Security News > 2022 > April

A hacking group used the Conti's leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations. While it is common to hear of ransomware attacks targeting companies and encrypting data, we rarely hear about Russian organizations getting attacked similarly.

A new Android banking malware named Octo has appeared in the wild, featuring remote access capabilities that allow malicious operators to perform on-device fraud. Octo is an evolved Android malware based on ExoCompact, a malware variant based on the Exo trojan that quit the cybercrime space and had its source code leaked in 2018.

Microsoft announced that Windows Autopatch, a service designed to automatically keep Windows and Office software up to date, will be released in July 2022. Windows Autopatch is a new managed service offered for free to all Microsoft customers who already have a Windows 10/11 Enterprise E3 or above license.

Cyberattacks took down Finnish government websites on Friday while Ukrainian President Volodymyr Zelenskyy addressed Finland's members of parliament. Denial-of-service attacks hit Finland's ministries of Defense and Foreign Affairs' websites around noon local time.

Ukraine's technical security and intelligence service is warning of a new wave of cyber attacks that are aimed at gaining access to users' Telegram accounts. "The criminals sent messages with malicious links to the Telegram website in order to gain unauthorized access to the records, including the possibility to transfer a one-time code from SMS," the State Service of Special Communication and Information Protection of Ukraine said in an alert.

Scientists are now debating whether octopuses, squid, and crabs have emotions. Short answer: we don't know, but can't rule it out.

American automotive tools manufacturer Snap-on announced a data breach exposing associate and franchisee data after the Conti ransomware gang began leaking the company's data in March. "We believe the incident involved associate and franchisee data including information such as: names, Social Security Numbers, dates of birth, and employee identification numbers," discloses a Snap-on data breach notification submitted to the California Attorney General's office.

The seizure is also part of a long-running legal and technical hunt by Microsoft to disrupt the work of Strontium - aka APT28 and FancyBear, among other names - via an expedited court process that enables the company to quickly get judicial approval for such actions, according to Tom Burt, corporate vice president of customer security and trust at Microsoft. Before the latest seizures, Microsoft had used this process 15 times to take over more than 100 domains controlled by Strontium, which is thought to be run by the GRU, Russia's foreign military intelligence agency.

Microsoft has reminded customers today that multiple editions of Windows 10 20H2 and Windows 10 1909 are reaching the end of service on May 10, 2022. In a support document, Microsoft says that Windows 10 20H2 will reach EOS for Windows 10 Home, Pro, Pro Education, and Pro for Workstations users.

To create lists you need to add special tags at the start and end of the list, and then special tags at the start and end of each item, which makes proofreading harder than it needs to be, like this. Worse, your marked-up text only works on websites, or in browser-like windows, so you need a plethora of conversion tools anyway if you also want to render your documents into plain ASCII, or some other widely-used format such as PDF, RTF or DOCX. Worst, not all HTML markup can readily be converted into other formats, so you need to remember which HTML constructs you're not allowed to use, in case you end up with a document where most, but not all, of the content can be rendered in other types of file.