A team of researchers have devised a new method for protecting SSDs from ransomware attacks. It can detect ransomware, stop it in its tracks, and even recover stolen data in a matter of seconds. The cost should only be a minor increase in the SSD’s latency. SSD-Insider works by recognizing certain patters in SSD activity that are known to indicate ransomware.
Cybercriminals recreate Cobalt Strike in Linux. The new malware strain has gone unnoticed by detection tools. A re-implementation of Cobalt Strike has been “written from scratch” to attack Linux systems. Dubbed Vermilion Strike, Intezer said that the new variation leans on Cobalt Strike functionality, including its command-and-control (C2) protocol, its remote access functionality, and its ability to run shell instructions.
An industrial energy management system made by Delta Electronics is affected by several vulnerabilities whose exploitation could have serious consequences in a real world environment, according to the researcher who discovered the flaws. The existence of the vulnerabilities affecting Delta’s DIAEnergie product was disclosed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the researcher who identified them, Michael Heinzl.
The universal decryption key for REvil’s attack on Kaseya’s customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key.
A new Android Trojan has been identified by cybersecurity firm Zimperium, which released a report explaining how the malware has been able to hit more than 10,000 victims in 144 countries. The trojan, named FlyTrap by Zimperium researchers, has been able to spread through “social media hijacking, third-party app stores, and sideloaded applications” since March.
Websites run by the ransomware gang REvil suddenly became unreachable, sparking widespread speculation that the group had been knocked offline. The Russia-linked cybercrime ring has collected tens of millions of dollars in ransom payments in return for restoring computer systems it has hacked. In recent weeks it claimed responsibility for a sprawling ransomware outbreak that affected an estimated 800 to 1,500 businesses worldwide.
Kaspersky researchers recently came across unusual APT activity observed in South East Asia and dates back to at least October 2020. Most of the early sightings were in Myanmar, but it now appears the attackers are much more active in the Philippines, where there are more than 10 times as many known targets.
Microsoft released out-of-band patches for Windows systems affected by two critical bugs being tracked as CVE-2021-1675 and CVE-2021-34527 and has advised admins to disable the print spooler service until patches are applied.
Researchers from Avast are warning of the rapid growth of the DirtyMoe botnet, which passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts defined DirtyMoe as a complex malware that has been designed as a modular system.
Mayur Fartade, the Indian hacker, discovered the Instagram bug that allowed hackers to view selected media on the platform. By brute-forcing Media IDs, the attacker might have also been able to save photographs, videos, and metadata about specific media in addition to accessing user’s private images.
PuzzleMaker attacks exploit Windows zero-day, Chrome vulnerabilities. According to Kaspersky, a wave of “highly targeted attacks” on several organizations was traced that utilized a chain of zero-day exploits in the Google Chrome browser and Microsoft Windows systems over April 14 and 15, 2021. The attackers have been named PuzzleMaker. The first exploit in the chain, while not confirmed, appears to be CVE-2021-21224, a V8 type confusion vulnerability in the Google Chrome browser prior to 90.0.4430.85.
Malicious actors are actively mass scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw, which the company addressed late last month. Mass scanning activity detected from 104.40.252.159 checking for VMware vSphere hosts vulnerable to remote code execution.
The Qlocker ransomware gang has shut down their operation after earning $350,000 in a month by exploiting vulnerabilities in QNAP NAS devices. Starting on April 19th, QNAP NAS device owners worldwide suddenly discovered that their device’s files were replaced by password-protected 7-zip archives.
Mozilla Thunderbird email client could have been abused to impersonate senders. The vulnerability, tracked as CVE-2021-29956, has been given a low severity rating by the company and exists in versions 78.8.1 to 78.10.1 of its email client. Thankfully though, it has now been patched by the developer who introduced it in the first place while trying to add extra protection to the secret keys used by Thunderbird.
Researchers from Ruhr-University Bochum have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document’s visible content by displaying malicious content over the certi fi ed content without invalidating its signature.
Babuk ransomware readies ‘shut down’ post, plans to open source malware. After just a few months of activity, the operators of Babuk ransomware briefly posted a short message about their intention to quit the extortion business after having achieved their goal. Unlike other gangs that chose to release decryption keys or even return the collected ransoms, Babuk’s final gesture is to pass the torch to others.
Pradeo team has come across an advanced mobile attack campaign that uses a phishing technique to steal victims’ credit card details and infects them with a malware that impersonates the Android Google Chrome app. The malware uses victims’ devices as a vector to send thousands of phishing SMS.
