Security News > 2020 > October

A freshly discovered family of ransomware called Egregor has been spotted in the wild, using a tactic of siphoning off corporate information and threatening a "Mass-media" release of it before encrypting all files. Egregor is an occult term meant to signify the collective energy or force of a group of individuals, especially when the individuals are united toward a common purpose - apropos for a ransomware gang.

Review of a squid-related children’s book. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

The emails purport to come from the U.S. Election Assistance Commission, an independent agency of the United States government that serves as a national resource of information regarding election administration. The emails subject says "voter registration application details couldnt be confirmed," and the body of the email tells users: "Your Arizona voter's registration application submitted has been reviewed by your County Clerk and some few details couldnt be comfirmed".

In 2019 alone, ATO attacks cost consumers and e-commerce retailers a whopping $16.9 billion in losses. To be clear, ATO fraud isn't new, it's been a concern for online retailers for a decade.

Summary StatementFrom a speech at the National Religious Broadcasters convention, published on 26 February 2020 Department of Justice website, given by William Barr, of the Department of Justice, Attorney General of the United States of America. Simplifying the contested problem of state's structural and functional demise is not what Barr asserts, he knows it, and uses the language of moral certainty to reshape the state in a manner that resembles "Might makes right".

There was good news for administrators of Microsoft's SQL Server 2019 last night as Cumulative Update 8 emerged, fixing the borkage of its predecessor. Things haven't been going well for the SQL Server 2019 servicing model: Cumulative Update 2 left the SQL Agent a bit unhappy.

Or the imposter pages may be part of a short-lived web hosting account - perhaps set up just a day or two before as a "Free trial" that will probably be shut down quickly, but not before the crooks will have cut and run anyway. Usually, the fake login form that performs the password-stealing part of a phishing scam appears somewhere in the phoney web page on website.

The crooks running the Trickbot botnet typically use these config files to pass new instructions to their fleet of infected PCs, such as the Internet address where hacked systems should download new updates to the malware. "This possibly means central Trickbot controller infrastructure was disrupted. The close timing of both events suggested an intentional disruption of Trickbot botnet operations."

Ransomware negotiators may have to pay up in new ways if they intercede with cybercriminals on companies' behalf. The U.S. Department of the Treasury said Thursday that companies that facilitate ransomware payments to cyber-actors on behalf of victims may face sanctions for encouraging crime and future ransomware payment demands.

Aussie telco Telstra has apologised after a Border Gateway Protocol routing oddity caused traffic destined for encrypted email service ProtonMail to wrongly pass through Telstra's servers. Switzerland-headquartered ProtonMail raged in a blog post that Telstra had engaged in "BGP hijacking" through what it described as "Incompetence and not malice", complaining that "Around 30 per cent of the global internet looking for us got pointed to Telstra instead".