Nastiest Malware 2023
News, Announcements, Tech Discussions
November 27, 2023 By Graham CLULEY Multi-player online role-playing videogame "Ethyrial: Echoes of Yore" has suffered a ransomware attack which saw the deletion of every player's account and the loss of all characters.On Thursday last week, the game's official Discord channel announced that its servers had fallen victim to a ransomware attack that had encrypted data on its systems and local backup, and demanded a cryptocurrency ransom be paid for a decryption key. >> Full Article <<
Gaza Cybergang is using a version of the malware rewritten in the Rust programming language. November 27, 2023 By Elizabeth Montalbano Attackers linked to the Palestinian militant group Hamas are using a revamped version of the SysJoker multi-platform backdoor to attack targets in Israel as the current conflict between the two continues despite a current pause in the fighting.An advanced persistent threat (APT) group, believed to be Gaza Cybergang (aka Molerats), is attacking Israel targets with a Rust-based version of SysJoker, an unattributed, multi-platform backdoor first discovered by Intezer in 2021, researchers from Check Point revealed in a blog post late last week.The latest variant maintains similar functionalities to the original malware, but has been completely rewritten from its original language C++ to the Rust programming language, signaling a significant evolution in the malware, the researchers noted. The APT also uses OneDrive instead of Google Drive, used in previo
November 27, 2023 By Sergiu Gatlan Ardent Health Services, a healthcare provider operating 30 hospitals across six U.S. states, disclosed today that its systems were hit by a ransomware attack on Thursday.After the incident, it had to take its entire network offline, notify law enforcement, and hire external experts to investigate the attack's extent and impact."Ardent Health Services and its affiliated entities ("Ardent") became aware of an information technology cybersecurity incident on the morning of November 23, 2023, which has since been determined to be a ransomware attack," the organization said on Monday."As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs." >> Full Article <<
Release DateNovember 26, 2023Related topics:Organizations and Cyber Safety, Cybersecurity Best Practices Today, in a landmark collaboration, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (NCSC) are proud to announce the release of the Guidelines for Secure AI System Development. Co-sealed by 23 domestic and international cybersecurity organizations, this publication marks a significant step in addressing the intersection of artificial intelligence (AI), cybersecurity, and critical infrastructure.The Guidelines, complementing the U.S. Voluntary Commitments on Ensuring Safe, Secure, and Trustworthy AI, provide essential recommendations for AI system development and emphasize the importance of adhering to Secure by Design principles. The approach prioritizes ownership of security outcomes for customers, embraces radical transparency and accountability, and establishes organizational structures where secure design is a top priori
November 25, 2023 By Anton Shilov The full extent of the security breach is unknown. (Image credit: Nvidia) Chimera, a Chinese-linked hacker group, has infiltrated the network of the Dutch semiconductor giant NXP access for over two years from late 2017 to the beginning of 2020, reports NRC. During this period, they reportedly stole intellectual property, including chip designs—the full extent of the theft is yet to be disclosed.The breach remained undetected until a similar attack occurred on the Dutch airline Transavia, a subsidiary of KLM. Hackers accessed Transavia's reservation systems in September 2019, which led to the discovery of the NXP hack. The hackers initially used credentials from previous data leaks on platforms like LinkedIn or Facebook and then used brute force attacks to guess passwords. They also bypassed double authentication measures by altering phone numbers. >> Full Article <<
Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday November 24th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S. In a few minutes Terry Cutler of Montreal’s Cyology Labs will be here to discuss recent news. But first a look at some of the headlines from the past seven days:Huge hacks of third-party service suppliers again embarrassed companies. The government of Canada said almost 24 years of personal data held by two companies that help the military, the RCMP and federal employees move from job to job was recently stolen. One company oversees more than 20,000 relocations a year. Multiply that by 24 and its potentially 480,000 people.UPDATE: Canada’s privacy commissioner says his office is investigating this incident.Meanwhile in the U.S. a company that transcribes audio files from doctors said information on close to 9 million patients was stolen in a hack in March. Terr
Nov 24, 2023 Newsroom Threat Analysis / Dark WebMore details have emerged about a malicious Telegram bot called Telekopye that's used by threat actors to pull off large-scale phishing scams."Telekopye can craft phishing websites, emails, SMS messages, and more," ESET security researcher Radek Jizba said in a new analysis.The threat actors behind the operation – codenamed Neanderthals – are known to run the criminal enterprise as a legitimate company, spawning a hierarchical structure that encompasses different members who take on various roles.Once aspiring Neanderthals are recruited via advertisements on underground forums, they are invited to join designated Telegram channels that are used for communicating with other Neanderthals and keep track of transaction logs.The ultimate goal of the operation is to pull off one of the three types of scams: seller, buyer, or refund.In the case of the former, Neanderthals pose as sellers and try to lure unwary Mammoths into purchasing a non-exis
Nov 24, 2023 The Hacker News Developer Tools / API SecurityThe title of this article probably sounds like the caption to a meme. Instead, this is an actual problem GitGuardian's engineers had to solve in implementing the mechanisms for their new HasMySecretLeaked service. They wanted to help developers find out if their secrets (passwords, API keys, private keys, cryptographic certificates, etc.) had found their way into public GitHub repositories. How could they comb a vast library of secrets found in publicly available GitHub repositories and their histories and compare them to your secrets without you having to expose sensitive information? This article will tell you how.First, if we were to set a bit's mass as equal to that of one electron, a ton of data would be around 121.9 quadrillion petabytes of data at standard Earth gravity or $39.2 billion billion billion US dollars in MacBook Pro storage upgrades (more than all the money in the world). So when this article claims GitGuardi
November 24, 2023 By Pieter Arntz In a joint cybersecurity advisory, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), along with other international agencies, warn that ransomware gangs are actively exploiting the Citrix Bleed vulnerability.Affiliates of at least two ransomware groups, LockBit and Medusa, have been observed exploiting Citrix Bleed as part of attacks against organizations. Both are globally significant, and were ranked as the first and sixth most active groups in our November ransomware review.Known ransomware attacks by ransomware group, October 2023Mandiant states it is currently tracking four distinct uncategorized groups involved in exploiting this vulnerability. >> Full Article <<
November 24, 2023 By Alexander Martin CTS, a managed service provider (MSP) for law firms in the United Kingdom, is “urgently investigating” a cyberattack that has disrupted its services — potentially leaving hundreds of British law firms unable to access their case management systems.The company announced Friday that it was “experiencing a service outage which has impacted a portion of the services we deliver to some of our clients,” and confirmed “the outage was caused by a cyber-incident.” The UK government is “closely monitoring the company’s situation,” according to a government spokesperson.Industry news outlet Estate Agent Today reported that CTS was hacked through the CitrixBleed bug which U.S. officials have warned is being exploited by both state-sponsored and cybercriminal groups. >> Full Article <<
November 24, 2023 By Sead Fadilpašić A crypto bridge was also abused as HTX was hacked (Image credit: Pixabay)Cryptocurrency exchange platform HTX and the Heco Chain blockchain protocol have been hit by cyberattacks, with the thieves making away with roughly $100 million in different currencies.The news was confirmed by Justin Sun, a long-time cryptocurrency entrepreneur and an investor in HTX. Besides confirming the attack, Sun also said that all victims will be reimbursed by the company. “HTX and Heco Cross-Chain Bridge Undergo Hacker Attack. HTX Will Fully Compensate for HTX's hot wallet Losses. Deposits and Withdrawals Temporarily Suspended,” Sun said in an X post. “All Funds in HTX Are Secure, and the Community Can Rest Assured. We are investigating the specific reasons for the hacker attack. Once we complete the investigation and identify the cause, we will resume services.” >> Full Article <<
November 24, 2023 By Jonathan Greig Vanderbilt University Medical Center said it is investigating a cybersecurity incident that led to the compromise of a database.VUMC runs seven hospitals and multiple healthcare facilities across Nashville, Tennessee — serving more than three million patients each year. The organization is one of the largest employers in the state with 40,000 employees and has more than 1,7000 beds across its hospitals.On Thanksgiving, the hospital system was added to the leak site of the Meow ransomware gang – a relatively new operation that researchers are still examining.A spokesperson for VUMC confirmed that they were dealing with a cyber incident but would not say when it occurred, if it was ransomware, or what kind of effects they were seeing due to the attack. >> Full Article <<
November 24, 2023 By Bill Toulas The National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking group breaches companies using a zero-day vulnerability in the MagicLine4NX software to conduct supply-chain attacks.MagicLine4NX is a security authentication software developed by the South Korean company Dream Security, used for secure logins in organizations.According to the joint cybersecurity advisory, the DPRK-based threat actors leveraged a zero-day vulnerability in the product to breach their targets, primarily South Korean institutions. >> Full Article <<
