Security News > 2023 > January

A variant of the bad penny that is Dridex, the general-purpose malware that has been around for years, now has macOS platforms in its sights and a new way of delivering malicious macros via documents. While the Dridex variant has macOS systems in its sights, the malicious payload it delivers is a Microsoft exe file, which won't run in a MacOS environment.

Microsoft has shed light on four different ransomware families - KeRanger, FileCoder, MacRansom, and EvilQuest - that are known to impact Apple macOS systems. The initial vector for these ransomware families involves what the Windows maker calls "User-assisted methods," wherein the victim downloads and installs trojanized applications.

A variant of the infamous Dridex banking malware has set its sights on Apple's macOS operating system using a previously undocumented infection method, according to latest research. Previous Dridex campaigns targeting Windows have leveraged macro-enabled Microsoft Excel documents sent via phishing emails to deploy the payload. A law enforcement operation orchestrated by Europe and the U.S. disrupted the botnet in October 2015 and a Moldovan national named Andrey Ghinkul was arrested for his role as an administrator of the operation.

A New York federal judge told JP Morgan Chase Bank this week that he would not toss a lawsuit accusing the bank of ignoring red flags when cybercrooks stole $272 million from the New York account of the company that makes Ray-Bans in 2019. In an opinion and order filed on Wednesday [PDF], US District Judge Lewis Liman dismissed claims that JP Morgan breached its contract and was negligent, but said that the Thai manufacturing subsidiary of international eyewear company EssilorLuxottica, Essilor Manufacturing, can continue with a claim under New York contract law requiring banks to refund unauthorized payment orders from a customer.

Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach. The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted Exchange email environment.

Popular instant messaging service WhatsApp has launched support for proxy servers in the latest version of its Android and iOS apps, letting users circumvent government-imposed censorship and internet shutdowns. "Choosing a proxy enables you to connect to WhatsApp through servers set up by volunteers and organizations around the world dedicated to helping people communicate freely," the Meta-owned company said.

If you procrastinated to deploy these updates the last two months, you are now running at high risk. January 2023 Patch Tuesday forecast There were no preview updates in December as usual due to the holidays, so the first release of the year is always interesting.

Regardless of what 2023 holds in store for the economy, your organization's financial commitment to supporting OT cybersecurity efforts is being decided now. From the board's perspective, if 2023's financial outlook seems uncertain, perhaps this is not the best time to invest in the costly modernization of the production lines and the related comprehensive cybersecurity solution.

Digital forensics is used to find, examine and analyze digital evidence that can serve in criminal investigations, but also in incident response, investigations of data breaches, to unearth insider threats, etc. Colm Gallagher, Forensics Director, CommSec Communications & Security, talks about the factors that make digital forensics more difficult for law enforcement and industry, and offers advice and lays out practical measures that can increase forensic readiness for all.

The predictions follow industry-wide research, which shows the industry is shifting away from legacy software infrastructure and standardizing on cloud-native applications - resulting in the need for new and more effective approaches to cloud-native application security. The distinction between application security and cloud security has clearly blurred as application security is now affected by the underlying cloud infrastructure, while cloud security professionals now have to take the application layer into account in their attack path analysis.