Cyber Bites

First spotted towards the end of December 2019, the Conti ransomware has since increased its number of attacks. It appears that this new ransomware shares certain code as Ryuk. The latter has also begun to disappear, whilst Conti's distribution is growing. Indeed, it is becoming a considerable threat as it works faster and performs more targeted attacks compared to its predecessor. Source: Bleeping Computer

Google has recently removed yet another 11 compromised Android applications from its app store, Google Play, as a new variant of the Joker malware has returned to the store. This has become a recurring theme since 2019 and has continued to have success in manoeuvring past Google Play's protections as slight changes are made to the code each time. What's more, researchers now claim that Joker has now taken things a step further by hiding...

A new initiative has been introduced by Google aimed at protecting the integrity of open source projects. This follows as a result of a number of cases where open source trademarks have been impacted by public cloud providers offering managed services. One such example is Amazon Web Services which copied the open source software from Elastic and created their own Elasticsearch service. Source: Computer Weekly

According to a Honeywell report, the use of USBs are the second most widespread industrial vector vulnerability within operational technology. Whilst the number of threats disrupting OT was at 26% in 2018, this percentage has significantly risen to 59% today. “This isn’t a case of accidental exposure to viruses through USB,” said Eric Knapp, director of cybersecurity research and engineering fellow for Honeywell Connected Enterprise, Cybersecurity. “It’s a trend of using removable media as part...

Ecommerce sites are being used by a Russian fraud group to check that the credit cards they have stolen continue to be valid. Discovered by the anti-fraud company, Sift, the criminal gang, also known as Bargain Bear, employs a new approach that does not raise suspicion with the card owner. To do this, they create multiple fake product listings on the dark web at around $99. They then bargain their way down to $1, when...

According to a report by Digital Shadows Photon Research Team, there is at present 15 billion usernames and passwords for sale on the dark web. This is as a result of 100,000 different data breaches that have taken place over the course of the last two years; that is, a 300% increase in stolen credentials. Providing access to bank accounts, streaming as well as other internet services, these credentials are sometimes offered for free by...

Following a breach in the technical database, the casino gambling app, Clubillion, was found recording the daily activities of millions of players across the globe. Alongside this, the vpnMentor research team, also revealed that private user information has been exposed. This puts millions of users at risk of further cyberattacks, not least phishing. Source: European Gaming

It has been revealed by security firm, CRITICALSTART, that mitigation of the severely critical security flaw in F5 Networks' BIG-IP tool can be bypassed. This leaves another 6,000 F5 devices exposed to an attack once again. Source: Computer Business Review

It has recently been discovered that fake TikTok links are being used by cybercriminals to spread malware that captures user data. As part of 59 other Chinese apps banned in India due to privacy concerns, hackers are now leveraging this to target gullible individuals hoping to download the app. The Maharashtra Cyber Police has warned citizens not to open any links from unknown sources. Source: Money Control

Since last July, senior-level executives across 46 different countries were targeted by the business email compromise group, Cosmic Lynx. This is the first known Russian BEC group outside of Nigerian scanners looking to exploit this email-based attack vector. Researchers have found that Cosmic Lynx specifically targets companies that don't use DMARC and utilises a "mergers and acquisitions" pretext to draw people in. Source: Threatpost