Cyber Security Today, December 2, 2022 – The latest ransomware news, an accidental botnet takedown and more
The latest ransomware news, an accidental botnet takedown and more.
Welcome to Cyber Security today. It’s Friday the 2nd. December 2022. My name is Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
The Cuba Ransom Gang added 50 victims around the world during the first eight months of the year. That’s according to the US Cybersecurity and Infrastructure Security Agency. That brings the total number of victims for this group to over 100. The agency estimates that so far the gang’s operatives have received over $60 million in ransoms. The figures are in an updated report on the gang’s tactics and indicators of compromise. There is a link to the report in the text version of this podcast.
Affiliates of the LockBit ransomware gang are increasingly using common and legitimate testing tools to compromise victim organizations. That is the conclusion of researchers at Sophos. Affiliates make the initial compromise between victims before the ransomware is distributed. They have been spotted using a hacking tool available on GitHub called Backstab, an anti-hooking tool GMER, the network probe Netscan and a tool called AV Remover. Defenders should note that evidence of these tools could be a sign that their networks are under attack.
Researchers at Akamai admit that they accidentally took down a cryptomining botnet last month. They tested the botnet’s functionality and sent it a malformed command. The bot does not have built-in error checking to verify that commands are properly formatted. So it crashed all the code running on infected machines. It is not known whether the threat actor behind this bot can rebuild the system.
Developers using the Quarkus Java framework are encouraged to install the latest version of the application. Red Hat, which makes its own build of Quarkus, disclosed the issue on November 21. A fuller description was published this week by a researcher at Contrast Security. In short, an issue in a configuration editor is vulnerable to drive-by localhost attacks that could lead to remote code execution on the developer’s computer.
Note the following IT administrators and home users with video cards from Nvidia in their computers. The company has released a software security update for Nvidia’s GPU Display Driver. It addresses vulnerabilities that can lead to systems being hacked.
There is also a link here to Trustwave’s latest advice on safe online holiday shopping.
Later today, the Week in Review edition will be available. In this episode, David Shipley of Beauceron Security and I will talk about ethical hacking, the value of fines for privacy violations, and confusing responses to a vendor survey.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to the Flash Briefing on your smart speaker.