Category: News

From securityaffairs.co

Sodinokibi ransomware (aka REvil) operators have breached the Brazilian-based electrical energy company Light S.A. and are demanding a $14 million ransom.

The company issued comments to a local newspaper confirming the attack,

Light S.A. admitted the intrusion to a local newspaper, but it did provide technical details of the security breach either disclose the type of ransomware that infected its systems.

“The company claims to have been the victim of a virus attack, but what motivated this attack has been kept confidential: hackers have invaded the system and sent a virus that encrypts all Windows system files.” reads the post published by the newspaper.

Read more…

From cbsnews.com

The National Security Agency issued a new cybersecurity advisory on Thursday, warning that virtual private networks, or VPNs, could be vulnerable to attacks if not properly secured. The agency’s warning comes amid a surge in telework as organizations adapt to coronavirus-related office closures and other constraints.

Read more…

From gdatasoftware.com

Try2Cry ransomware adopts USB flash drive spreading using LNK files. The last ransomware that did the same was the infamous Spora. The code of Try2Cry looks oddly familiar, though.

A big portion of my work as malware analyst at G Data is writing detection signatures for our product. One of those signatures checks for a USB worm component that I have seen in certain variants of .NET based RATs like njRAT and BlackNet RAT. When this worm signature hit on an unidentified sample^[1], I got curios. It was a .NET ransomware that seemed oddly familiar to me. I couldn’t put a finger on it yet.

Read more…

From securityonline.info

Do you want to spy on an iPhone discreetly but don’t know how you can accomplish it? Worry no more. Here we are going to show you 5 best ways to spy on an iPhone. 

Read more…

From theregister.com

Special report Addicts seeking substance abuse treatment are being deceived by phony medical clinics advertising on Google’s business directory system – and the web giant seems unwilling or unable to fix the issue.

An investigator who asked to remain anonymous provided The Register with research detailing online advertising in the substance abuse treatment industry, including a review of Google search results listings and how they’re informed by Google My Business data, which companies provide about themselves to identify their store locations and hours. It appears that many of these are just front organizations, intended to pick up people desperate for care and with the insurance to pay for it.

Read more…

From techcrunch.com

ZenGo, a startup that is building a mobile cryptocurrency wallet, has discovered a vulnerability in some of the most popular cryptocurrency wallets, such as hardware wallet Ledger, BRD and Edge.

Named BigSpender, the vulnerability might lead to an incorrect balance on your wallet as unconfirmed transactions are taken into account in your total balance. The attacker could revoke the transaction before it is confirmed, which could lead to some confusion.

Read more…

From securityboulevard.com

The widespread switch to work-from-home arrangements around the globe means employees are working offsite at unprecedented levels. It’s also prompted cybercriminals to find additional targets to exploit. We have heard for months about an increase in the number of phishing emails that seek to take advantage of pandemic fears. Now it’s brute-force attacks that are growing.

Read more…