Security News > 2021 > January

Ransomware has become a commodity threat that fosters new tools and technologies; skills and expertise and reputations carrying menacing "Street cred." Unfortunately, technology is sold as a service; skills and expertise are leased across criminal organizations and reputations now ensure victim firms pay six or seven figure ransoms. According to the CrowdStrike 2020 Global Threat Report, these ransomware gangs earned over $80 million in ransoms.

The Fonix Ransomware operators have shut down their operation and released the master decryption allowing victims to recover their files for free. The ransomware operation was not as widely active as others, such as REvil, Netwalker, or STOP, but starting in November 2020, it picked up a bit, as shown by the ID Ransomware submissions below.

A trio of researchers from China have found that QUIC is more vulnerable to web fingerprinting than HTTPS, a shortcoming that could make it easier for an adversary to infer which websites an individual is visiting by scrutinizing network traffic. Google developed QUIC to solve issues like these and the protocol is being worked on in parallel by the Internet Engineering Task Force as a standard.

Xiaopao found new Xorist Ransomware variants that append the. Xiaopao found a new Xorist Ransomware variant that appends the.

What about the autumn equinox when do I call you as the hour gets doubled up in wall clock time, is it in the first hour of elapsed time or the second hour of elapsed time? Hidden in there is the actual answer usually used, that is never use wall/calendar time for actual work, always use elapsed time.

Developers of a plugin, used by WordPress websites for building pop-up ads for newsletter subscriptions, have issued a patch for a serious flaw. The plugin has been installed on 200,000 WordPress websites.

Two fresh business email compromise tactics have emerged onto the phishing scene, involving the manipulation of Microsoft 365 automated email responses in order to evade email security filters. In the read-receipts attack, a scammer creates an extortion email, and manipulates the "Disposition-Notification-To" email header to generate a read-receipt notification from Microsoft 365 to the recipient.

New research released today provides greater insight into the Emotet module created by law enforcement that will uninstall the malware from infected devices in April. On January 27th, Europol announced that a joint operation between law enforcement agencies from Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine took control of the Emotet botnet's servers and disrupted the malware's operation.

New research released today provides greater insight into the Emotet module created by law enforcement that will uninstall the malware from infected devices in April. On January 27th, Europol announced that a joint operation between law enforcement agencies from Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine took control of the Emotet botnet's servers and disrupted the malware's operation.

The identified bug is a heap buffer overflow and it's considered rather serious because it's easily exploitable. "Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs," explains Werner Koch, principal developer of GnuPGP in the security advisory.