Security News > 2021 > October

Avast also released two decryptors this week - one for Babuk Ransomware and another that decrypts files encrypted by Atom Silo and LockFile files. Finally, the NRA suffered a ransomware attack by the Grief ransomware operation, which is linked to the US sanctioned Evil Corp hacking group.

In what maybe peak hype, Squid Game has its own cryptocurrency. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

The European police force stated the ransomware activities targeted critical infrastructures and mostly large corporations. Europol, the European police agency, announced today the arrests of 12 people involved in ransomware activities across the world.

Impact: A malicious application may be able to modify protected parts of the file system Description: An inherited permissions issue was addressed with additional restrictions CVE-2021-30892: Jonathan Bar Or of Microsoft. As we now know, following an article published by Microsoft researchers after Apple's patches came out, there was a bit more to it that just "Modifying protected parts" of the file system.

An Apple software installation daemon called system installd allowed its child processes to bypass SIP's normal restrictions on filesystem access. Unleashed on world+dog with 2015's El Capitan release, MacOS SIP is intended to ensure that system-level files on a Mac can only be modified by Apple-signed installers or the fruity firm's own update mechanism - locking out even root users.

Cybercriminals are flooding to use the Snake password-stealing trojan, making it one of the popular malware families used in attacks. Mainly deployed in phishing campaigns, Snake installed via malicious email attachments or through drops sites reached by clicking on email links.

The Hive ransomware gang now also encrypts Linux and FreeBSD using new malware variants specifically developed to target these platforms. The ransomware's Linux version also fails to trigger the encryption if executed without root privileges because it attempts to drop the ransom note on compromised devices' root file systems.

Crooks behind a newly identified malware campaign are targeting Windows 10 with malware that can infect systems via a technique that cleverly bypasses Windows cybersecurity protections called User Account Control. Iwamaye wrote in a blog post published Thursday, the attack chain is initiated when a Chrome browser user visits a malicious website and a "Browser ad service" prompts the user to take an action.

Guntrader Ltd entered a creditors' voluntary liquidation on 22 October. Its director, Viscount Alexander Andover, was appointed on 21 October as the sole head of a company incorporated barely a month previously and whose initial name was Guntrader 2.uk Ltd. Guntrader's website is still operating today.

Microsoft has added new utilities to the PowerToys toolset and updated the user interface with a new Windows 11 theme for PowerRename. The Windows PowerToys were initially tiny freeware utilities created by Windows developers as side projects during the Windows 95 era.