Security News

According to a report from radio station France Inter, numerous cybercriminals connected to the Egregor ransomware gang have recently been arrested. Since Tuesday [last week], police in the two countries have been working together in an effort to dismantle a cybercrime group suspected of initiating hundreds of ransomware attacks dating back to September 2020.[] Police arrested a number of hackers suspected of working with the Egregor cybercrime gang, providing hacking, logistical, and financial support.

UPDATE. The virulent malware known as Emotet - one of the most prolific malware strains globally - has been dealt a blow thanks to a takedown by an international law-enforcement consortium. "One of the things that makes Emotet so dangerous is that Emotet opens the door to other types of malware, as it were. Large criminal groups were given access to some of those systems for payment to install their own malware. Concrete examples of this are the financial malware Trickbot and the ransomware Ryuk.".

The Sophos Rapid Response team has just written up a recent case study of a network attack that involved the account of a sysadmin who had died three months before. The account of the late employee wasn't shut down because various internal services had been configured to use it, presumably because the deceased had been involved in setting up those services in the first place.

UPDATE. A non-password protected database exposed 323,000 court records for at least four months, according to researchers. The database exposed the names of various people involved in sensitive criminal, domestic-abuse or child-custody court cases, related to a county in Illinois.

The Singapore government has decided to use data gathered by its TraceTogether COVID-19-coronavirus contact-tracing app in criminal investigations. Minister of State for Home Affairs Desmond Tan replied by saying that Singapore's Criminal Procedure Code means its Police can obtain any data for criminal investigations, including data gathered by TraceTogether.

Phone scams, where a person or a computer calls you up and tries to trick you into saying, buying or doing something you later regret, are still a prevalent sort of cybercrime. What we have noticed is that most of the scam calls we're getting these days are automated, and that the calls themselves - just like phishing emails that are trying to cajole you into taking the next step by yourself - are merely calls-to-action, not full-on sales pitches in their own right.

DMARC enforces the use of a combination ofSPF andDKIM email authentication technologies to ensure only real emails are delivered to the end receivers. Without DMARC, all emails sent from the email domain of your business reaches the receiver's inbox without any security check or validation.

A hacker began selling access to hundreds of stolen executive email accounts last Friday, ZDNet reported. Javvad Malik, security awareness advocate at cybersecurity company KnowBe4, called email account access the "Crown jewels" for anyone looking to damage an organization, and the accounts of C-level executives were even more integral to an enterprise.

That group is the hacker and cyber attacker fraternity, which has spotted that the sudden switch to remote working arrangements has delivered them a much wider attack surface to target, while security pros are stretched thinner than ever. By thinking like them before you start to fight back, which is what we'll be showing you how to do in our webcast How I'd Attack You, on November 18 at 0900 PT. The Register's own one-man attack surface Tim Phillips will be joined by Dan Fein and Mariana Pereira of cyber defence specialists Darktrace.

The anatomy of an endpoint attackA lot has changed across the cybersecurity threat landscape in the last decade, but one thing has remained the same: the endpoint is under siege. Cybercriminals are using legitimate Office 365 services to launch attacksVectra released its report on Microsoft Office 365, which highlights the use of Office 365 in enterprise cyberattacks.