Security News

A threat actor has leaked the complete source code for the first version of the HelloKitty ransomware on a Russian-speaking hacking forum, claiming to be developing a new, more powerful encryptor. A threat actor named Gookee has been previously associated with malware and hacking activity, attempting to sell access to Sony Network Japan in 2020, linked to a Ransomware-as-a-Service operation called 'Gookee Ransomware,' and trying to sell malware source code on a hacker forum.

CDW, one of the largest resellers on the planet, will have its data leaked by LockBit after negotiations over the ransom fee broke down, a spokesperson for the cybercrime gang says. LockBit did not respond to questions relating to what its original ransom demand was or what CDW offered in the negotiations.

Abraham Lemma, 50, a Silver Springs, Maryland resident and a naturalized United States citizen who was born in Ethiopia, was detained on August 24 after allegedly sending classified US national defense information to an Ethiopian intelligence agent. Crucially, Lemma was an IT help desk technician assigned to the Bureau of Intelligence and Research with the US Department of State since at least 2021.

Credit reporting firm TransUnion has denied claims of a security breach after a threat actor known as USDoD leaked data allegedly stolen from the company's network. "At this time, we and our internal and external experts have found no indication that TransUnion systems have been breached or that data has been exfiltrated from our environment."

AI-powered coding platform Sourcegraph revealed that its website was breached this week using a site-admin access token accidentally leaked online on July 14th. An attacker used the leaked token on August 28th to create a new site-admin account and log into the admin dashboard of the company's website, Sourcegraph.com, two days later. After gaining access to the website's admin dashboard, the threat actor switched their rogue account's privileges multiple times to probe Sourcegraph's system.

VirusTotal has suffered a data leak that exposed the names and email addresses of 5,600 of its registered users. VirusTotal data leak exposed exploitable information.

The source code for the BlackLotus UEFI bootkit has leaked online, allowing greater insight into a malware that has caused great concern among the enterprise, governments, and the cybersecurity community. BlackLotus is a Windows-targeting UEFI bootkit that bypasses Secure Boot on fully patched Windows 11 installs, evades security software, persists on an infected system, and executes payloads with the highest level of privileges in the operating system.

KeePass has released version 2.54, fixing the CVE-2023-3278 vulnerability that allows the extraction of the cleartext master password from the application's memory.In May 2023, security researcher 'vdohney' disclosed a vulnerability and proof-of-concept exploit that allowed you to partially extract the cleartext KeepPass master password from a memory dump of the application.

A newly identified ransomware operation has refashioned leaked LockBit and Babuk payloads into Buhti ransomware, to launch attacks on both Windows and Linux systems. One notable aspect of the attackers leveraging the Buhti ransomware is their ability to quickly exploit newly disclosed vulnerabilities.

The threat actors behind the nascent Buhti ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems. The latest findings from Symantec show that Blacktail's modus operandi might be changing, what with the actor leveraging modified versions of the leaked LockBit 3.0 and Babuk ransomware source code to target Windows and Linux, respectively.