Security News

Organizations are in danger of allowing the spectre of ransomware attacks to distract them from keeping up with general security measures, according to SE Labs. The company says that businesses that challenge their own security environments, and make adjustments where necessary, will be better protected against regular attacks.

T-Mobile confirmed that recent reports of a new data breach are linked to notifications sent to a "Very small number of customers" who fell victim to SIM swap attacks. SIM swapping makes it possible for attackers to take control of a target's mobile phone number by tricking or bribing the carrier's employees to reassign the numbers to attacker-controlled SIM cards.

The attack technique is script-based and dubbed "Autom", because it exploits the file "Autom.sh". Attackers have consistently abused the API misconfiguration during the campaign's active period, however the evasion tactics have varied - allowing adversaries to fly under the radar, wrote Aquasec's research arm Team Nautilus in a report published Wednesday.

Users of QNAP network-attached storage devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt. BleepingComputer forum users managing QNAP and Synology NAS systems have been regularly reporting eCh0raix ransomware attacks but more of them started to disclose incidents around December 20.

Photography and personalized photo giant Shutterfly has suffered a Conti ransomware attack that allegedly encrypted thousands of devices and stole corporate data. On Friday, a source told BleepingComputer that Shutterfly suffered a ransomware attack approximately two weeks ago by the Conti gang, who claims to have encrypted over 4,000 devices and 120 VMware ESXi servers.

Web app attacks against UK businesses have increased by 251% since October 2019, putting both organizations and consumers at risk, an Imperva reserach reveals. In a study of nearly 4.7 million web application-related cyber security incidents, Imperva Research Labs finds that attacks are increasing, on average, by 22% each quarter.

Less than a week before the Christmas holiday, French IT services company Inetum Group was hit by a ransomware attack that had a limited impact on the business and its customers. Inetum is active in more than 26 countries, providing digital services to companies in various sectors: aerospace and defense, banking, automotive, energy and utilities, healthcare, insurance, retail, public sector, transportation, telecom and media.

A research from Arkose Labs has revealed that there were over two billion credential stuffing attacks during the last 12 months, growing exponentially during the period from October 2020 to September 2021. According to the research analysts, last year credential stuffing rose 56% during the Christmas and New Year shopping period, with predictions that this same period in 2021 will see up to eight million attacks on consumers every day.

Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful tool in threat actors' arsenal. The spotlight in November was stolen by the PYSA ransomware group, which had an explosive rise in infections, recording an increase of 50%. Other dominant ransomware groups are Lockbit and Conti, which launched attacks against critical entities, albeit fewer than in previous months.

Another Zoho ManageEngine zero-day vulnerability is under active attack from an APT group, this time looking to override legitimate functions of servers running ManageEngine Desktop Central and elevate privileges - with an ultimate goal of dropping malware onto organizations' networks, the FBI has warned. There is also evidence to support that it's being used in an attack chain with two other Zoho bugs that researchers have observed under attack since September, according to the alert.