Security News

An emerging ransomware-as-a-service operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said.

Researchers at Avast have provided decryptors to DoNex ransomware victims on the down-low since March after discovering a flaw in the crims' cryptography, the company confirmed today. Avast offered a brief explanation about how DoNex encrypts victims' data, but annoyingly didn't actually offer any insight into the flaw in its schema.

Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike. Only 5% of CISOs report directly to the CEO, indicating a potential lack of high-level influence, and 2⁄3 's of CISOs are two levels down from the CEO in the reporting structure.

A cryptographic weakness in the DoNex ransomware and its previous incarnations - Muse, fake LockBit 3.0, and DarkRace - has allowed Avast researchers to create a decryptor for files encrypted by all those ransomware variants. "In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024," the company's Threat Research Team has shared on Monday.

Financial institutions in Latin America are being threatened by a banking trojan called Mekotio. Mekotio, known to be actively put to use since 2015, is known to target Latin American countries like Brazil, Chile, Mexico, Spain, Peru, and Portugal with an aim to steal banking credentials.

The trouble is that while we think of the world as a digital one, digital identity is a problem yet to be solved. As a blueprint for the national digital identity schemes, eIDAS 2.0 introduces the concept of the EU digital identity wallet.

Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that could enable an authenticated attacker to breach susceptible instances, steal or wipe source code, and even plant backdoors. Successful exploitation of the first three shortcomings could permit an attacker to execute arbitrary commands on the Gogs server, while the fourth flaw allows attackers to read arbitrary files such as source code, and configuration secrets.

Apple removed a number of virtual private network apps in Russia from its App Store on July 4, 2024, following a request by Russia's state communications watchdog Roskomnadzor, Russian news media reported. This includes the mobile apps of 25 VPN service providers, including ProtonVPN, Red Shield VPN, NordVPN and Le VPN, according to MediaZona.

The use of selfies to verify identity online is an emerging trend in some parts of the world since the pandemic forced more business to go digital. Local media has weighed in to suggest that selfies will not improve security.

Microsoft temporarily pulled and then re-released the Windows 11 preview update KB5039302, originally released on June 25th. The original preview was causing reboots on systems using virtualization, such as Azure Virtual Desktop and VMware. Per the announcement, all Kaspersky products must be removed by September 29th. Just as a reminder, last month Microsoft released the final updates for Windows 10 21H2 Education and Enterprise editions.