Security News > 2021 > December

The Hive ransomware gang is more active and aggressive than its leak site shows, with affiliates attacking an average of three companies every day since the operation became known in late June. The gang's data leak site currently lists only 55 companies that did not pay the ransom, suggesting that a large number of Hive ransomware victims paid the ransom.

If you'd like a powerful firewall for your Ubuntu Server, but one that offers a fairly straightforward configuration, Jack Wallen thinks CSF might be the right tool for the job. Although Uncomplicated Firewall is an outstanding security service on Ubuntu Server, there might be times when you need more.

A novel remote access trojan being distributed via a Russian-language spear-phishing campaign is using unique manipulation of Windows Registry to evade most security detections, demonstrating a significant evolution in fileless malware techniques. Dubbed DarkWatchman, the RAT - discovered by researchers at Prevailion's Adversarial Counterintelligence Team - uses the registry on Windows systems for nearly all temporary storage on a machine and thus never writes anything to disk.

The botnet uses a tactic called crypto clipping, which relies on malware to steal cryptocurrency during a transaction, says Check Point Research. A new botnet variant discovered by cyber threat intelligence provider Check Point Research employs a unique method to steal cryptocurrency from its victims.

The previously shutdown Phorpiex botnet has re-emerged with new peer-to-peer command and control infrastructure, making the malware more difficult to disrupt. The source code for the Phorpiex botnet is being sold on the darknet... pic.

The Vectra Masked CISO series gives security leaders a place to expose the biggest issues in security and advise peers on how to overcome them. As the Agile dogma continues to spread, it's our job as dispassionate security leaders to push back.

Specifically, the error code 'MOZILLA PKIX ERROR OCSP RESPONSE FOR CERT MISSING' and the message "The OCSP response does not include a status for the certificate being verified," help trace down the cause of the issue. The Online Certificate Status Protocol is a way for browsers and other client-side applications to check if an SSL certificate has been revoked, as an alternative to relying on traditional revocation lists.

The British government has launched a £2.6bn National Cyber Strategy, intended to steer the state's thinking on cyber attack, defence and technology for the next three years - and there's some good news if you run a tech company. Its authors praised the formation of the National Cyber Force "Offensive cyber activity" unit, a joint venture between spy agency MI6, domestic intel agency GCHQ and the Ministry of Defence.

the Industrial Internet equipment in our OT networks is connected out to these at-risk cloud services. Worse, once sophisticated ransomware groups or other attackers have a foothold in industrial vendors' web services, those threat actors can be very difficult to detect or dislodge, even after the Log4j vulnerability is long since history.

Social media and search engine operators in Japan will be required to specify the countries in which users' data is physically stored, under a planned tweak to local laws. The amendment, if passed, requires search engines, social media operators and mobile phone companies with over 10 million Japanese users to disclose where in the world they store data, and identify any foreign subcontractors that can access the data.