Security News > 2023 > April

The UK's Criminal Records Office has finally confirmed, after weeks of delaying issuing a statement, that online portal issues experienced since January 17 resulted from what it described as a "Cyber security incident." ACRO is the country's national law enforcement organization responsible for managing criminal record information, providing criminal records on request, and sharing those records with foreign nations.

Security researchers discovered a new malicious browser extension called Rilide, that targets Chromium-based products like Google Chrome, Brave, Opera, and Microsoft Edge. Researchers at Trustwave SpiderLabs found that Rilide mimicked benign Google Drive extensions to hide in plain sight while abusing built-in Chrome functionalities.

DOUG. Wi-Fi hacks, World Backup Day, and supply chain blunders. DUCK. Very simply put, the only backup you will ever regret is the one you did not make.

"Customers who contact Microsoft Support after this date will be directed to update their device to the latest version of Windows 10 or upgrade to Windows 11 to remain supported." You can find more details regarding Windows end-of-service dates in the Windows Lifecycle FAQ, the Windows 10 Servicing Frequently Asked Questions, and with the help of the Lifecycle Policy search tool.

"We will need to be persistent as we work to take down the cracked, legacy copies of Cobalt Strike hosted around the world," said Amy Hogan-Burney, the head of Microsoft's Digital Crimes Unit. Last Friday, March 31, the U.S. District Court for the Eastern District of New York issued a court order allowing the coalition to seize the domain names and take down the IP addresses of servers hosting cracked versions of Cobalt Strike.

The Medusa ransomware gang has claimed a cyberattack on the Open University of Cyprus, which caused severe disruptions of the organization's operations. OUC is an online university based in Nicosia, Cyprus, that provides remote learning.

An unbranded ransomware strain that recently hit a US-based company is being deployed by attackers who are misusing a tool included in a commercial security product, Check Point researchers have found. The solution in question is Palo Alto Networks' Cortex XDR, whose Dump Service Tool the attackers appropriated and are now misusing to side-load the DLL that decrypts and injects the Rorschach ransomware.

Register Kettle Lately, we've learned of Russia's stockpile of cyber-weapons, and we're genuinely wondering if anyone's surprised by these revelations. Those documents included evidence of Western snoops overstepping legal boundaries.

Taiwanese PC parts maker MSI has been listed on the extortion portal of a new ransomware gang known as "Money Message," which claims to have stolen source code from the company's network.MSI is a global hardware giant that makes motherboards, graphics cards, desktops, laptops, servers, industrial systems, PC peripherals, and infotainment products, with an annual revenue that surpasses $6.5 billion.

According to Etay Maor, Senior Director Security Strategy at Cato Networks, "It's interesting to note critical infrastructure doesn't necessarily have to be power plants or electricity. A nation's monetary system or even a global monetary system can be and should be considered a critical infrastructure as well." Not to mention the infamous Colonial Pipeline attack, which has become the poster child of critical infrastructure attacks.