Security News > 2022 > July

Acronis Cyber Protect Home Office offers a robust imaging tool that walks you through the process of creating a full image of your running machine and gives you a choice of destinations to house the image. Doesn't it? Fear not: Even if you're not the most adept at using technology, you can successfully create an image of your system with Acronis Cyber Protect Home Office.

Federal law enforcement officials this week said they seized about $500,000 that healthcare facilities in the United States paid to the Maui ransomware group. In the case involving the Kansas healthcare facility, the hospital paid the $100,000 ransom but also contacted the FBI, which traced the payment through the blockchain and identified accounts used by money launderers in China who were working with the North Korean-backed ransomware group.

LinkedIn is holding the top spot for the most impersonated brand in phishing campaigns observed during the second quarter of 2022. Compared to the first quarter of the year, LinkedIn impersonation dropped from 52% to 45%. However, it maintains a considerable distance from the second most imitated brand by fraudsters, Microsoft, currently at 13%. The central theme in spoofed Microsoft emails is requests to verify Outlook accounts to steal usernames and passwords.

The Russian hacking group Turla released an Android app that seems to aid Ukrainian hackers in their attacks against Russian networks. The hackers pretended to be a "Community of free people around the world who are fighting russia's aggression"-much like the IT Army.

The U.S. Department of Justice has announced the seizure of approximately $500,000 in Bitcoin, paid by American health care providers to the operators of the Maui ransomware strain. At the start of this month, Maui was highlighted by the FBI and CISA as a new North Korean-backed ransomware operation extorting western organizations with encryption attacks.

The analysis compared the password requirements against a subset of the Specops Breached Password Protection list, containing 1 billion known compromised passwords. Zendesk does not perform a compromised password check, resulting in password being accepted.

Kaspersky security researchers have disclosed details of a brand-new ransomware family written in Rust, making it the third strain after BlackCat and Hive to use the programming language. Luna, as it's called, is "Fairly simple" and can run on Windows, Linux, and ESXi systems, with the malware banking on a combination of Curve25519 and AES for encryption.

FBI warns of phony cryptocurrency apps aiming to steal money from investors. The FBI is urging cryptocurrency investors and investment firms to beware of fraudulent cryptocurrency apps that try to steal money from unsuspecting victims.

Aamir Lakhani, with FortiGuard Labs, answers the question; Why is the Conti ransomware gang targeting people and businesses in Costa Rica? The Conti ransomware group is behind many prominent attacks, including the one that took down the Irish healthcare service in May 2021.

Magecart campaigns have been skimming payment-card credentials of unsuspecting customers using three online restaurant-ordering systems, affecting about 300 restaurants that use the services and compromising tens of thousands of cards so far, researchers have found. Two separate ongoing Magecart campaigns have injected e-skimmer scripts into the online ordering portals of restaurants using three separate platforms: MenuDrive, Harbortouch, and InTouchPOS, researchers from Recorded Future revealed in a blog post this week.