Security News > 2023 > February

The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process. "The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying the ransom," SentinelOne researcher Antonis Terefos said in a report shared with The Hacker News.

The Clop ransomware gang is now also using a malware variant that explicitly targets Linux servers, but a flaw in the encryption scheme has allowed victims to quietly recover their files for free for months. Clop's Linux malware is also in early development, as it's still missing proper obfuscation and evasiveness mechanisms, and it is plagued by flaws that make it possible for victims to retrieve their files without paying the crooks any money.

VMware on Monday said it found no evidence that threat actors are leveraging an unknown security flaw, i.e., a zero-day, in its software as part of an ongoing ransomware attack spree worldwide. The company is further recommending users to upgrade to the latest available supported releases of vSphere components to mitigate known issues and disable the OpenSLP service in ESXi.

Starting in April 2023, Amazon S3 will change the default security configuration for all new S3 buckets.For new buckets created after this date, S3 Block Public Access will be enabled, and S3 access control lists will be disabled.

The LockBit ransomware operation has claimed the cyberattack on UK's leading mail delivery service Royal Mail that forced the company to halt its international shipping services due to "Severe service disruption." This comes after LockBitSupport, the ransomware gang public-facing representative, previously told BleepingComputer that the LockBit cybercrime group did not attack Royal Mail.

Fortra has released an emergency patch to address an actively exploited zero-day vulnerability in the GoAnywhere MFT secure file transfer tool. "This patch was created as a result of the issue we disclosed in the Security Advisories published last week related to GoAnywhere MFTaaS. We urgently advise all GoAnywhere MFT customers to apply this patch," Fortra says.

Microsoft is investigating and working on addressing an ongoing outage affecting the company's Outlook webmail service. According to information shared via the company's Microsoft 365 Status Twitter account, Redmond is performing targeted restarts to portions of the infrastructure impacted by a recent change.

An encrypted messaging service that has been on law enforcement's radar since a 2019 raid on an old NATO bunker has been shut down after a sweeping series of raids across Europe last week. In a search of 79 properties in German, The Netherlands, Belgium and Poland last Friday, Authorities in those four countries arrested 48 people who were users, operators and administrators of the Exclu crypto communications service.

In this Help Net Security video, Christopher Hodson, CSO at Cyberhaven, talks about how CISOs have been investing in inflating their tech stack, but for what? No amount of acronyms will do any good if stuff is leaking from within. Classifying files and data would enable companies to understand what data is necessary and focus on protecting it.

Tensions between two of the biggest producers of connected devices are coming to a head, and will be changing the IoT landscape in 2023. In recent months, India and China have faced off over their disputed border in the Himalayas.