Security News > 2022 > June

TB Kawashima, part of the Japanese automotive component manufacturer Toyota Boshoku of the Toyota Group of companies, announced that one of its subsidiaries has been hit by a cyberattack. On Thursday, TB Kawashima announced that one of its subsidiaries, a Thai sales company, had been breached, prompting immediate action that consisted in turning off devices that the attacker accessed.

Increasingly cybercrime rings still tracked as ransomware operators are turning toward primarily data theft and extortion - and skipping the encryption step altogether. The Conti internal communications leaked earlier in the year highlighted how these ransomware gangs operate akin to software-as-a-service startups.

Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management Framework - a U.S. government guideline for taking care of data. The NIST Cybersecurity & Risk Management Frameworks Course helps you understand this topic, with over 21 hours of video instruction.

Other news this week is a surge in eCh0raix ransomware attacks on QNAP devices, a report on a Mitel zero-day used in a ransomware attack, Chinese hackers are deploying ransomware as decoys, and a report on a Conti hacking spree that took place at the end of last year. This week, ech0raix ransomware has started targeting vulnerable QNAP Network Attached Storage devices again, according to user reports and sample submissions on the ID Ransomware platform.

Blockchain venture Harmony offers bridge services for transferring crypto coins across different blockchains, but something has gone badly wrong. The Horizon Ethereum Bridge, one of the firm's ostensibly secure bridges, was compromised on Thursday, resulting in the loss of 85,867 ETH tokens optimistically worth more than $100 million, the organization said via Twitter.

A new malware tool that enables cybercriminal actors to build malicious Windows shortcut files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "Multiple payloads per.LNK" file.

Researchers thaw squid frozen into a cube and often make interesting discoveries. (Okay, this is a weird story.) As usual, you can also use this squid post to talk about the security stories in...

A China-based advanced persistent threat group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves the deployment of post-intrusion ransomware such as LockFile, Atom Silo, Rook, Night Sky, Pandora, and LockBit 2.0.

Roskomnadzor, Russia's telecommunications watchdog, has fined Google 68 million rubles for helping spread what it called "Unreliable" information on the war in Ukraine and the failure to remove it from its platforms. The Russian telecommunications regulator said Google's YouTube online video sharing platform "Purposefully contributes" to spreading inaccurate info on Russia's war in Ukraine, thus defaming Russia's army.

Microsoft has accidentally leaked that Windows 10 22H2 is on its way by including an enablement package in the latest Windows 10 KB5014666 preview update available to Insiders on the Release channel. Today, Microsoft has released the Windows 10 KB5014666 cumulative update preview to Windows Insiders on the Release channel, allowing them to test upcoming fixes before they are previewed by the larger Windows 10 user base next week.