A researcher going by the name hyp3rlinx has discovered that some of the most popular ransomware strains, such as Conti, REvil, LockBit, including many others, carry a flaw that makes them vulnerable to DLL hijacking. By exploiting the flaw, the researcher was able to prevent the ransomware from its key selling proposition – encrypting files. As reported by Bleeping Computer, DLL hijacking is usually used to inject malicious codes into legitimate applications. For these ransomware strains, however, the researcher created a proof of concept, and recorded a demo video showcasing how it’s done.
A ransomware group believed to have strong ties within Russia said Wednesday that it will release files it took from the Bulgarian government agency responsible for refugee management, a nation that has reportedly hosted hundreds of thousands of fleeing Ukrainians. LockBit 2.0 posted a notice to the dark web portal it uses to identify and extort its victims saying it had files from the Bulgarian State Agency for Refugees under the Council of Ministers. “All available data will be published!” the notice read under the group’s trademark bright red countdown clock, which has a May 9 publication date but no specific posted ransom demand.
VPN COMPANIES ARE squaring up for a fight with the Indian government over new rules designed to change how they operate in the country. On April 28, officials announced that virtual private network companies will be required to collect swathes of customer data—and maintain it for five years or more—under a new national directive. VPN providers have two months to accede to the rules and start collecting data. The justification from the country’s Computer Emergency Response Team (CERT-In) is that it needs to be able to investigate potential cybercrime. But that doesn’t wash with VPN providers, some of whom have said they may ignore the demands.
Hacktivists operating on the side of Ukraine have focused their DDoS attacks on a portal that is considered crucial for the distribution of alcoholic beverages in Russia. DDoS (distributed denial of service) attacks are collective efforts to overwhelm servers with large volumes of garbage traffic and bogus requests, rendering them unable to serve legitimate visitors. According to reports from multiple Russian media outlets, several vodka producers and distributors claim inability to access the EGAIS (ЕГАИС) portal as required by government regulations. As a result, alcohol beverages transportation and distribution to retail points have suffered greatly in the past couple of days, raising the risk of actual shortages on the shelves.
Almost every year, Microsoft publishes a blog post emphasizing the need to ditch passwords completely and transitioning to modern forms of authentication such as password-less sign-in and multi-factor authentication (MFA). On World Password Day this year, the company has once again written a piece about this transition and encouraged customers to ditch passwords altogether. In a blog post, Microsoft’s Corporate Vice President, Security, Compliance, Identity, and Management Vasu Jakkal writes that passwords are the most common attack surface for malicious actors and there are 921 attempts on them every second – this frequency has doubled since last year. Additionally, passwords are hard to remember and keep track of, especially if you’re working in a heterogeneous environment.
A bug in Google Docs is causing it to crash when a series of words are typed into a document opened with the online word processor. Once crashed, you may not be able to easily re-access the document as doing so would trigger the crash again. BleepingComputer was able to reproduce the issue last night and reached out to Google. Google told us it is aware of the bug and working on a fix. Until then, we share a workaround below. It’s official—Google Docs crashes at the sight of “And. And. And. And. And.” when the “Show grammar suggestion” is turned on.
The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. “Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social engineering to trick victims into infecting themselves,” Cisco Talos said in a new report detailing the group’s evolving modus operandi. The group is known to have targeted a wide range of organizations since at least 2012, with the actor primarily relying on email-based social engineering to gain initial access to drop PlugX, a backdoor predominantly deployed for long-term access.
South Korea’s intelligence agency said on Thursday that the country has joined a cyber defense group under the North Atlantic Treaty Organization (NATO), becoming its first Asian member country. The National Intelligence Service (NIS) said that South Korea, along with Canada and Luxembourg, have been admitted into the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE), a think-tank based in Tallinn, Estonia, that supports member nations and NATO with interdisciplinary cyber defense research, training, and exercises. The think-tank was established in 2008 by NATO members, on the initiative of Estonia, in response to the country suffering crippling cyberattacks allegedly committed by Russia. With the addition of the three new member nations, CCDCOE now has a total of 32 members — 27 sponsoring members of NATO and five contributing participants, including South Korea, that are not part of NATO.