Security News

NCR is suffering an outage on its Aloha point of sale platform after being hit by an ransomware attack claimed by the BlackCat/ALPHV gang. After days of silence, NCR has disclosed today that the outage was caused by a ransomware attack on data centers used to power their Aloha POS platform.

Security researchers are warning that cybercriminals are increasingly using the Action1 remote access software for persistence on compromised networks and to execute commands, scripts, and binaries. Kostas, a member of the volunteer analyst group The DFIR Report, noticed the Action1 RMM platform being abused by multiple threat actors for reconnaissance activity and to execute code with system privileges on network hosts.

The Vice Society ransomware gang is deploying a new, rather sophisticated PowerShell script to automate data theft from compromised networks. Stealing corporate and customer data is a standard tactic in ransomware attacks for use as further leverage when extorting victims or reselling the data to other cybercriminals for maximum profit.

The Russia-linked APT29 threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. Nobelium's operations have been attributed to Russia's Foreign Intelligence Service, an organization that's tasked with protecting "Individuals, society, and the state from foreign threats."

"The kernel failed to protect applications that attempted to protect against Spectre v2, leaving them open to attack from other processes running on the same physical core in another hyperthread," the vulnerability disclosure explains. Linux kernel 6.0 debuts, Linus Torvalds teases 'core new things' coming in version 6.1 Older AMD, Intel chips vulnerable to data-leaking 'Retbleed' Spectre variant Apple gets lawsuit over Meltdown and Spectre dismissed Boffins release tool to decrypt Intel microcode.

Microsoft is warning of a phishing campaign targeting accounting firms and tax preparers with remote access malware allowing initial access to corporate networks. With the USA reaching the end of its annual tax season, accountants are scrambling to gather clients' tax documents to complete and file their tax returns.

Poland's Military Counterintelligence Service and its Computer Emergency Response Team have linked APT29 state-sponsored hackers, part of the Russian government's Foreign Intelligence Service, to widespread attacks targeting NATO and European Union countries. The attackers have targeted diplomatic personnel using spear phishing emails impersonating European countries' embassies with links to malicious websites or attachments designed to deploy malware via ISO, IMG, and ZIP files.

"Mobile device malware is one of the biggest threats to people's privacy and security today because it can take advantage of your phone without your permission and use your WhatsApp to send unwanted messages," the Meta-owned company said in an announcement. Called Device Verification, the security measure is designed to help prevent account takeover attacks by blocking the threat actor's connection and allowing the target to use the app without any interruption.

As TechRepublic has reported previously, business email compromise - or BEC - attacks are on the upswing, particularly as threat actors use such tactics as third-party reconnaissance to impersonate vendors. Email security firm Armorblox reported a rise in nearly all forms of email attack last year.

Hyper-volumetric DDoS attacks in the first quarter of 2023 have shifted from relying on compromised IoT devices to leveraging breached Virtual Private Servers. In general, Cloudflare reports steady DDoS activity in the first quarter of the year, with a notable 60% YoY increase in the ransom DDoS attacks, representing 16% of all recorded/reported DDoS attacks.