Security News > 2022 > January

TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier to target more operating systems, macOS and Linux, in particular. The return of this malware strain was noticed last month, when threat actors used it in conjunction with the Log4Shell exploit to target vulnerable machines.

Windows 10 users and administrators report problems making L2TP VPN connections after installing the recent Windows 10 KB5009543 and Windows 11 KB5009566 cumulative updates. These updates include KB5009566 for Windows 11 and KB5009543 for Windows 10 2004, 20H1, and 21H1. After installing yesterday's updates, Windows users find their L2TP VPN connections broken when attempting to connect using the Windows VPN client.

The OceanLotus group of state-sponsored hackers are now using the web archive file format to deploy backdoors to compromised systems. A report from Netskope Threat Labs shared with Bleeping Computer in advance notes that OceanLotus' campaign using web archive files is still active, although the targeting scope is narrow and despite the command and control server being disrupted.

After a number of top traders of FIFA's Ultimate Team game last week reported that their accounts had been taken over and cleared of points and thousands of dollars in game currency, EA launched an investigation. The company discovered that phishers managed to "Exploit human error" among EA's customer support staff to compromise less than 50 top trader accounts, the company wrote in a post on its website Tuesday.

A novel multi-platform backdoor dubbed SysJoker has been successfully evading security solutions since mid-2021. "In the Linux and macOS versions, it masquerades as a system update. In the Windows version, it masquerades as Intel drivers. The update names are somewhat generic: In the macOS version, the file is relocated and named 'updateMacOs' and in the Linux version it is named 'updateSystem'," Avigayil Mechtinger, security researcher at Intezer, has shared with Help Net Security.

The campaign was first detected in October and is using services like AWS and Azure to hide its tracks and evade detection. Talos, Cisco's cybersecurity research arm, reports it has detected a new malware campaign that is using public cloud infrastructure to host and deliver variants of three remote access trojans while maintaining enough agility to avoid detection.

We'll dissect the iOS system and show how it's possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it's still running. The "NoReboot" approach simulates a real shutdown.

An infosec pro fed up of having to follow tedious Twitter accounts to stay on top of cybersecurity developments has set up a website that phones you if there's a new vuln you really need to know about. Keeping up with fast-developing situations, such as the Log4j vuln and its iterations, is "Extraordinarily overwhelming," he told The Register - and he reckons relying on CVE number assignations is just too slow in this day and age.

Electronic Arts has published an official response to numerous reports about hacked player accounts, confirming the problem and attributing it to phishing actors. As the notice explains, hackers used social engineering against EA's customer experience team to bypass two-factor authentication and take over 50 player accounts.

One of the targets was Sergey Alexeyevich Ryabko, the deputy foreign minister for the Russian Federation, among other things responsible for bilateral relations with North and South America. The phishing campaign started since at least October 19, 2021, deploying Konni malware, a remote administration tool associated with the cyber activity from North Korean hackers known as APT37.