Security News > 2024 > March

Infosec in brief The infamous LockBit ransomware gang has been busy in the ten days since an international law enforcement operation took down many of its systems. LockBit quickly set up a new website and updated it with a list of forthcoming victim ransom deadlines - one of which included data allegedly stolen from Fulton County, Georgia.

Feature Two US intelligence bigwigs last week issued stark warnings about foreign threats to American election integrity and security - and the nation's ability to counter these adversaries. A few days earlier, US senator Mark Warner, who chairs the Senate's Intelligence Committee, told Trellix CEO Bryan Palma that the United States is less prepared to combat foreign intervention in the 2024 elections than was the case in 2020.

Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks. The GRX is a component of mobile telecommunications that facilitates data roaming services across different geographical areas and networks.

Starting next month, Microsoft nag screens pushing Windows 11 will also show up on non-managed enterprise devices running Windows 10 Pro and Pro Workstation. After receiving the prompts, the users can upgrade to Windows 11 23H2 or keep using Windows 10.

Overcoming the pressures of cybersecurity startup leadershipIn this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO's leadership philosophy, the process of building a high-caliber team, and the unique challenges of navigating a startup in the tech industry. How organizations can navigate identity security risks in 2024In this Help Net Security interview, Deepak Taneja, CEO of Zilla Security, discusses identity security risks and threats.

Content farm operates 60+ 'news' websites. BleepingComputer has identified a network of more than five dozen "News" websites that impersonate leading media outlets like the BBC, Bloomberg, CNBC, CNN, Crunchbase, Forbes, Huffington Post, The Guardian, The Metro, The Mirror, The Telegraph, Reuters, Washington Times, and Washington Post.

Content farm operates 60+ 'news' websites. BleepingComputer has identified a network of more than five dozen "News" websites that impersonate leading media outlets like the BBC, Bloomberg, CNBC, CNN, Crunchbase, Forbes, Huffington Post, The Guardian, The Metro, The Mirror, The Telegraph, Reuters, Washington Times, and Washington Post.

A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission employees, using specially crafted single sign-on pages for Okta that appear remarkably similar to the originals. The same campaign also targets users and employees of cryptocurrency platforms, such as Binance, Coinbase, Kraken, and Gemini, using phishing pages that impersonate Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL. The attackers orchestrate a complex phishing and social engineering attack consisting of email, SMS, and voice phishing to deceive victims into entering sensitive information on the phishing pages, such as their usernames, passwords, and, in some cases, even photo IDs.

Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day. Sys Windows AppLocker driver and reported to Microsoft last August as an actively exploited zero-day.

A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant's ongoing litigation against the Israeli spyware vendor....