Security News > 2023 > June

Following claims by ransomware gang LockBit that it has stolen data belonging to TSMC, the chip-making giant has said it was in fact one of its equipment suppliers, Kinmax, that was compromised by the crew, and not TSMC itself. The crooks said TSMC has an August 6 deadline to cough up.

A case of mistaken identity and further MOVEit Transfer data breaches continue dominated the ransomware news cycle this week. A new report by VMware's Carbon Black team sheds light on the 8Base ransomware operation, illustrating how they use the Phobos ransomware in attacks.

Doryteuthis opalescens is known as the market squid, and was critical in the recent squid RNA research. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Hackers exploit a zero-day privilege escalation vulnerability in the 'Ultimate Member' WordPress plugin to compromise websites by bypassing security measures and registering rogue administrator accounts. Ultimate Member is a user profile and membership plugin that facilitates sign-ups and building communities on WordPress sites, and it currently has over 200,000 active installations.

New Jersey cops must apply for a wiretap order - not just a warrant - for near-continual snooping on suspects' Facebook accounts, according to a unanimous ruling by that US state's Supreme Court. "We also find that the nearly contemporaneous acquisition of electronic communications here is the functional equivalent of wiretap surveillance and is therefore entitled to greater constitutional protection."

BleepingComputer did not reach out to Twitter because the media contact email has been set up to auto-reply with a crappy emoji after Elon Musk acquired the company in October and took over as CEO. Back in April, Twitter disabled the search field for unregistered users and only showing several suggested tweets when going to the homepage. Twitter also capped its free API in early February, asking for at least $100 per month when requesting write or read access to large amounts of tweets.

Attackers behind an ongoing series of proxyjacking attacks are hacking into vulnerable SSH servers exposed online to monetize them through proxyware services that pay for sharing unused Internet bandwidth. Like cryptojacking, which allows attackers to use hacked systems to mine for cryptocurrency, proxyjacking is a low-effort and high-reward tactic of leeching compromised devices' resources.

Findings in network intelligence firm Gigamon's Hybrid Cloud Security Survey report suggest there's a disconnect between perception and reality when it comes to vulnerabilities in the hybrid cloud: 94% of CISOs and other cybersecurity leaders said their tools give them total visibility of their assets and hybrid cloud infrastructure, yet 90% admitted to having been breached in the past 18 months, and over half fear attacks coming from dark corners of their web enterprises. Key to understanding hybrid cloud security Must-read security coverage Google offers certificate in cybersecurity, no dorm room required The top 6 enterprise VPN solutions to use in 2023 EY survey: Tech leaders to invest in AI, 5G, cybersecurity, big data, metaverse Electronic data retention policy.

Cybersecurity firm Avast has released a free decryptor for the Akira ransomware that can help victims recover their data without paying the crooks any money. Akira on Windows encrypts files only partially for a speedier process, following a different encryption system depending on the file size.

Analysis of 700,000 real-world attacks shows how memory attacks evade protections and suggest mitigations. Threat actors are honing their focus on exploits that evade detection and remain unnoticed within systems, according to Aqua Security's 2023 Cloud Native Threat Report, which examined memory attacks in networks and software supply chains.