Security News > 2023 > August

An Interpol-led operation arrested 14 suspects and identified 20,674 "Suspicious" networks spanning 25 African countries that international cops have linked to more than $40 million in cybercrime losses. Police in Nigeria arrested a suspect who allegedly defrauded a victim in Gambia, and police in Mauritius arrested two suspected money mules linked to messaging platform scams.

Phishing is so last year: Akamai's report finds that zero-day and one-day vulnerabilities caused a 143% increase in total ransomware victims. Akamai's ransomware report released at Black Hat 2023 revealed that exploitation of zero-day and one-day vulnerabilities has led to a 143% increase in total ransomware victims with data exfiltration of files at the end of the kill chain, now the primary source of extortion.

The China-aligned APT group known as 'Bronze Starlight' was seen targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the Ivacy VPN provider. According to SentinelLabs, which analyzed the campaign, the certificate belongs to PMG PTE LTD, a Singaporean vendor of the VPN product 'Ivacy VPN.'.

Serde, a popular Rustserialization project, has decided to ship its serde derive macro as a precompiled binary. According to the Rust package registry, crates.io, serde has been downloaded over 196 million times over its lifetime, whereas the serde derive macro has scored more than 171 million downloads, attesting to the project's widespread circulation.

Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that's engineered to conduct tech support scams. The sophisticated traffic redirection scheme was first documented by Malwarebytes in January 2020, leveraging JavaScript embedded in compromised websites to perform anti-bot and web traffic filtering checks to serve next-stage JavaScript that redirects users to a browser locker.

Networking hardware company Juniper Networks has released an "Out-of-cycle" security update to address multiple flaws in the J-Web component of Junos OS that could be combined to achieve remote code execution on susceptible installations. They affect all versions of Junos OS on SRX and EX Series.

Threat actors are using Android Package files with unknown or unsupported compression methods to elude malware analysis. "In order to do that, the APK, is using an unsupported decompression method."

Another version of BlackCat ransomware has been spotted extorting victims. The BlackCat malware works on Windows and Linux, and is rented out to criminals, who break into targets and run the data-stealing malware, making it a ransomware-as-a-service operation.

While there was quite a bit of ransomware news this week, the highlighted story was the release of Jon DiMaggio's third article in the Ransomware Diaries series, with the focus of this article on...

It is part of Squid Brand's range of "Personalized healthy fish sauces" that cater to different consumer groups, which include the Mild Fish Sauce for Kids and Mild Fish Sauce for Silver Ages. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.