Security News

Ransomware attacks are increasing again as cybercriminals' motivation shifts to data exfiltration, according to Delinea. The familiar tactics of crippling a company and holding it hostage have been replaced by new strategies that use stealth to exfiltrate private and sensitive data.

"Catering for different use cases, adding flexibility and achieving cost savings are the driving factors behind the escalating pace of change toward a multi-platform database landscape," said David Gummer, Redgate CPO. "However, the sheer volume of platform choices, with respondents citing usage of 16 different database types, highlights why it's critical that IT teams are upskilled and have the right tools in place. It's clear that organizations are currently scrambling to keep up with increased complexity, the pressures of compliance and emerging technologies like AI and the cloud, and are seeking solutions to narrow the skills gap," added Gummer. Skill diversification is also cited as a top need by 31% when dealing with data management processes across multiple database types.

Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation vulnerability in the GNU C Library. The bug is due to a heap-based buffer overflow weakness accidentally introduced in glibc 2.37 in August 2022 and later backported to glibc 2.36 when addressing a less severe vulnerability tracked as CVE-2022-39046.

CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption. The online version has a file size limit of 10MB, so if you're looking to decrypt larger files or virtual machines, the GitHub version is the only way to go.

The U.S. Department of Justice arrested and charged two more suspects for their involvement in the hacking of almost 68,000 DraftKings accounts in a November 2022 credential stuffing attack. One month later, DraftKings said it had refunded hundreds of thousands of dollars stolen from 67,995 customers whose accounts were hijacked in the incident.

GCHQ has released new images of the WWII Colossus code-breaking computer, celebrating the machine’s eightieth anniversary (birthday?). News article.

Julius Aleksanteri Kivimäki, the suspect believed to be behind an attack against one of Finland's largest psychotherapy clinics, Vastaamo, was allegedly identified by tracing what has been believed to be untraceable Monero transactions. Finnish investigators from the National Bureau of Investigation, with the help of Binance, followed the trail of payments to Kivimäki, who exchanged the funds for Monero and then exchanged them back to Bitcoin.

A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public. On September 29, 2023, researchers at RedHunt Labs discovered a GitHub token in a public repository belonging to a Mercedez employee that gave access to the company's internal GitHub Enterprise Server.

The US Justice Department and FBI may have scored a win over Chinese state-sponsored snoops trying to break into American critical infrastructure. Law enforcement obtained a court order granting them permission to "Remotely disable aspects of the Chinese hacking campaign."

New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems. The attackers used what looks like a compromised Teams user to send over 1,000 malicious Teams group chat invites, according to AT&T Cybersecurity research.