Security News

An analysis of leaked chats from the notorious Conti ransomware group earlier this year has revealed that the syndicate has been working on a set of firmware attack techniques that could offer a path to accessing privileged code on compromised devices. "Control over firmware gives attackers virtually unmatched powers both to directly cause damage and to enable other long-term strategic goals," firmware and hardware security firm Eclypsium said in a report shared with The Hacker News.

Several U.S. federal agencies warned organizations today against paying ransom demands made by the Karakurt gang since that will not prevent their stolen data from being sold to others. Karakurt, the data extortion arm of the Conti ransomware gang and cybercrime syndicate, is focused on stealing data from companies since at least June 2021 and forcing them into paying ransoms under the threat of publishing the information online.

The Versus Market, one of the most popular English-speaking criminal darknet markets, is shutting down after discovering a severe exploit that could have allowed access to its database and exposed the IP address of its servers. Apparently, after finding these vulnerabilities, the operators of Versus have decided to pull the plug themselves, finding it too risky to continue.

The infamous ransomware group known as Conti has continued its onslaught against entities despite suffering a massive data leak of its own earlier this year, according to new research. One of the most prolific ransomware groups of the last year along the likes of LockBit 2.0, PYSA, and Hive, Conti has locked the networks of hospitals, businesses, and government agencies, while receiving a ransom payment in exchange for sharing the decryption key as part of its name-and-shame scheme.

Code shack GitHub is aiming to help users avoid inadvertent leaks of confidential objects like access tokens by scanning repository content for such secrets before a git push is executed. The secret scanning capability is already a feature of GitHub Advanced Security, which is enabled for all public repositories on GitHub.com and an option for GitHub Enterprise users.

The LAPSUS$ data extortion gang announced their return on Telegram after a week-long "Vacation," leaking what they claim is data from software services company Globant. "We are officially back from a vacation," the group wrote on their Telegram channel - which has nearly around 54,000 members as of writing - posting images of extracted data and credentials belonging to the company's DevOps infrastructure.

IT and software consultancy firm Globant has confirmed that they were breached by the Lapsus$ data extortion group, where data consisting of administrator credentials and source code was leaked by the threat actors. As part of the leak, the hacking group released a 70GB archive of data stolen from Globant, describing it as "Some customers source code."

Ransomware payments hit new records in 2021 as cybercriminals increasingly turned to dark web leak sites where they pressured victims to pay up by threatening to release sensitive data, according to a research released from Unit 42 by Palo Alto Networks. The Conti ransomware group was responsible for the most activity, accounting for more than 1 in 5 of cases worked by Unit 42 consultants in 2021.

The UK Ministry of Defence has suspended online application and support services for the British Army's Capita-run Defence Recruitment System and confirmed to us that digital intruders compromised some data held on would-be soldiers. The extent and method of the attack remains under investigation by the MoD and Capita.

Monday night, the hacking group posted a torrent for a 9 GB 7zip archive containing the source code of over 250 projects that they say belong to Microsoft. When posting the torrent, Lapsus$ said it contained 90% of the source code for Bing and approximately 45% of the code for Bing Maps and Cortana.