Evil Telegram fake apps send spyware
Kaspersky has discovered some malicious apps disguised as “faster versions of Telegram” that are in fact spyware. These specific apps appear to have been created to spy on Chinese-speaking users and the Uighur ethnic minority. The appear to be very similar to the original Telegram app but with additional code for info stealing, and using the org.telegram.messenger package names with the suffix .wab or .wob, while the regular Messenger app uses .web. Kaspersky reported the presence of these apps to Google.
Akamai announces mitigation of largest DDoS on a US financial company
The financial institution in question is unnamed, but Akamai says at its peak, the traffic hit 633.7 gigabits per second, and the attack itself lasted two minutes and occurred on September 5. They add, the attack was “proactively mitigated by our customer’s comprehensive cyberdefense posture.”
Rhysida attacks three more hospitals
Back on August 25 we reported on the Singing River Health System, which runs three major hospitals and dozens of clinics along the Gulf Coast near New Orleans, which suffered an event that took them offline. It now appears that this was the work of the Rhysida ransomware gang – the same group that attacked Prospect Medical Holdings in August, affecting hospitals in California, Texas, Connecticut, Rhode Island, and Pennsylvania. The attribution to Rhysida is being made by cybersecurity researcher Dominic Alvieri, who posted a tweet about it yesterday, )Sunday)
(Security Affairs and @AlvieriD on Twitter/X)
Notepad++ 8.5.7 released with fixes
The popular and free source code editor is now at version 8.5.7, fixing multiple buffer overflow zero-days, and answering recent proof of concept exploits. The most severe of its received a CVE number 2023-40031 with a rating of 7.8, although some users question how possible it would be to perform code execution with this flaw.
And now a word from our sponsor, Conveyor
Opening your inbox to a 200 question, 15 tab macro-enabled workbook containing a customer security questionnaire to complete. Let Conveyor’s AI security questionnaire automation tool, powered by OpenAI, help your answering process go a lot faster. Spend 91% less time on questionnaires when you get precise answers auto-generated for you. Try a free proof of concept to see how fast you can get through questionnaires with Conveyor at www.conveyor.com
More needs to be done for mental health in cybersecurity say studies
The stresses and work demands of cybersecurity are taking a severe toll on the people in charge of preventing and resolving problems, and this is leading to serious mental health issues including burnout, substance abuse, and even suicide. This according to a group of cybersecurity workers speaking to Cyberscoop this past week, with the goal of raising awareness and implementing better protections. The story quotes a study from Tines that showed that “66% of respondents had ‘significant levels of stress at work,’” and one from Gartner that predicted that nearly half of cybersecurity leaders will change jobs by 2025, 25% for different roles entirely, due to work-related stress.
North Korean campaign targeting security researchers
As an additional layer of stress for security researchers, Google’s Threat Analysis Group has announced that North Korea is using a new campaign with at least one actively exploited 0-day being used to target security researchers in the past several weeks. According to their report, “the vulnerability has been reported to the affected vendor and is in the process of being patched.” This campaign is similar to others that the North Korean group has used, basically befriending security researchers through social media platforms like X (formerly Twitter) before sending them a malicious zero-day file.
(The Record and Google TAG)
Associated Press warns AP Stylebook data breach led to phishing attack
Sometime between July 16 and July 22, hackers accessed an old and out-of-use AP Stylebook hosted on a third-party-managed site and stole the PII of 224 customers. This included, for some of these customers, Social Security Number and Employer Identification Numbers. Phishing emails started to arrive shortly afterwards, which raised the alarm. As Bleeping Computer points out, “while this was not a significant data breach, with only 224 customers impacted, the login credentials for journalists and media companies are highly sought after by cybercriminals…for extortion and ransomware attacks, data theft, and cyber espionage.”
Last week in ransomware
According to Bleeping Computer, last week’s highlights were the Department of Justice announcing indictments on members of the TrickBot and Conti operations. These individuals were allegedly involved including overall managing of the cybercrime operation, and developing and encrypting malware. Cisco confirmed a zero-day exploit on Cisco VPN appliances after reports on its use by the Akira ransomware group. Ragnar Locker took responsibility for an attack on an Israeli hospital, claiming to have stolen 1 TB of data.