Security News

A new QBot malware campaign dubbed "QakNote" has been observed in the wild since last week, using malicious Microsoft OneNote'. Qbot is a former banking trojan that evolved into malware that specializes in gaining initial access to devices, enabling threat actors to load additional malware on the compromised machines and perform data-stealing, ransomware, or other activities across an entire network.

Microsoft announced on Tuesday a new version of its Bing search engine powered by a next-generation OpenAI language model more powerful than ChatGPT and specially trained for web search. "Today, we're launching Bing and Edge powered by AI copilot and chat, to help people get more from search and the web."

Metaverse poses risks for users and creators While cybersecurity leaders see risk, they're forging ahead Same as it ever was, but in 3D Like the web, metaverse comes with caveat emptor for users Brand reputation risks in 3D. The metaverse is evolving into a 3D digital world for buying, selling, recruiting and training, unbound by geography and currently without clear rules and regulations. There are two main security threats in the metaverse and web 3.0, according to John Tsangaris, technical security leader at infosec company Optiv.

Russian citizen Denis Mihaqlovic Dubnikov pleaded guilty on Tuesday to laundering money for the notorious Ryuk ransomware group for over three years. The guilty plea comes after Dubnikov was arrested in Amsterdam in November 2021 and extradited to the United States in August 2022.

Many online stores are exposing private backups in public folders, including internal account passwords, which can be leveraged to take over the e-commerce sites and extort owners. According to a study by website security company Sansec, roughly 12% of online stores forget their backups in public folders due to human error or negligence.

A new version of the Medusa DDoS botnet, based on Mirai code, has appeared in the wild, featuring a ransomware module and a Telnet brute-forcer. Medusa is an old malware strain being advertised in darknet markets since 2015, which later added HTTP-based DDoS capabilities in 2017.

Here's some more bad news: the ransomware used in this attack, which you'll see referred to variously as ESXi ransomware and ESXiArgs ransomware, seems to be a general-purpose pair of malware files, one being a shell script, and the other a Linux program. In other words, altough you absolutely need to patch against these old-school VMWare bugs if you haven't already, there's nothing about this malware that inextricably locks it to attacking only via VMWare vulnerabilities, or to attacking only VMWare-related data files.

A joint law enforcement operation conducted by Germany, the Netherlands, and Poland has cracked yet another encrypted messaging application named Exclu used by organized crime groups. "Exclu makes it possible to exchange messages, photos, notes, voice memos, chat conversations, and videos with other users," the Politie said.

CVE-2021-21974 is a vulnerability affecting OpenSLP as used in VMware ESXi. The French government's Computer Emergency Response Team CERT-FR was the first to raise an alert on ransomware exploiting this vulnerability on Feb. 3, 2023, quickly followed by French hosting provider OVH. Attackers can exploit the vulnerability remotely and unauthenticated via port 427, which is a protocol that most VMware customers do not use.

Toyota's Global Supplier Preparation Information Management System was breached by a security researcher who responsibly reported the issue to the company. The issues were responsibly disclosed to Toyota on November 3, 2022, and the Japanese car maker confirmed they had been fixed by November 23, 2022.