Security News > 2021 > May

As part of the May 2021 Patch Tuesday updates, Microsoft introduced a new feature to Windows 10 called 'News and Interests. ' If you are not a fan of the new widget, this article will explain how you can disable it, so it doesn't appear on the Windows 10 taskbar.

A banking trojan named Bizarro that originates from Brazil has crossed the borders and started to target customers of 70 banks in Europe and South America. Bizarro is under constant development as its author keeps expanding the list of supporting banks and they modify it to improve anti-analysis protections.

A wormable vulnerability in the HTTP Protocol Stack of the Windows IIS server can also be used to attack unpatched Windows 10 and Server systems publicly exposing the WinRM service. Luckily, although it can be abused by threat in remote code execution attacks, the vulnerability ONLY impacts versions 2004 and 20H2 of Windows 10 and Windows Server.

CNA Financial, the US insurance conglomerate, has apparently paid $40m to ransomware operators to gets its files back. All CNA systems are now back up and running though it appears that the company didn't manage this themselves and instead coughed up a widely reported $40m to the extortionists for the means to decrypt the scrambled files.

The federal indictment charged Kendra Kingsbury, 48, with two counts of having unauthorized possession of documents relating to the national defense, according to an unsealed indictment that was made public on Friday. Kingsbury worked as an intelligence analyst in the FBI's Kansas City Division for more than 12 years, until her suspension in 2017.

IDrive Cloud Backup has released IDrive Mirror, providing secure, cloud-based full image backups for Windows computers and server operating systems for protection against data loss and dreaded ransomware. IDrive Mirror gives individuals and small businesses the ability to backup unlimited computers and server systems into a single account, allowing for direct data backup and retrieval from the IDrive cloud without any intermediary storage device.

The adversary behind Conti ransomware targeted no fewer than 16 healthcare and first responder networks in the U.S. within the past year, totally victimizing over 400 organizations worldwide, 290 of which are situated in the country. "The FBI identified at least 16 Conti ransomware attacks targeting U.S. healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year," the agency said.

DarkSide, the hacker group behind the Colonial Pipeline ransomware attack earlier this month, received $90 million in bitcoin payments following a nine-month ransomware spree, making it one of the most profitable cybercrime groups. "In total, just over $90 million in bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets," blockchain analytics firm Elliptic said.

Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure. All the dark web sites operated by the gang, including its DarkSide Leaks blog, ransom collection site, and breach data content delivery network servers, have gone dark and remain inaccessible as of writing.

DataStax announced a collaboration with NetApp to deliver full lifecycle management for cloud native data in its DataStax Enterprise database as well as open source Apache Cassandra clusters. As part of this partnership, the two companies have worked together to integrate the NetApp Astra data management service for Kubernetes workloads with DataStax Enterprise and Cassandra to provide a single pane of glass management for Cassandra data in modern containerized environments.