Latest

Cybercrime

Chinese APT Backdoor Bypasses Indonesian Antivirus

Jayant Chakravarti  •  June 2, 2023

A Chinese espionage threat group is using a novel backdoor to bypass popular Indonesian antivirus tool Smadav. Targets include European embassies in Southeast and East Asia. Smadav treats processes with no windows as suspect. The APT gets around that by opening a window not visible to users.

HIPAA/HITECH

Mistrial in Criminal HIPAA Case Against Army Doctor & Spouse

Marianne Kolbasuk McGee  •  June 2, 2023

A federal judge declared a mistrial in the criminal HIPAA conspiracy case against a married couple, both doctors, after the jury deadlocked on whether the two had been entrapped by the U.S. government into providing patient records to a supposed Russian operative. Prosecutors will seek a retrial.

Fraud Management & Cybercrime

After Ransomware Attack, Oakland Faces Data Breach Lawsuit

Mathew J. Schwartz  •  June 1, 2023

A flurry of legal complaints and a lawsuit have been filed against the city of Oakland, California, after it fell victim to a ransomware attack. The Play group claimed credit for the attack and posted some of stolen information, which includes personal details, ID numbers and health information.

Fraud Management & Cybercrime

Breach Roundup: Amazon Settles US FTC Investigations

Prajeet Nair  •  June 1, 2023

This week: Amazon settled privacy and cybersecurity investigations with the U.S. FTC, SAS received a $3 million extortion demand and apparently Ukrainian hacktivists penetrated Russia's Skolkovo Foundation. Plus, breaches at Onix Group and Toyota and a warning about Salesforce "ghost sites."

Cybercrime

Hackers Exploit Progress MOVEit File Transfer Vulnerability

Michael Novinson  •  June 1, 2023

Hackers have exploited a critical zero-day vulnerability in Progress Software's managed file transfer offering in several customer environments. Progress warned of a critical SQL injection vulnerability in MOVEit Transfer that allows for "escalated privileges and potential unauthorized access."

Blockchain & Cryptocurrency

Cryptohack Roundup: Hacker Yields Control of Tornado Cash

Rashmi Ramesh  •  June 1, 2023

In the days between May 26 and June 1, Tornado Cash validators regained control, Tron patched a bug that could be exploited for $500 million, Binance said it will delist privacy coins in four European countries, Coinbase settled insider trading charges and Hong Kong police joined the metaverse.

Fraud Management & Cybercrime

Conti's Legacy: What's Become of Ransomware's Most Wanted?

Mathew J. Schwartz  •  June 1, 2023

Former members of the defunct Conti ransomware group are continuing to ply their trade under a variety of other guises, including Royal and Black Basta. Thanks to their agile and innovative approaches, post-Conti operations are "stronger than ever," one ransomware expert reports.

Security Operations

Ukrainian CERT Warns of New SmokeLoader Campaign

Akshaya Asokan  •  May 31, 2023

Ukrainian cyber defenders warn users for the second time this month to be aware of financially motivated phishing campaigns that load the SmokeLoader malware onto computers. Hackers behind UAC-0006 typically target computers used by accountants and look for banking and credential data.

Endpoint Security

Apple Patched System Integrity Protection Bypass Flaw

Prajeet Nair  •  May 30, 2023

A now-patched macOS vulnerability allowed attackers with root access to bypass a kernel-level security feature that prevents malicious software from modifying protected files. An attacker could use the exploit to load malware that was shielded by Apple's System Integrity Protection.

Fraud Management & Cybercrime

Gouda Hacker: Charges Tie to Ransomware Hit Affecting Cheese

Mathew J. Schwartz  •  May 30, 2023

How many hackers can claim to have caused a national cheese shortage, not least in the Gouda-loving Netherlands? Enter Mikhail Matveev, a Russian national who's been indicted for wielding not one but three strains of ransomware, in what experts say is a needed focus on ransomware affiliates.

Blockchain & Cryptocurrency

Cryptohack Roundup: Tornado Cash Hack

Rashmi Ramesh  •  May 25, 2023

Between May 19 and 25, a hacker took control of Tornado Cash and stole $1 million, plaintiffs in a Coinbase-bankrolled lawsuit pressed for summary judgment, attackers used crypto phishing as a service to steal $6 million, Trezor hot wallet was found to possibly be buggy and Celer patched a bug.

Fraud Management & Cybercrime

Breach Roundup: Barracuda ESG Appliance Users Face Hacking

Mihir Bagwe  •  May 25, 2023

In the days between May 19 and May 25, the spotlight was on flaws in Barracuda Networks Email Security Gateway appliances, another GoAnywhere data breach that affected Franklin Templeton Canada and an American teenager out on bail and facing federal charges for hacking DraftKings accounts.