Security News > 2023 > June

The latest high-profile cybercrime exploits attributed to the Clop ransomware crew aren't your traditional sort of ransomware attacks. Conventional ransomware attacks are where your files get scrambled, your business gets totally derailed, and a message appears telling you that a decryption key for your data is available.

The Akira ransomware operation uses a Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide. BleepingComputer's analysis of the Linux encryptor shows it has a project name of 'Esxi Build Esxi6,' indicating the threat actors designed it specifically to target VMware ESXi servers.

Microsoft has addressed a known issue causing File Explorer on Windows 11 and Windows Server systems after viewing a file's effective access permissions. The known issue impacts systems running the latest Windows releases, including Windows 11 21H2/22H2 and Windows Server 2022.

The IT audit director develops and schedules internal audits to measure and document whether those IT controls were followed as prescribed. This hiring kit from TechRepublic Premium can give your enterprise a head start on finding your ideal candidate for the IT audit director role.

The Brave team has announced that the privacy-centric browser will soon introduce new restriction controls allowing users to specify how long sites can access local network resources. "Surprising though it may be, most browsers allow websites to access these local resources just as easily as they can access other resources on the web," explains Brave.

Drones that don't have any known security weaknesses could be the target of electromagnetic fault injection attacks, potentially enabling a threat actor to achieve arbitrary code execution and compromise their functionality and safety. Side-channel attacks typically work by indirectly gathering information about a target system by exploiting unintended information leakages arising from variations in power consumption, electromagnetic emanations, and the time it takes to perform different mathematical operations.

Manifest confusion occurs there is an inconsistency between a package's manifest information presented on the npm registry and the actual 'package. Json' file in the tarball of the published npm package used when the package is installed.

Attackers use various tactics to access sensitive information, such as email account compromise and using a legitimate email address to initiate the attack. In a more insidious attack, an attacker may compromise an existing employee's email account from the inside.

Cybersecurity researchers have exposed the workings of a scam ring called CryptosLabs that's estimated to have made €480 million in illegal profits by targeting users in French-speaking individuals in France, Belgium, and Luxembourg since April 2018. The syndicate's massive fake investment schemes primarily involve impersonating 40 well-known banks, fin-techs, asset management firms, and crypto platforms, setting up a scam infrastructure spanning over 350 domains hosted on more than 80 servers, Group-IB said in a deep-dive report.

Lockbit 3.0 is currently the most active ransomware group, NCC Group says in its most recent Threat Pulse report, but new ransomware groups like 8Base and Akira are rising in prominence. Collectively, the various ransomware groups revealed 436 victim organizations in May 2023 - 24% more than in April 2023, and 56% more that in May 2022.