Cyber Bites

The Thanos ransomware is the first to use a researcher-disclosed RIPlace anti-ransomware evasion technique as well as numerous other advanced features that make it a serious threat to keep an eye on. Thanos first began private distribution at the end of October 2019, but it was not until January 2020 when victims seeking help for what was called then the Quimera Ransomware. As time went on, victims continued to seek help in the BleepingComputer forums for the...

A phishing email campaign asking you to vote anonymously about Black Lives Matter is spreading the TrickBot information-stealing malware. Started as a banking Trojan, the TrickBot has evolved to perform a variety of malicious behavior. This behaviour includes spreading laterally through a network, stealing saved credentials in browsers, stealing Active Directory Services databases, stealing cookies and OpenSSH keys, stealing RDP, VNC, and PuTTY Credentials, and more. TrickBot also partners with ransomware operators, such as Ryuk, to give access to a compromised...

South Korea will require facilities deemed to be "high-risk" of spreading COVID-19 to install QR code readers, the government said on Wednesday. Places where multiple people gather around indoors, such as fitness centres, clubs, and karaoke bars, will be subject to the requirement, the Korea Centers for Disease Prevention and Control (KCDC) said. People who wish to enter such facilities will need to scan their QR code from Naver's smartphone app. Personal data collected from...

The APT known as TA410 has added a modular remote-access trojan (RAT) to its espionage arsenal, deployed against Windows targets in the United States’ utilities sector. According to researchers at Proofpoint, the RAT, called FlowCloud, can access installed applications and control the keyboard, mouse, screen, files, services and processes of an infected computer, with the ability to exfiltrate information to a command-and-control (C2) provider. It appears to be related to previous attacks delivering the LookBack malware....

Babylon Health has acknowledged that its GP video appointment app has suffered a data breach. The firm was alerted to the problem after one of its users discovered he had been given access to dozens of video recordings of other patients' consultations. A follow-up check by Babylon revealed a small number of further UK users could also see others' sessions. The firm said it had since fixed the issue and notified regulators. Babylon allows its...

Payment card data from customers of Greenworks hardware tools website is currently being stolen by hackers via a malicious script with self-cloaking capabilities and anti-tampering protection. Greenworks distributes home and garden battery-powered tools for DIY consumers. Its business started in 2007 and grew to expand in North America and Europe. The main website of the power tool distributor has been compromised with a "highly-sophisticated self-cleaning and self-destructing skimmer" - a piece of code also known...

Authors of Valak information stealer are focusing more and more on stealing email credentials as researchers find a new module specifically built for this purpose. The malware emerged in testing mode in mid-October 2019 and has a modular plugin architecture that expands its capabilities to cover the needs of the threat actor. Valak has been developed at an accelerated rate, with more than 30 variants being identified in six months. It started as a malware...

Columbia College, Chicago has become the third US college in a week to fall victim to a cyber-attack involving the Netwalker family of ransomware. The Illinois educational establishment, along with Michigan State University and the University of California, San Francisco, was targeted by cyber-criminals and given six days to pay a ransom to recover its files. Netwalker, also known as Mailto or as an updated version of Kokoklock ransomware, was first observed operating in September 2019. The...

A survey by data protection firm Veritas Technologies found that more than a third (35%) of UK consumers would see a business leader as personally responsible if a cyber breach of that business occurs. It suggests that more than two-thirds (68%) believe they should be compensated when incidents such as ransomware attacks compromise their data, while 8% said they would like to see chief executives sent to prison if such a breach does take place....

IBM has announced it will no longer be offering general purpose facial recognition technology in fear that it could be used to promote racial discrimination and injustice. "IBM firmly opposes and will not condone uses of any technology, including facial recognition technology offered by other vendors, for mass surveillance, racial profiling, violations of basic human rights and freedoms, or any purpose which is not consistent with our values and Principles of Trust and Transparency," IBM...