Security News > 2022 > August

With the world's largest collection of security folk gathering in Las Vegas for Black hat there are encouraging signs that the US government might actually be getting smarter about hiring. Katie Moussouris, founder of Luta Security, knows a thing or six about recruiting new security talent and was invited to the White House last month to help advise on policy.

At least three groups split from the Conti ransomware operation have adopted BazarCall phishing tactics as the primary method to gain initial access to a victim's network. This allows the threat actors to deploy highly-targeted attacks that are more difficult to detect and stop because of the social engineering component.

At least three groups split from the Conti ransomware operation have adopted BazarCall phishing tactics as the primary method to gain initial access to a victim's network. Currently, there is evidence of three groups, all part of the former Conti ransomware operation, that used BazarCall or a version of those tactics: Silent Ransom Group, Quantum, and Roy/Zeon.

Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online. Last week, the threat actor behind the Cisco attack emailed BleepingComputer a directory listing of files allegedly stolen during the attack.

What is an APIC, and why do I need it? How can you have data that even the kernel can't peek at? What causes this epic failure in APIC? Does the ÆPIC Leak affect me? What to do about it? What's an APIC? How can you have data that even the kernel can't peek at?

You know that feeling you get in the pit of your stomach when a digital file goes missing? You immediately think: "Did I back that up? I must have. Did I?" Well, let's go over the top five best backup practices so we can avoid that feeling forever. A quick word of warning - make sure whatever backup methods you're using are approved by your IT admin.

The Maui ransomware that has been used against US healthcare operations has been linked to Andariel, a North Korean state-sponsored threat with links to the notorious Lazarus Group. Ariel has been active since 2015, running attacks to steal data and bring in revenue for the North Korean regime.

A member of the Cuba ransomware operation is employing previously unseen tactics, techniques, and procedures, including a novel RAT and a new local privilege escalation tool. The threat actor was named 'Tropical Scorpius' by researchers at Palo Alto Networks Unit 42 and is likely an affiliate of the Cuba ransomware operation.

Tracked as CVE-2022-20866, this security flaw is due to a weakness in handling RSA keys on ASA and FTD devices. If successfully exploited, it can let unauthenticated attackers retrieve an RSA private key remotely, which they can use to decrypt the device traffic or impersonate Cisco ASA/FTD devices.

A new large-scale phishing campaign targeting Coinbase, MetaMask, Kraken, and Gemini users is abusing Google Sites and Microsoft Azure Web App to create fraudulent sites. Posting links to phishing pages on various legitimate sites aims to increase traffic and boost the malicious site's search engine rankings.