Security News

The Australian Cyber Security Centre warns of an increase of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021. "ACSC has observed an increase in reporting of LockBit 2.0 ransomware incidents in Australia," Australia's cybersecurity agency said in a security alert issued on Thursday.

A new domain name system attack method that involves registering a domain with a specific name can be leveraged for what researchers described as "Nation-state level spying." The attack method was identified by researchers at cloud infrastructure security company Wiz while conducting an analysis of Amazon Route 53, a cloud DNS web service offered to AWS users.

Koo, India's homegrown Twitter clone, recently patched a serious security vulnerability that could have been exploited to execute arbitrary JavaScript code against hundreds of thousands of its users, spreading the attack across the platform. The vulnerability involves a stored cross-site scripting flaw in Koo's web application that allows malicious scripts to be embedded directly into the affected web application.

Multiple unpatched security vulnerabilities have been disclosed in Mitsubishi safety programmable logic controllers that could be exploited by an adversary to acquire legitimate user names registered in the module via a brute-force attack, unauthorized login to the CPU module, and even cause a denial-of-service condition. The security weaknesses, disclosed by Nozomi Networks, concern the implementation of an authentication mechanism in the MELSEC communication protocol that's used to exchange data with the target devices that is used for communication with target devices by reading and writing data to the CPU module.

A threat actor presumed to be of Chinese origin has been linked to a series of 10 attacks targeting Mongolia, Russia, Belarus, Canada, and the U.S. from January to July 2021 that involve the deployment of a remote access trojan on infected systems, according to new research. The group is a "China-nexus cyber espionage actor focused on obtaining information that can provide the Chinese government and state-owned enterprises with political, economic, and military advantages," according to FireEye.

IronNet Cybersecurity announced expanded support for detecting and preventing cyber attacks in Microsoft Azure. As a Microsoft partner, IronNet and its Collective Defense platform provide support that enables its Microsoft customers to execute safe and seamless migrations to the cloud amidst the aggressive volume and increasing sophistication of cyber threats.

If you're a regular reader of Naked Security and Sophos News, you'll almost certainly be familiar with Cobalt Strike, a network attack tool that's popular with cybercriminals and malware creators. By implanting the Cobalt Strike "Beacon" program on a network they've infiltrated, ransomware crooks can not only surreptitiously monitor but also sneakily control the network remotely, without even needing to login first.

A disgruntled Conti affiliate has leaked the gang's training material when conducting attacks, including information about one of the ransomware's operators. The Conti Ransomware operation is run as a ransomware-as-a-service, where the core team manages the malware and Tor sites, while recruited affiliates perform network breaches and encrypt devices.

Security researchers investigating multiple malware distribution campaigns found that an underground traffic distribution service called Prometheus is responsible for delivering threats that often lead to ransomware attacks. Among the malware families that Prometheus TDS has dished out so far are BazarLoader, IcedID, QBot, SocGholish, Hancitor, and Buer Loader, all of them commonly used in intermediary attack stages to download more damaging payloads.

Security researchers investigating multiple malware distribution campaigns found that an underground traffic distribution service called Prometheus is responsible for delivering threats that often lead to ransomware attacks. Among the malware families that Prometheus TDS has dished out so far are BazarLoader, IcedID, QBot, SocGholish, Hancitor, and Buer Loader, all of them commonly used in intermediary attack stages to download more damaging payloads.