Security News

Security researchers are compiling an easy-to-follow list of vulnerabilities ransomware gangs and their affiliates are using as initial access to breach victims' networks. While these bugs have been or still are exploited by one ransomware group or another in past and ongoing attacks, the list has also been expanded to include actively exploited flaws, as security researcher Pancak3 explained.

The recent targeted attacks exploiting the zero-day remote code execution vulnerability in Windows via booby-trapped Office documents have been delivering custom Cobalt Strike payloads, Microsoft and Microsoft-owned RiskIQ have shared. The researchers also found connections between the attackers' exploit delivery infrastructure and an infrastructure previously used by attackers to deliver human-operated ransomware, the Trickbot trojan and the BazaLoader backdoor/downloader.

Researchers with threat intelligence company KELA have recently analyzed 48 active threads on underground marketplaces made by threat actors looking to buy access to organizations' systems, assets and networks, and have found that at least 40% of the postings were by active participants in the ransomware-as-a-service supply chain.Unsurprisingly, companies in developed countries such the US, Canada, Australia and European countries are preferred targets, while organizations based in countries that are members of the Commonwealth of Independent States are generally avoided - most likely because the threat actors are based in some of those countries and wish to avoid local law enforcement focusing on them.

A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably. Called "Verification of Interaction Authenticity", the recurring authentication scheme aims to solve the problem of passive, continuous authentication and automatic deauthentication once two devices are paired with one another, which remain authenticated until an explicit deauthentication action is taken, or the authenticated session expires.

A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed "Sardonic" by Romanian cybersecurity technology company Bitdefender, which it encountered during a forensic investigation in the wake of an unsuccessful attack carried out by FIN8 aimed at an unnamed financial institution located in the U.S. Said to be under active development, "Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components," Bitdefender researchers Eduard Budaca and Victor Vrabie said in a report shared with The Hacker News.

A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed "Sardonic" by Romanian cybersecurity technology company Bitdefender, which it encountered during a forensic investigation in the wake of an unsuccessful attack carried out by FIN8 aimed at an unnamed financial institution located in the U.S. Said to be under active development, "Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components," Bitdefender researchers Eduard Budaca and Victor Vrabie said in a report shared with The Hacker News.

Cybersecurity researchers on Tuesday took the wraps off four up-and-coming ransomware groups that could pose a serious threat to enterprises and critical infrastructure, as the ripple effect of a recent spurt in ransomware incidents show that attackers are growing more sophisticated and more profitable in extracting payouts from victims. "While the ransomware crisis appears poised to get worse before it gets better, the cast of cybercrime groups that cause the most damage is constantly changing," Palo Alto Networks' Unit 42 threat intelligence team said in a report shared with The Hacker News.

Cybersecurity researchers on Tuesday took the wraps off four up-and-coming ransomware groups that could pose a serious threat to enterprises and critical infrastructure, as the ripple effect of a recent spurt in ransomware incidents show that attackers are growing more sophisticated and more profitable in extracting payouts from victims. "While the ransomware crisis appears poised to get worse before it gets better, the cast of cybercrime groups that cause the most damage is constantly changing," Palo Alto Networks' Unit 42 threat intelligence team said in a report shared with The Hacker News.

Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate. In early July, Fortinet revealed specifics of an unsuccessful ransomware attack involving Diavol payload targeting one of its customers, highlighting the payload's source code overlaps with that of Conti and its technique of reusing some language from Egregor ransomware in its ransom note.

ShinyHunters, a notorious cybercriminal underground group that's been on a data breach spree since last year, has been observed searching companies' GitHub repository source code for vulnerabilities that can be abused to stage larger scale attacks, an analysis of the hackers' modus operandi has revealed. "As Pokémon players hunt and collect"shiny" characters in the game, ShinyHunters collects and resells user data.