Security News > 2022 > April

An 18-month-long analysis of the PYSA ransomware operation has revealed that the cybercrime cartel followed a five-stage software development cycle from August 2020, with the malware authors prioritizing features to improve the efficiency of its workflows. PYSA, short for "Protect Your System, Amigo" and a successor of the Mespinoza ransomware, was first observed in December 2019 and has emerged as the third most prevalent ransomware strain detected during the fourth quarter of 2021.

CISA, the FBI, and the US Treasury Department warned today that the North Korean Lazarus hacking group is targeting organizations in the cryptocurrency and blockchain industries with trojanized cryptocurrency applications. The attackers use social engineering to trick employees of cryptocurrency companies into downloading and running malicious Windows and macOS cryptocurrency apps.

Kaspersky today revealed it found a vulnerability in Yanluowang ransomware's encryption algorithm, which makes it possible to recover files it encrypts. The Russian cybersecurity firm has added support for decrypting files locked by the Yanluowang ransomware strain to its RannohDecryptor utility.

The Canadian research outfit also said it had identified at least 65 individuals linked with Catalan civil society groups in Spain who were targeted by, or infected with, surveillance software. On Monday, Citizen Lab, a part of at the University of Toronto's Munk School, said it had found likely NSO Group Pegasus spyware infections on devices associated with UK Prime Minister Boris Johnson's office, 10 Downing Street, and on devices linked to the FCO, now called the FCDO, or the Foreign Commonwealth and Development office.

Digital threat researchers at Citizen Lab have discovered a new zero-click iMessage exploit used to install NSO Group spyware on iPhones belonging to Catalan politicians, journalists, and activists. "Among Catalan targets, we did not see any instances of the HOMAGE exploit used against a device running a version of iOS greater than 13.1.3. It is possible that the exploit was fixed in iOS 13.2," Citizen Lab said.

MetaMask has published a warning for their iOS users about the seeds of cryptocurrency wallets being stored in Apple's iCloud if app data backup is active. MetaMask is a "Hot" cryptocurrency wallet used by over 21 million investors to store their wallet tokens and manage their digital assets.

Microsoft will pay more - up to $26,000 more - for "High-impact" bugs in its Office 365 products via its bug bounty program. The new "Scenario-based" payouts to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program aim to incentivize bug hunters to focus on finding vulnerabilities with "The highest potential impact on customer privacy and security," Microsoft said late last week.

Report: Many SMBs wouldn't survive a ransomware attack. A new report from cybersecurity provider CyberCatch reveals why SMBs may not be able to withstand an attack and offers advice on how they can better protect themselves.

Hackers are luring unsuspecting users with a fake Windows 11 upgrade that comes with malware that steals browser data and cryptocurrency wallets. The hackers are preying on users that jump at installing Windows 11 without spending the time to learn that the OS needs to meet certain specifications.

Microsoft says Windows 10, version 21H2 is now designated for broad deployment, making it available to everyone via Windows Update. The Windows 10 21H2 rollout started in November 2021, but Microsoft only began offering it to all those checking for updates via Windows Update beginning on Friday, April 15, 2022.