Security News

A pro-China influence campaign singled out rare earth mining companies in Australia, Canada, and the U.S. with negative messaging in an unsuccessful attempt to manipulate public discourse to China's benefit. Targeted firms included Australia's Lynas Rare Earths Ltd, Canada's Appia Rare Earths & Uranium Corp, and the American company USA Rare Earth, threat intelligence firm Mandiant said in a report last week, calling the digital campaign Dragonbridge.

The latest variant of the Sysrv botnet malware is menacing Windows and Linux systems with an expanded list of vulnerabilities to exploit, according to Microsoft. The strain, which Microsoft's Security Intelligence team calls Sysrv-K, scans the internet for web servers that have security holes, such as path traversal, remote file disclosure, and arbitrary file download bugs, that can be exploited to infect the machines.

The U.S. Department of the Treasury has announced a new package of sanctions targeting parties that facilitate evasion of previous measures imposed on Russia. Among the sanction-bypassing mechanisms identified and blocked, the announcement names corporate entities engaging in large-scale cryptocurrency mining in Russia.

Despite being less active, which may suggest that the ransomware business is closer to moonlighting, OldGremlin has demanded ransoms as high as $3 million from one of its victims. Security researchers at Singapore-based cybersecurity company Group-IB say that this time OldGremlin impersonated a senior accountant at a Russian financial organization warning that the recent sanctions imposed on Russia would suspend the operations of the Visa and Mastercard payment processing systems.

Cado Security says it has discovered a strain of malware specifically designed to run in AWS Lambda serverless environments and mine cryptocurrency. While the security firm has only seen the malware running in AWS Lambda, it can be made to run in other Linux-flavored environments, Cado Security CTO and co-founder Chris Doman told The Register this week.

"Just a few hours of compromise could result in profits for the perpetrators. That's why we're seeing a continuous fight for cloud CPU resources. It's akin to a real-life capture-the-flag, with the victim's cloud infrastructure the battleground," said Stephen Hilt, Senior Threat Researcher at Trend Micro. Threat actors are increasingly scanning for and exploiting these exposed instances, as well as brute-forcing SecureShell credentials, in order to compromise cloud assets for cryptocurrency mining, the report reveals.

Security researchers are warning of a relatively new malware loader, that they track as Verblecon, which is sufficiently complex and powerful for rannsomware and erespionage attacks, although it is currently used for low-reward attacks. Researchers from Symantec, a division of Broadcom Software, discovered Verblecon in January last year and observed it being used in attacks that installed cryptocurrency miners on compromised machines.

The Lapsus$ data extortion group has released what they claim to be data stolen from the Nvidia GPU designer. The first round of messages from Lapsus$ included a leak of what the actor said were hashed passwords of all Nvidia employees and a claim that the company hacked back to encrypt their virtual machine with the data.

ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie. As perhaps the most talked-about movie for some time, Spiderman: No Way Home represents an excellent opportunity for hackers.

Network-attached storage appliance maker QNAP on Tuesday released a new advisory warning of a cryptocurrency mining malware targeting its devices, urging customers to take preventive steps with immediate effect. "A bitcoin miner has been reported to target QNAP NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named '[oom reaper]' could occupy around 50% of the total CPU usage," the Taiwanese company said in an alert.