Security News > 2022 > April

The group behind the Onyx operation is overwriting the data in those files with trash data rather than encrypting it, so the data cannot be recovered via a decryption key. "There's a big problem: as the ransomware they are using is a trash skidware, it's destroying a part of the victims' files," analysts at the Malware Hunter Team wrote in a tweet.

The Romanian national cyber security and incident response team, DNSC, has issued a statement about a series of distributed denial-of-service attacks targeting several public websites managed by the state entities. DNSC is now collaborating with other authorities in the country to map these attacks and mitigate their effect.

Abstract: In the post-pandemic era, video conferencing apps have converted previously private spaces - bedrooms, living rooms, and kitchens - into semi-public extensions of the office. For the most part, users have accepted these apps in their personal space, without much thought about the permission models that govern the use of their personal data during meetings.

The mad dash to set up shop in the cloud can sometimes lead to stormy weather: There are, after all, beaucoup security challenges hidden behind the cloud's promise of blue skies. As Prevailion CTO Nate Warfield enumerates, cloud marketplaces "Are rife with pre-built virtual machine images containing unpatched vulnerabilities, overly permissive firewall settings, and even malware and coin miners. Cloud providers don't take a proactive stance towards breach and compromise monitoring and, in many cases, won't even pass on notifications to their customers which they have received from external researchers."

Witschi, the assistant director for cybercrime threat response and operations at Interpol, told The Register about recent successes that the agency's Gateway cyber-threat intel sharing project has had, and the increasingly well-funded, targeted attacks that law enforcement agencies are trying to prevent. Through the project private-sector security shops including Fortinet, Palo Alto Networks, Trend Micro, Kaspersky Lab and others share intelligence with Interpol member countries' law enforcement agencies to help them investigate cybercrime and attribute attacks to the various crime rings.

A threat group responsible for sophisticated cyberespionage attacks against U.S. utilities is actually comprised of three subgroups, all with their own toolsets and targets, that have been operating globally since 2018, researchers have found. The group is known not only for targeting U.S. organizations in the utilities sector, but also diplomatic organizations in the Middle East and Africa, according to a report published this week by researchers at security firm ESET. Though it's apparently been active since 2018, TA410 first came up on researchers' radar in 2019, when Proofpoint uncovered a phishing campaign targeting three U.S. companies in the utilities sector that used a novel malware then dubbed LookBack.

India's Computer Emergency Response Team has given many of the nation's IT shops a big job that needs to be done in a hurry: complying with a new set of rules that require organizations to report 20 different types of infosec incidents within six hours of detection, be they a ransomware attack or mere compromise of a social media account. The national infosec agency stated the short deadline is needed as it has identified "Certain gaps causing hindrance in incident analysis."

Users of Synology and QNAP network-attached storage devices are advised to be on the lookout for patches for several critical vulnerabilities affecting Netatalk, an open-source implemention of the Apple Filing Protocol that allows Unix-like operating systems to serve file servers for Macs.Network-attached storage devices are usually used by small-to-medium businesses and home users for storing and sharing files and backups.

To the surprise of many users, China's largest Twitter-esque microblogging website, Sina Weibo, announced on Thursday that it will publish users' IP addresses and location data in an effort to keep their content honest and nice. "Conventional thinking is that IP addresses may be considered personal data because they could reveal exact locations," he told The Register by email.

A sophisticated malware loader dubbed Bumblebee is being used by at least three cybercriminal groups that have links to ransomware gangs, according to cybersecurity researchers. Researchers with both Proofpoint and Cybereason found code similarities between Bumblebee and TrickBot's malware.