Security News > 2022 > July

A new ransomware operation has been launched under the name 'Lilith,' and it has already posted its first victim on a data leak site created to support double-extortion attacks. Lilith is a C/C++ console-based ransomware discovered by JAMESWT and designed for 64-bit versions of Windows.

Professional Finance Company, a Colorado-based debt collector whose customers include hundreds of US hospitals, medical clinics, and dental groups, recently disclosed that more than 1.9 million people's private data - including names, addresses, social security numbers and health records - was exposed during a ransomware infection. In a notice [PDF] posted on its website, PFC said it "Detected and stopped a sophisticated ransomware attack" on February 26 this year, during which criminals accessed files containing data from more than 650 healthcare providers [PDF].

Game publishing giant Bandai Namco has confirmed that they suffered a cyberattack that may have resulted in the theft of customers' personal data. This past Monday, the BlackCat ransomware operation claimed to have breached Bandai Namco and stolen corporate data during the attack.

Microsoft has published the exploit code for a vulnerability in macOS that could help an attacker bypass sandbox restrictions and run code on the system. The company released the technical details for the security issue, which is currently identified as CVE-2022-26706, and explained how the macOS App Sandbox rules could be avoided to allow malicious macro code in Word documents to execute commands on the machine.

Microsoft has published the exploit code for a vulnerability in macOS that could help an attacker bypass sandbox restrictions and run code on the system. The company released the technical details for the security issue, which is currently identified as CVE-2022-26706, and explained how the macOS App Sandbox rules could be avoided to allow malicious macro code in Word documents to execute commands on the machine.

Windows 8.1 is now displaying full-screen alerts when logging into the operating system, warning that the OS is reaching the end of support in January 2023 and will no longer receive security updates. "January 10, 2023 is the last day Microsoft will offer security updates and technical support for PCs that run Windows 8.1. We are reaching out now to thank you for your loyalty and help you prepare for what's next," reads the Windows 8.1 notification below.

Once the attacker has the stolen credentials and session cookies, they can access the victim's email boxes and run a business email compromise campaign, in this case payment fraud, according to Microsoft security researchers. "While AiTM phishing isn't new, our investigation allowed us to observe and analyze the follow-on activities stemming from the campaign - including cloud-based attack attempts - through cross-domain threat data from Microsoft 365 Defender," researchers from the Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center wrote in a blog post.

Like last time, they created an HTML email with a clickable link that itself looked like a URL, even though the actual URL it linked to was not the one that appeared in the text. This time the link you saw if you hovered over the blue text in the email really was a link to a URL hosted on the facebook.com domain.

The US Supreme Court justices who overturned Roe v. Wade last month may have been doxxed - had their personal information including physical and IP addresses, and credit card info revealed - according to threat intel firm Cybersixgill. In response, Democrat lawmakers have introduced bills to make it illegal for data brokers to sell sensitive location and health information about medical treatment, the Federal Trade Commission warned companies it will take legal action against businesses selling this type of personal data, and some tech giants such as Google have pledged to auto-delete location information that could be used to prosecute women seeking medical procedures in states where they are now illegal.

More recently, mergers, acquisitions, and divestitures have surfaced as key use case as companies increasingly look to add or pare down their businesses against the backdrop of a volatile global economic environment, according Chaudhry, Zscaler's chairman and CEO. Speaking at the their recent Zenith Live 2022 event, Chaudhry said Zscaler's cloud-based Zero Trust Exchange platform and underlying technologies have been used in about 300 acquisitions and divestitures over the past three years to reduce the complexity and time involved in merging two networks together or breaking one apart. "I did not think of this use case when I started the company," he told The Register.