Security News > 2023 > March

It wasn't until February 28th that DISH finally confirmed that they suffered a ransomware attack, with multiple sources telling BleepingComputer that the Black Basta ransomware gang was responsible. Other ransomware attacks we learned more about this week include ones on the City of Oakland, the Indigo book store chain, Tennessee State University and Southeastern Louisiana University, and the Clop data theft at Hatch Bank.

Researchers are prototyping multi-segment shapeshifter drones, which are "The precursors to flying squid-bots." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Attackers can create components with names that resemble those of legitimate open-source or system components. Relying on an immature component or project can pose significant operational risks.

BetterHelp - whose business boomed during COVID lockdown - has denied wrongdoing, and claimed in a statement that it merely used "Industry-standard practice... routinely used by some of the largest health providers, health systems, and healthcare brands." The filing alleged: "Between 2017 and 2018, Respondent uploaded lists of over 7 million Visitors' and Users' email addresses to Facebook. Facebook matched over 4 million of these Visitors and Users with their Facebook user IDs, linking their use of the Service for mental health treatment with their Facebook accounts."

A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary. According to Cyble researchers who first spotted it, the leaked information is extensive, with details on "At least 740,858 credit cards, 811,676 debit cards, and 293 charge cards."

The risks you introduce by taking your eyes off the ransomware threat in 2023 to focus on the next, old-is-new-again shiny topic are similar to the risks you would have faced if you started focusing exclusively on ransomware a few years ago, when it was the hot new fear of the day. These include using phishing, searching out improperly-configured RDP servers, looking for unpatched online services on your network, or simply by buying up access credentials from crooks who were in before them.

A malicious package discovered in the Python Package Index is the latest example of what threat hunters from Kroll called the continued "Democratization of cybercrime," with the bad guys creating malware variants from the code of others. In this case, it means pulling together code from multiple sources to build the malware in packages uploaded into PyPI. Dropping malicious packages into PyPI, GitHub, NPM, RubyGems, and other repositories, and enticing developers to inadvertently put them into their products is a fast-growing part of threats against the software supply chain.

Brave Search has incorporated a new AI-powered tool named Summarizer, which gives a summarized answer to an inputted question before the rest of the search results. Brave Search is a fast-growing privacy-centric internet search engine allowing users to search the web anonymously without being tracked.

CISA and the FBI have issued a joint advisory highlighting the increasing threat behind ongoing Royal ransomware attacks targeting many U.S. critical infrastructure sectors, including healthcare, communications, and education. In response, the FBI and CISA shared indicators of compromise and a list of tactics, techniques, and procedures linked, which would help defenders detect and block attempts to deploy Royal ransomware payloads on their networks.

Nicholas Weaver wrote an excellent paper on the problems of cryptocurrencies and the need to regulate the space-with all existing regulations. The cryptocurrency space has grown over the past decade with very little regulatory oversight.