News – Page 175

New data extortion email campaign copying ransomware gang techniques

Posted on 4 April 2023

From blog.avast.com

All signs indicate that this is simply a scam to scare company decision makers into paying money to avoid further consequences.

The Avast Threat Labs have identified a new data extortion scam targeting companies. The scam is designed to look like it’s coming from a ransomware or data extortion cyber gang and is sent via email to employees of different companies, addressing them by their full name.

In this message, they let them know their company has suffered a security breach and a large amount of information has been stolen — including data from Human Resources — such as employee records, personal, and medical data. The senders claim they are from a ransomware group, like “Silent Ransom”, or “Lockffit.” If read quickly, the recipient may believe the email was sent by the “LockBit” ransomware group, which is known for their aggressive data extortion methods.

mTLS client certificate revocation vulnerability with TLS Session Resumption

Posted on 4 April 2023

From blog.cloudflare.com

On December 16, 2022, Cloudflare discovered a bug where, in limited circumstances, some users with revoked certificates may not have been blocked by Cloudflare firewall settings. Specifically, Cloudflare’s Firewall Rules solution did not block some users with revoked certificates from resuming a session via mutual transport layer security (mTLS), even if the customer had configured Firewall Rules to do so. This bug has been mitigated, and we have no evidence of this being exploited. We notified any customers that may have been impacted in an abundance of caution, so they can check their own logs to determine if an mTLS protected resource was accessed by entities holding a revoked certificate.

Cyber spring cleaning: Decluttering your digital home

Posted on 4 April 2023

From blog.avast.com

From eliminating multiple copies to removing excessive bookmarks, here are five tips to avoid cyber hoarding.

Spring cleaning provides the perfect opportunity to declutter both your physical and digital homes. Although digital clutter doesn’t leave a physical trace, it can undoubtedly take up significant mental space. A messy digital environment can trigger stress, hinder productivity, and increase vulnerability to cyber threats.

It’s best to avoid cyber hoarding and build a routine to efficiently manage your digital devices. Follow these tips to tidy up your digital home and boost your mental wellbeing.

ASEC Weekly Phishing Email Threat Trends (March 19th, 2023 – March 25th, 2023)

Posted on 3 April 2023

From asec.ahnlab.com

AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from March 19th, 2023 to March 25th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act is a technical subterfuge that enables the threat actor to perform attacks such as information leaks, malware distribution, and fraud against various targets. The focus of this post will be on the fact that phishing attacks mainly occur through emails. We will also provide a detailed classification of various attack methods that are based on phishing emails. Furthermore, we will make an effort to minimize user damage by introducing new attack types that have never been found before and emails that require users’ caution, along with their keywords. The phishing emails covered in this post will only be those that have attachments. Emails that have malicious links in the body without attachments will be excluded.

Super FabriXss Vulnerability in Microsoft Azure SFX Leads to Unauthenticated RCE

Posted on 3 April 2023

From gbhackers.com

New information has surfaced regarding a security flaw patched by Microsoft in Azure Service Fabric Explorer (SFX). The vulnerability had the potential to result in unauthorized remote code execution.

The vulnerability has been discovered by the security researchers at Orca Security and tracked as CVE-2023-23383 with a CVSS score of 8.2, dubbed “Super FabriXss.”

Money Message: The new ransomware demanding millions in ransom

Posted on 3 April 2023

From en.secnews.gr

A new ransomware group known as “Money Message“, has appeared on the world stage and is demanding millions of dollars in ransom from its victims in order to prevent leakage of their data or the release of a decryptor.

Defunct comms link connected to nothing at a fire station – for 15 years

Posted on 3 April 2023

From theregister.com

WHO, ME? Welcome once again, dear reader, to Who, Me? – The Reg’s weekly attempt to soften your re-entry into the harsh reality of the working week with tales of workplace mirth.

This week, we once again meet “Bernard”, who in times past found himself working for “a rural local authority in Middle England” – which sounds like he was either working with Chaucer or Hobbits. Since he was doing network support, we think some other explanation more likely.

At some point, Bernard’s bailiwick was extended to include telephony support, which had previously been the responsibility of the building support team.

That go-getting group had taken a firm “if it ain’t broke, don’t fix it” attitude – unless something was on fire, they left it alone.