Security News > 2023 > January

Early in his career, Kevin Mitnick successfully hacked California law. The setup is that he just discovered that there's warrant for his arrest by the California Youth Authority, and he's trying to figure out if there's any way out of it.

Six months ago, according to the US Department of Justice, the Federal Bureau of Investigation infiltrated the Hive ransomware gang and started "Stealing back" the decryption keys for victims whose files had been scrambled. As you are almost certainly, and sadly, aware, ransomware attacks these days typically involve two associated groups of cybercriminals.

The FBI has revealed the results of a month-long campaign designed to thwart an infamous ransomware group known for extorting hospitals, school districts and critical infrastructure. Since the FBI's campaign started, more than 300 decryption keys have been given to Hive victims under attack, while more than 1,000 were provided to victims of the gang's previous attacks.

The Ukrainian Computer Emergency Response Team found a cocktail of five different data-wiping malware strains deployed on the network of the country's national news agency on January 17th. "As of January 27, 2023, 5 samples of malicious programs were detected, the functionality of which is aimed at violating the integrity and availability of information," CERT-UA said. Their attempt to wipe out all the data on the news agency's systems failed.

KQL is an interesting hybrid of scripting and query tools, so it's familiar to anyone who's used Python for data science or SQL for working with databases. It's designed to work against tables of data, with the ability to create variables and constants that can help control the flow of a set of KQL statements.

Microsoft has addressed a known issue causing the Remote Desktop app to freeze on Windows 11 systems after installing the Windows 11 2022 Update. "After installing Windows 11, version 22H2, the Windows Remote Desktop application might stop responding when connecting via a Remote Desktop gateway or Remote Desktop Connection Broker," Redmond explains on the Windows health dashboard entry published in November.

Security researchers have analyzed a variant of the PlugX malware that can hide malicious files on removable USB devices and then infect the Windows hosts they connect to. Looking for similar samples, Unit 42 also discovered a PlugX variant on Virus Total that locates sensitive documents on the compromised system and copies them to a hidden folder on the USB drive.

In consensus with ESG's research, a new study by the Neustar International Security Council found few organizations think they are keeping up with security challenges, and only half said they have sufficient budgets to meet their security needs. Carlos Morales, senior vice president of solutions at Neustar Security Services, answers questions about how organizations should think about apportioning IT budgets and how to shore up cybersecurity needs.

Cybersecurity researchers have discovered the real-world identity of the threat actor behind Golden Chickens malware-as-a-service, who goes by the online persona "Badbullzvenom." The second threat actor, known as Frapstar, is said to identify themselves as "Chuck from Montreal," enabling the cybersecurity firm to piece together the criminal actor's digital footprint.

This is a good list of modern phishing techniques.