Food For Files: GoodWill Ransomware demands food for the poor to decrypt locked files

From hackread.com

Food For Files: GoodWill Ransomware demands food for the poor to decrypt locked files

GoodWill ransomware attackers share a three-page ransom note asking the victim to perform three tasks to get the decryption key- they want them to donate to the homeless, feed poor kids, and provide financial assistance to a patient in need.

CloudSEK Threat Intelligence Research team has warned about new ransomware dubbed GoodWill Ransomware that can cause temporary to permanent data loss and may also shut down operations, leading to massive revenue losses.

Read more…

Popular Python Package Compromised: Don’t ‘Blindly Trust Open Source’

From venafi.com

python-package-compromised

The Python package ctx, which averages over 20,000 downloads per week, was compromised on the Python Package Index (PyPI), according to both forum and social media posts and a bevy of news reports.

“When we browse the release history tab, we can see various versions of ctx uploaded within the past few days,” the SANS Institute said on May 24. “It was undoubtedly weird that the original package that was uploaded on December 19, 2014, would be replaced by something identical on May 21, 2022 and have subsequent version updates (and skipping a few releases too),” the post said.

An independent researcher, who also investigated the incident, said in a tweet that the malicious activity is likely meant to mine AWS credentials.

Read more…

Advancing our Secure Home Platform with DNS over HTTPS

From mcafee.com

On the internet, the Domain Name System (DNS) is the way regular people access websites such as ESPN.com or BBC.com. However, the internet uses a unique series of Internet Protocol (IP) addresses to access websites which are tricky for humans to remember.  Web browsers typically interact with websites through IP addresses, and DNS translates websites into IP addresses so browsers can access Internet resources. Historically, this has been done in the form of unencrypted clear text that ISPs and security providers such as McAfee can read and act upon to sort through risky websites or to improve network performance and intelligence.

Read more…

Collaboration is key to energy sector cyber defense

From securitymagazine.com

energy-ga38d32e5f_1920.jpg

Energy is a backbone of society, and there are many direct connections between energy use and quality of life. Reliable access to electricity has proven to reduce poverty — alongside other efforts around sanitation, nutrition and access to clean water — while minimizing the emission of home pollutants and increasing opportunities for workers. This makes it both a highly desired commodity and a precious resource that the world needs to proactively protect.

Read more…

Suspected phishing email crime boss cuffed in Nigeria

From theregister.com

Interpol and cops in Africa have arrested a Nigerian man suspected of running a multi-continent cybercrime ring that specialized in phishing emails targeting businesses.

His alleged operation was responsible for so-called business email compromise (BEC), a mix of fraud and social engineering in which staff at targeted companies are hoodwinked into, for example, wiring funds to scammers or sending out sensitive information. This can be done by sending messages that impersonate executives or suppliers, with instructions on where to send payments or data, sometimes by breaking into an employee’s work email account to do so.

Read more…

Why are current cybersecurity incident response efforts failing?

From helpnetsecurity.com

Business-critical applications, such as enterprise resource planning (ERP) systems provided by SAP and Oracle, are considered the crown jewels of the enterprise. These assets hold an organization’s most valuable data: from confidential financial information to private customer and partner details. Attackers that gain access to these applications can cause mass destruction, by hijacking an organization’s payroll system, shutting down its manufacturing facilities, or transferring large sums of money to their own bank accounts.

Read more…