Security News > 2022 > June

Ransomware and social engineering continue to dominate challenges facing cybersecurity professionals, according to Verizon's 15th annual Data Breach Investigations Report. In general, the results of DBIR merely confirm well-established trends, such as the growing threats of ransomware - up 13% this year - and the inescapability of the "Human element", which was tied to 82% of all breaches.

Evil Corp has shifted tactics once again, this time pivoting to LockBit ransomware after U.S. sanctions have made it difficult for the cybercriminal group to reap financial gain from its activity, researchers have found. The U.S. Treasury Department's Office of Foreign Assets Control sanctioned Evil Corp in December 2019 in a widespread crackdown on the dangerous and prolific cybercriminal group best known for spreading the aforementioned info-stealing Dridex malware and later its own WastedLocker ransomware.

A crew using malware that performs cryptomining and clipboard-hacking operations have made off with at least $1.7 million in stolen cryptocurrency. They also observed that there are several design similarities between Clipminer and KryptoCibule - another cryptomining trojan that, a few months before Clipminer hit the scene, was detected and written about by ESET analysts.

Healthcare organizations, already an attractive target for ransomware given the highly sensitive data they hold, saw such attacks almost double between 2020 and 2021, according to a survey released this week by Sophos. "The proportion of healthcare organizations directly impacted by ransomware has almost doubled in 12 months. In the face of this near-normalization, healthcare organizations have gotten better at dealing with the aftermath of an attack: virtually everyone now gets some encrypted data back and nearly three quarters are able to use backups to restore data."

A critical zero-day vulnerability in Atlassian Confluence Data Center and Server is under active exploitation, the software maker has warned on Thursday.There is currently no fix available - though they are expected to be released today - and users of the popular enterprise collaboration solution are advised to either temporarily restrict access to Confluence Server and Data Center instances from the internet, or to disable them completely.

GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. The security flaw affects all versions of GitLab Enterprise Edition starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, and all versions starting from 15.0 before 15.0.1.

Corero Network Security has published the latest edition of its annual DDoS Threat Intelligence Report that compiles the trends, observations, predictions, and recommendations based on DDoS attacks against Corero customers during 2021. The report highlights that DDoS threats continue to grow in sophistication, size, and frequency.

Parrot TDS was documented in April 2022 by Czech cybersecurity company Avast, noting that the PHP script had ensnared web servers hosting more than 16,500 websites to act as a gateway for further attack campaigns. The goal of the JavaScript code is to kick-start the second phase of the attack, which is to execute a PHP script that's already deployed on the ever and is designed to gather information about a site visitor and transmit the details to a remote server.

Why are we still talking about passwords? We already have single sign-on, and passwordless is the new buzzword everyone is talking about, but when you put yourself in the shoes of someone who is responsible for the overall security of an organization, there is a big contrast. Many organizations have implemented technologies such as SSO to address the problem of managing too many passwords, but passwords are still used in every business: for legacy applications, for network systems, for services not connected to SSO, network passwords, and passwords for encrypted documents.

Vishing cases have increased almost 550 percent during 2021, and vishing attacks have overtaken business email compromise as the second most reported response-based email threat since Q3 2021. In this video for Help Net Security, Eric George, Director of Solutions Engineering, PhishLabs, talks about this constantly evolving threat.