Gregory Rigby on

"Wiper Malware Found in Analysis of Iran-Linked Attacks on Albanian Institutions"

"Wiper Malware Found in Analysis of Iran-Linked Attacks on Albanian Institutions"

In the attacks on Albanian organizations earlier in December 2023, Iran-linked hackers used wiper malware dubbed No-Justice. The attacks, linked to the Iranian threat actor known as Homeland Justice, targeted the Albanian parliament, two telecommunications companies, and the country's flag air carrier. Although the hackers claimed to have stolen data from the targeted systems, this claim has yet to be confirmed. ClearSky researchers identified two main tools used in this campaign: No-Justice and a PowerShell script.

Submitted by Gregory Rigby on

"Saudi Ministry Exposed Sensitive Data for 15 Months"

"Saudi Ministry Exposed Sensitive Data for 15 Months"

According to the Cybernews research team, Saudi Arabia's Ministry of Industry and Mineral Resources (MIM) had an environment file exposed for 15 months, leaving sensitive information open to anyone. An environment file is a critical component for any system because it serves as a set of instructions for computer programs. Leaving environment files open to the public exposes critical data and gives threat actors opportunities for attacks.

Submitted by Gregory Rigby on

"Many Organizations Still Don't Know How to Secure APIs"

"Many Organizations Still Don't Know How to Secure APIs"

According to recent research conducted by Noname Security, many organizations say they understand the importance of properly protecting Application Programming Interfaces (APIs), but in practice, these organizations do not appear to do so. This seems to be due to a fundamental lack of knowledge. APIs are used to connect various components in almost all modern environments. Around 80 percent of all Internet traffic goes through an API at some point. APIs are used as getaway vehicles in attacks because they are effective in data exfiltration, according to Noname Security CMO Mike O'Malley.

Submitted by Gregory Rigby on

"The FBI Is Adding More Cyber-Focused Agents to U.S. Embassies"

"The FBI Is Adding More Cyber-Focused Agents to U.S. Embassies"

To increase its response to worldwide cyber crime, the FBI is upping the number of cyber assistant legal attachés and adding new positions in New Delhi, Rome, and Brasilia bringing the total to 22. Cyber bad actors are showing up in a wide variety of locations and often local police have trouble coordinating efforts across countries. The program of cyber-focused agents goes back to 2011 and beefing up the staff shows a proactive approach to dealing with international cyber crime by disrupting the work of criminal groups across country boundaries.

Submitted by Gregory Rigby on
Subscribe to