Security daily (09-03-2021)

South Korean cops arrest GandCrab suspect

South Korea’s National Police Agency said Tuesday that it had arrested a suspect involved in the distribution of thousands of emails laced with GandCrab, a once-prolific strain of ransomware. The suspect, whom South Korean authorities did not name, is accused of setting up internet domains to distribute the malicious code and netting some $10,500 from the ransomware attacks. The police statement described an investigation spanning two years and 10 countries, culminating in the suspect’s arrest on Feb. 25. Those police resources overcame the suspect’s efforts to cover their tracks by using IP addresses from different countries, police said. The investigation began when South Korean officials spotted malicious emails impersonating the police to distribute the ransomware. South Korean outlet Yonhap News reported that the suspect was 20 years old. At its height, GandCrab was one of the most commonly used strains of ransomware, infecting over a half a million victims from […] The post South Korean cops arrest GandCrab suspect appeared first on CyberScoop. (CyberScoop)

Is Congress finally ready to pass meaningful ransomware legislation?

During the entire last two-year session of Congress, lawmakers only got one bill signed into law that mentioned the word “ransomware.” With the epidemic of digital extortion showing no signs of abating, though, and as ransomware attacks claim ever more victims across all parts of the U.S., evidence is mounting that the next two years could bring a more concerted push for legitlation. “I think it will be a focus because essentially every congressional district has had some kind of ransomware incident, whether public or not,” said Michael Garcia, a senior policy adviser in the national security program at Third Way, a center-left think tank. “Just look at the number of hospitals getting hit, of schools being hit.” In one recent incident, a Mississippi public school system revealed it had paid $300,000 to ransomware attacks, while a U.S. medical company, Universal Health Services, said it lost $67 million as a […] The post Is Congress finally ready to pass meaningful ransomware legislation? appeared first on CyberScoop. (CyberScoop)

Spanish labor agency suffers ransomware attack, union says

A ransomware attack has affected IT systems at a Spanish government agency that manages unemployment benefits, disrupting “hundreds of thousands” of appointments at the agency, a Spanish labor union said Tuesday. The cyberattack on Spain’s State Public Employment Service (SEPE) affected the agency’s offices around the country, forcing employees to use pen and paper to take appointments, according to the Central Independent Trade Union and Civil Servants. The union alleged that the SEPE had aging IT systems that the agency had not upgraded. SEPE plays an integral part in distributing unemployment benefits in a country where the coronavirus pandemic has hammered the economy. The number of jobless people in Spain is now 4 million, its highest rate in five years, according to official data. But SEPE Director Gerardo Gutiérrez said an interview with Spanish broadcaster RNE that the incident had not affected unemployment benefits, and that it has not led […] The post Spanish labor agency suffers ransomware attack, union says appeared first on CyberScoop. (CyberScoop)

Amid widespread Exchange Server attacks, Microsoft issues patch for older versions

Microsoft issued a patch late Monday evening for older, unsupported versions of Microsoft Exchange servers in an attempt to lessen the blow of hackers exploiting recently uncovered software flaws. Microsoft released a security update earlier this month to address the four zero-day flaws in Exchange Server email software, which suspected Chinese hackers are actively exploiting as part of an espionage operation aimed at stealing the contents of targets’ emails. But those updates only addressed Exchange Server versions 2013 to 2019. “This is intended only as a temporary measure to help you protect vulnerable machines right now,” the Exchange Team at Microsoft warned in a blog post. The best course of action would be to update to the latest version and apply the patch, the company said. System administrators should be advised that the updates for unsupported Exchange Servers only address the four zero-day flaws revealed early this month, Microsoft said. […] The post Amid widespread Exchange Server attacks, Microsoft issues patch for older versions appeared first on CyberScoop. (CyberScoop)

Serious Security: Webshells explained in the aftermath of HAFNIUM attacks

Webshells explained, with some (safe) examples you can try at home if you want to learn more. (Naked Security)

Chinese Hackers Targeted SolarWinds Customers In Parallel With Russian Op

(News ≈ Packet Storm)

Malicious Apps On Google Play Dropped Banking Trojans On User Devices

(News ≈ Packet Storm)

Emails Show Shadow Structure Behind Encrochat

(News ≈ Packet Storm)

Microsoft's Crazy Huge Hack, Explained

(News ≈ Packet Storm)

Apple’s Device Location-Tracking System Could Expose User Identities

Researchers have identified two vulnerabilities in the company’s crowd-sourced Offline Finding technology that could jeopardize its promise of privacy. (Threatpost)

Microsoft Patch Tuesday Updates Fix 14 Critical Bugs

Microsoft's regularly scheduled March Patch Tuesday updates address 89 CVEs overall. (Threatpost)

Dark Web Markets for Stolen Data See Banner Sales

Report reveals a booming business for Dark Web vendors selling everything from emails to hacked crypto accounts. (Threatpost)

Adobe Critical Code-Execution Flaws Plague Windows Users

The critical flaws exist in Adobe Framemaker, Connect and the Creative Cloud desktop application for Windows. (Threatpost)

Google Play Harbors Malware-Laced Apps Delivering Spy Trojans

A never-before-seen malware-dropper, Clast82, fetches the AlienBot and MRAT malware in a savvy Google Play campaign aimed at Android users. (Threatpost)


/security-daily/ 10-03-2021 23:44:24