BU-CERT News

From thehackernews.com

The U.S. Federal Bureau of Investigation (FBI) has disclosed that it’s in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost.

“We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov,” FBI Cyber Division Assistant Director Bryan Vorndran said in a keynote address at the 2024 Boston Conference on Cyber Security (BCCS).

LockBit, which was once a prolific ransomware gang, has been linked to over 2,400 attacks globally, with no less than 1,800 impacting entities in the U.S. Earlier this February, an international law enforcement operation dubbed Cronos led by the U.K. National Crime Agency (NCA) dismantled its online infrastructure.

Read more…

From computerworld.com

OneDrive for Web lets you save, access, share, and manage your files in the cloud using your favorite browser. Learn how to use its new interface for a big productivity boost.

Microsoft’s cloud storage, OneDrive, works both as a web app that you use through a browser and as a storage drive integrated into File Explorer in Windows 10 and 11. When you upload a file or folder to the OneDrive web app, it becomes available on your Windows PC through File Explorer, and vice versa. You can also access it on your smartphone or tablet (via the OneDrive app for Android, iPhone, or iPad) and even on a Mac (via the OneDrive Mac app) if any of these devices are signed in with the same Microsoft account.

Read more…

From bleepingcomputer.com

Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments using a custom shell script to deliver and execute payloads.

Also known as Mallox, FARGO, and Tohnichi, the TargetCompany ransomware operation emerged in June 2021 and has been focusing on database attacks (MySQL, Oracle, SQL Server) against organizations mostly in Taiwan, South Korea, Thailand, and India.

In February 2022, antivirus firm Avast announced the availability of a free decryption tool that covered variants released up to that date. By September, though, the gang bounced back into regular activity targeting vulnerable Microsoft SQL servers and threatened victims with leaking stolen data over Telegram.

Read more…

From asec.ahnlab.com

AhnLab SEcurity intelligence Center (ASEC) recently discovered that phishing files are being distributed via emails. The phishing files (HTML) attached to the emails prompt users to directly paste (CTRL+V) and run the commands.The threat actor sent emails about fee processing, operation instruction reviews, etc. to prompt recipients to open the attachments. When a user opens the HTML file, a background and a message disguised as MS Word appear. The message tells the user to click the “How to fix” button to view the Word document offline.

Read more…

From asec.ahnlab.com

Types of cyberattack include not only Advanced Persistent Threat (APT) attacks targeting a few specific companies or organizations but also scan attacks targeting multiple random servers connected to the Internet. This means that the infrastructures of threat actors can become the targets of cyberattack alongside companies, organizations, and personal users.

AhnLab SEcurity intelligence Center (ASEC) has confirmed a case in which a CoinMiner attacker’s proxy server became a target of a ransomware threat actor’s Remote Desktop Protocol (RDP) scan attack. The CoinMiner threat actor used a proxy server to access an infected botnet, and the port they opened to connect with the proxy server was exposed to another threat actor’s RDP scan attack. As a result, the RDP scan attack was launched against the CoinMiner’s botnet, infecting it with ransomware.  

Read more…

From thehackernews.com

Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform.

The development was first reported by Semafor and Forbes, which detailed a zero-click account takeover campaign that allows malware propagated via direct messages to compromise brand and celebrity accounts without having to click or interact with it.

It’s currently unclear how many users have been affected, although a TikTok spokesperson said that the company has taken preventive measures to stop the attack and prevent it from happening in the future.

The company further said that it’s working directly with impacted account holders to restore access and that the attack only managed to compromise a “very small” number of users. It did not provide any specifics about the nature of the attack or the mitigation techniques it had employed.

Read more…

From theregister.com

AI-piloted drones that accompany and assist human-piloted fighter jets are very much on military minds – and Airbus is showing off its take on the technology. 

The aerospace giant was at the International Aerospace Exhibition (ILA) in Berlin this week with a full-scale model of its Wingman drone – an “unmanned escort for manned fighter jets.” As many countries are envisioning, autonomous drones can act as support for human pilots by carrying out reconnaissance, refueling, acting as a radar platform, or even attacking human targets.

“The German Air Force has expressed a clear need for an unmanned aircraft flying with and supporting missions of its manned fighter jets before the Future Combat Air System will be operational in 2040,” Airbus Defence and Space CEO Michael Schoellhorn explained in a statement. “Our Wingman concept is the answer.”

Read more…