Security News > 2022 > November

Windows has its own independently developed and maintained encryption library with the wacky name Cryptography API: Next Generation, so in theory you would not expect to have to worry about OpenSSL on Windows at all. Dll in its System folder, which is a filename typically associated with OpenSSL. Intriguingly, that one turns out to be a false alarm, because it was compiled from the LibreSSL code, a similar but alternative cryptographic library from the OpenBSD team that is loosely compatible with OpenSSL, but doesn't have these bugs in it.

Now, the critical update actually, it turned out that while investigating the first update, they found a second related update, so there are actually two of them those only apply to OpenSSL 3.0, not to 1.1.1. DUCK. Well, the critical deal here is when we wrote about the update that included iOS 16.1 and iPadOS 16, which actually turned out to be iPadOS 16.1 after all.

The threat actor behind the RomCom RAT has refreshed its attack vector and is now abusing well-known software brands for distribution. In a new campaign discovered by BlackBerry, the RomCom threat actors were found creating websites that clone official download portals for SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro, essentially disguising the malware as legitimate programs.

A business email compromise group named 'Crimson Kingsnake' has emerged, impersonating well-known international law firms to trick recipients into approving overdue invoice payments. This approach creates a solid basis for the BEC attack, as recipients may be intimidated when receiving emails from large law firms like the ones impersonated in the scams.

The LockBit ransomware gang has claimed responsibility for a cyberattack against the German multinational automotive group Continental.Since LockBit says that it will publish "All available" data, this indicates that Continental is yet to negotiate with the ransomware operation or it has already refused to comply with the demands.

A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 group. This link "Could suggest either that Black Basta and FIN7 maintain a special relationship or that one or more individuals belong to both groups," cybersecurity firm SentinelOne said in a technical write-up shared with The Hacker News.

In another week of intense world news, you may have missed these tech stories. Making your Apple devices play nice with OneDrive, a new Excel function and a new way attackers communicate during their campaigns lead the best technology stories TechRepublic had to offer this week.

The White House's second International Counter Ransomware Initiative summit has concluded, and this year the 36-nation group has made clear it intends to crack down on how cryptocurrencies are used to finance ransomware operations. Last year's summit ended with far fewer actionable, concrete steps in this direction, concluding with a joint statement indicating "Countering illicit finance" was a priority without stating in specific terms that the Countering Ransomware Initiative was focused on cryptocurrencies.

A threat group that researchers call OPERA1ER has stolen at least $11 million from banks and telecommunication service providers in Africa using off-the-shelf hacking tools. Analysts at Group-IB, working with the CERT-CC department at Orange, have been tracking OPERA1ER since 2019 and noticed that the group changed its techniques, tactics, and procedures last year.

The Atacama Large Millimeter Array Observatory in Chile has suspended all astronomical observation operations and taken its public website offline following a cyberattack on Saturday, October 29, 2022. The observatory also clarified that the attack did not compromise the ALMA antennas or any scientific data, indicating that there are no signs of unauthorized data access or exfiltration.