Security News

A new variant of a data wiping malware called AcidRain has been detected in the wild that's specifically designed for targeting Linux x86 devices. The malware, dubbed AcidPour, is compiled for...

The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure. Devices compromised and added to this botnet included Netgear ProSAFE, Cisco RV320s, and DrayTek Vigor routers, as well as Axis IP cameras, according to Lumen Technologies' Black Lotus Labs team, who first linked the malware to the Chinese threat group in December.

NCSC-FI has received 12 reports of Akira ransomware hitting Finnish organizations in 2023, and three of the attacks happened during Christmas vacations. "Of the ransomware malware cases reported to the Cybersecurity Center in December, six out of seven involved Akira family malware," they added.

The Finish National Cybersecurity Center is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups. Wiping the backups amplifies the damage of the attack and allows the threat actor to put more pressure on the victim as they eliminate the option of restoring the data without paying a ransom.

Miklos Daniel Brody, a cloud engineer, was sentenced to two years in prison and a restitution of $529,000 for wiping the code repositories of his former employer in retaliation for being fired by the company. First Republic Bank was a commercial bank in the U.S., employing over seven thousand people and having an annual revenue of $6.75 billion.

Threat actors are trying to exploit CVE-2023-22518, a critical Atlassian Confluence flaw that allows unauthenticated attackers to reset vulnerable instances' database, Greynoise is observing. "Instances accessible to the public internet, including those with user authentication, should be restricted from external network access until you can patch," Atlassian advised.

Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. Tracked as CVE-2023-22518, this is an improper authorization vulnerability with a 9.1/10 severity rating affecting all versions of Confluence Data Center and Confluence Server software.

Microsoft has linked a threat group it tracks as Cadet Blizzard since April 2023 to Russia's Main Directorate of the General Staff of the Armed Forces. The company previously connected this new GRU hacking group with the destructive WhisperGate data-wiping attacks in Ukraine that started on January 13, 2022, more than a month before the Russian invasion of Ukraine in February 2022.

The White House has ordered all federal government employees to delete TikTok from work devices, over fears the video-sharing app could be used to spy on Americans. TikTok has been downloaded by billions of people around the world, and is particularly popular among young people - but the US government believes that data could be shared with the Chinese government.

The Computer Emergency Response Team of Ukraine has linked a destructive malware attack targeting the country's National News Agency of Ukraine to Sandworm Russian military hackers. "According to preliminary data, provided by CERT-UA specialists, the attack have caused certain destructive effects on the agency's information infrastructure, but the threat has been swiftly localized nonetheless," the State Service of Special Communications and Information Protection of Ukraine said.