Security News

Security in brief The fallout from an eight-month-old cyber attack on a county in Long Island, New York has devolved into mud-slinging as leaders try to figure out just what is going on. Suffolk County was hit with a ransomware attack in early September 2022, which led county executive Steve Bellone to issue nine separate emergency declarations, Long Island publication Newsday said - the most recent of which was enacted earlier this month.

A team of researchers at Georgia Tech, the University of Michigan, and Ruhr University Bochum have developed a novel attack called "Hot Pixels," which can retrieve pixels from the content displayed in the target's browser and infer the navigation history. Next, the team experimented with data-dependent leakage channels on discreet and integrated GPUs, including Apple's M1 and M2, AMD Radeon RX 6600, Nvidia GeForce RTX 3060, and Intel Iris Xe. The researchers performed a detailed investigation and characterization of how different processing behaviors could impact observable factors like power consumption, temperature, and frequency and used this data as a foundation to evaluate the "Hot Pixels" attack.

Ransomware gangs continue to hammer local governments in attacks, taking down IT systems and disrupting city's online services. Today, the BlackByte ransomware operation claimed responsibility for the attack on Augusta, leaking data that they claim was stolen during the attack.

Swiss tech multinational and U.S. government contractor ABB has confirmed that some of its systems were impacted by a ransomware attack, previously described by the company as "An IT security incident.""ABB has determined that an unauthorized third-party accessed certain ABB systems, deployed a type of ransomware that is not self-propagating, and exfiltrated certain data," the company said in a press release.

Emby says it remotely shut down an undisclosed number of user-hosted media server instances that were recently hacked by exploiting a previously known vulnerability and an insecure admin account configuration. To trick the servers into granting them access and gain admin servers to the vulnerable servers even though they were attempting to log in from outside the LAN, the threat actors exploited a flaw described by Emby as a "Proxy header vulnerability," known since at least February 2020 and recently patched in the beta channel.

Perception Point's team has identified a 356% increase in the number of advanced phishing attacks attempted by threat actors in 2022. Overall, the total number of attacks increased by 87%, highlighting the growing threat that cyber attacks now pose to organizations.

Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways. RPMSG files are encrypted email message attachments created using Microsoft's Rights Management Services and offer an extra layer of protection to sensitive info by restricting access to authorized recipients.

A new botnet called Dark Frost has been observed launching distributed denial-of-service attacks against the gaming industry. "The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices," Akamai security researcher Allen West said in a new technical analysis shared with The Hacker News.

An unnamed government entity associated with the United Arab Emirates was targeted by a likely Iranian threat actor to breach the victim's Microsoft Exchange Server with a "Simple yet effective" backdoor dubbed PowerExchange. The custom implant achieves this by making use of the Exchange Web Services API to connect to the victim's Exchange Server and uses a mailbox on the server to send and receive encoded commands from its operator.

Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, since at least mid-2021. "Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," the Microsoft Threat Intelligence team said.