News

Earlier today, experts have uncovered 88,000 malicious open source packages so far this year, a triple-digit increase on the same figure in 2019 and indicative of a fast-growing corporate attack surface. Sonatype’s eighth annual State of the Software Supply Chain report, which was compiled from public and proprietary data analysis, has revealed the figures including 131 billion Maven Central downloads and thousands of open source projects. Notably, it details the growing risk to corporate systems from both...

Earlier today, prolific ransomware group targeting network-attached storage (NAS) devices this year monetizes its efforts by extorting both vendors and their end customers, according to a new report. According to Group-IB’s study, Deadbolt ransomware: nothing but NASty, is based on its analysis of a sample of the malware, which first appeared at the start of the year. In addition, an ongoing campaign, has targeted NAS devices from Taiwanese vendor QNAP belonging to SMBs, schools, individual home users...

Earlier today, Interpol released details of a new operation designed to target notorious West African criminal gang Black Axe, which led to 75 arrests. It's been reported that operation Jackal saw the policing organization coordinate forces in 14 countries across four continents, in a bid to put pressure on one of the world’s most prolific financial crime syndicates. As a result, one “action week” at the end of September led to dozens of arrests and...

Today it has been reported that a local government authority in London was forced to spend over £12m ($11.7m) in a single financial year to help it recover from a devastating ransomware attack, according to a local report. It appears that the October 2020 attack, traced to the Pysa/Mespinoza variant, resulted in sensitive data of local residents and council staff being published on the group’s leak site several months later. As a result, around two years after...

A recent analysis shows that Magniber ransomware has been targeting home users by masquerading as software updates. Reports have shown a ransomware campaign isolated by HP Wolf Security in September 2022 saw Magniber ransomware spread. The malware is known as a single-client ransomware family that demands $2,500 from victims. In previous news, Magniber was primarily spread through MSI and EXE files, but in September 2022 HP Wolf Security began seeing campaigns distributing the ransomware in JavaScript files....

Yesterday, after 32 years, Microsoft has begun to kill off the Microsoft Office brand, with plans to rebrand its Office.com and Office cloud-based apps to Microsoft 365 in the near future. It all began in 1990 when Microsoft was first released, bundling its popular Word, Excel, and PowerPoint applications under a one-time purchase productivity suite. Later versions introduced additional programs, such as Outlook, Access, and OneNote. Back in 2017, Microsoft started offering Office applications under...

Recent news reports show that Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. It appears that out of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the actively exploited ProxyNotShell flaws in Exchange Server. Notably, the patches come alongside updates to resolve...

Earlier this week, following Google’s acquisition of cybersecurity groups Siemplify and Mandiant, the US tech giant has sought to bring all of its cloud capabilities under one roof with the launch of Chronicle Security Operations. Further to this, Google’s Cloud Next division unveiled the cloud-born software suite on October 11, 2022, which it said can “better enable cybersecurity teams to detect, investigate, and respond to threats with the speed, scale, and intelligence of Google.” In...

Last week, German Interior Minister Nancy Faeser could dismiss Arne Schoenbohm, president of the Federal Office for Information Security (BSI) due to possible contact with Russian security agents, German media reported on Sunday, October 9, 2022, citing government sources. Schoenbohm, a founder of the Cyber Security Council of Germany, an industrial consortium, is alleged to have had contacts with people from one of the association’s members, a German subsidiary of a Russian cybersecurity firm founded...

Earlier today, the pro-Russian hacktivist group 'KillNet' is claiming large-scale distributed denial-of-service (DDoS) attacks against websites of several major airports in the U.S., making them unaccessible. It's been reported that the DDoS attacks have overwhelmed the servers hosting these sites with garbage requests, making it impossible for travelers to connect and get updates about their scheduled flights or book airport services. It's important to note examples of airport websites that are currently unavailable including the...