A week in security (March 14 – 20)
Last week on Malwarebytes Labs: Beware of this bogus (and phishy) “Instagram Support” emailMeet Exotic Lily, access broker for ransomware...
News
DirtyMoe modules expand the bot using worm-like techniques
The DirtyMoe botnet continues to evolve and now includes a module that implements wormable propagation capabilities. In June 2021, researchers from...
Anonymous leaked data stolen from Russian pipeline company Transneft
Anonymous hacked Omega Company, the in-house R&D unit of Transneft, the Russian oil pipeline giant, and leaked stolen data. Anonymous...
Mar 13- Mar 19 Ukraine – Russia the silent cyber conflict
This post provides a timeline of the events related to the Russia invasion of Ukraine from the cyber security perspective....
Security Affairs newsletter Round 358 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
EU and US agencies warn that Russia could attack satellite communications networks
FBI, CISA, and the European Union Aviation Safety Agency (EASA) warn of possible threats to international satellite communication (SATCOM) networks....
Avoslocker ransomware gang targets US critical infrastructure
The Federal Bureau of Investigation (FBI) reported that AvosLocker ransomware is being used in attacks targeting US critical infrastructure. The Federal...
Crooks claims to have stolen 4TB of data from TransUnion South Africa
TransUnion South Africa discloses a data breach, threat actors who stolen sensitive data, demanded a ransom payment not to release...
Exotic Lily initial access broker works with Conti gang
Google’s Threat Analysis Group (TAG) uncovered a new initial access broker, named Exotic Lily, that is closely affiliated with the Conti ransomware...
Emsisoft releases free decryptor for the victims of the Diavol ransomware
Cybersecurity firm Emsisoft released a free decryptor that allows the victims of the Diavol ransomware to recover their files without...
Beware of this bogus (and phishy) “Instagram Support” email
Recently, a fake Instagram email successfully bypassed Google’s email filters and made it into hundreds of employee inboxes used by...
This Week in Security News – March 18, 2022
Global Cyberattacks: Navigating New Frontiers: Trend Micro 2021 Annual Cybersecurity Report, and US Has 'Significant' Cyber Vulnerabilities, But A Sweeping...
How to Secure AWS Serverless API(s)
Discover how to easily enhance security of your container-based AWS serverless API to protect against known and unknown vulnerabilities. If...
Meet Exotic Lily, access broker for ransomware and other malware peddlers
The Google Threat Analysis Group (TAG) has shared their observations about a group of cybercriminals called Exotic Lily. This group...
Double header: IsaacWiper and CaddyWiper
As war in Ukraine rages, new destructive malware continues to be discovered. In this short blog post, we will review...
China-linked threat actors are targeting the government of Ukraine
Google’s TAG team revealed that China-linked APT groups are targeting Ukraine ’s government for intelligence purposes. Google’s Threat Analysis Group...
How to protect RDP
You didn’t really think that the ransomware wave was coming to an end, did you? You may be tempted to...
Caketap, a new Unix rootkit used to siphon ATM banking data
Experts spotted a new Unix rootkit, called Caketap, that was used to steal ATM banking data. Mandiant researchers discovered a...
Online Safety Bill’s provisions for “legal but harmful” content described as “censor’s charter”
The UK’s Online Safety Bill, a landmark piece of legislation that that aims to regulate the country’s online content, has...
Deepfake Zelenskyy video surfaces on compromised websites
It’s been a long time coming. The worry over deepfake technology being used during times of major upheaval has been...
Red TIM Research (RTR) team discovers a bug on Ericsson Network Manager
TIM Red Team Research (RTR) researchers discovered a new flaw on Ericsson Network Manager, aka Ericsson flagship network product. TIM...
Russia-linked Cyclops Blink botnet targeting ASUS routers
The recently discovered Cyclops Blink botnet, which is believed to be a replacement for the VPNFilter botnet, is now targeting the ASUS...
Microsoft releases open-source tool for checking MikroTik Routers compromise
Microsoft released an open-source tool to secure MikroTik routers and check for indicators of compromise for Trickbot malware infections. Microsoft...
node-ipc NPM Package sabotage to protest Ukraine invasion
The developer behind the popular “node-ipc” NPM package uploaded a destructive version to protest Russia’s invasion of Ukraine. RIAEvangelist, the...
