Suspected LockBit dev, facing US extradition, ‘did it for the money’
An alleged LockBit ransomware developer is in custody in Israel and awaiting extradition to the United States. Israeli law enforcement arrested Rostislav Panev, 51, a dual Russian and Israeli national, in August at the request of the US. Panev faces 41 counts, including computer-related extortion, conspiracy to commit fraud, conspiracy to commit wire fraud, and intentional damage to a protected computer, according to a criminal complaint [PDF] filed in the District of New Jersey that was unsealed on December 20. With the addition of Panev, seven LockBit members have been charged with crimes and three have been arrested.
5.6 Million Impacted by Ransomware Attack on Healthcare Giant Ascension
Ascension Health is notifying roughly 5.6 million individuals that their personal, medical, and payment information was compromised in a ransomware attack in May 2024. The incident occurred on May 8 and resulted in service disruptions that prompted hospitals around the country to revert to downtime procedures and divert emergency medical services. The healthcare giant was able to restore most of the affected services by mid-June, when it revealed that the attackers had exfiltrated protected health information (PHI) and personally identifiable information (PII) from several of its servers.
Adobe warns of critical ColdFusion bug with PoC exploit code
Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept (PoC) exploit code. In an advisory released on Monday, the company says the flaw (tracked as CVE-2024-53961) is caused by a path traversal weakness that impacts Adobe ColdFusion versions 2023 and 2021 and can enable attackers to read arbitrary files on vulnerable servers. “Adobe is aware that CVE-2024-53961 has a known proof-of-concept that could cause an arbitrary file system read,” Adobe said today, while also cautioning customers that it assigned a “Priority 1” severity rating to the flaw because it has a “a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform.”
North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin
Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. “The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces,” the agencies said. “TraderTraitor activity is often characterized by targeted social engineering directed at multiple employees of the same company simultaneously.” The alert comes courtesy of the U.S. Federal Bureau of Investigation, the Department of Defense Cyber Crime Center, and the National Police Agency of Japan. It’s worth noting that DMM Bitcoin shut down its operations earlier this month.
Major Biometric Data Farming Operation Uncovered
Security researchers have urged customer-facing businesses to improve their verification checks after discovering a large-scale identity farming operation on the dark web. The unnamed underground group compiled a large collection of identity documents and corresponding facial images in a bid to trick Know Your Customer (KYC) verification checks, according to IProov’s Biometric Threat Intelligence service. However, iProov claimed that the images and documents may have actually been handed over willingly by the data subjects, in exchange for payment. This presents an extra challenge to organizations that use selfies to verify a customer is who they say they are online. They need to not only detect fake documents but also genuine ones being misused by unauthorized scammers, iProov warned.