Maze ransomware adopts Ragnar Locker virtual machine approach

The people behind Maze ransomware are now distributing payloads through virtual machines as a method for getting around endpoint defenses. According to researchers with Sophos Managed Threat Response, the threat actors were recently seen distributing the malware in a VDI file which hid inside a Windows program installation-and-removal MSI file. The virtual machine then can run as a trusted application, since most antivirus defenses only have visibility into physical drives.


Email addresses and passwords allegedly from NIH, WHO, and Gates Foundation dumped online

These groups and others, all related to the battle against the coronavirus pandemic, were alerted by the SITE Intelligence group, which allegedly discovered 25,000 email addresses and passwords on Pastebin, and later on in some far right extremist channels. It is thought the stolen credentials would be used as part of a harassment campaign, but the extent of the risk is difficult to quantify given that multifactor authentication and similar protections are widely used by these organizations

(Washington Post)

Russian hackers use fake NATO training documents to breach government networks

A Russian hacker group is behind a targeted attack campaign aimed at government bodies, delivering a strand of Zebrocy Delphi malware disguised as NATO training materials. The malware was hidden inside JPEG files which were themselves packaged in a ZIP file that resembled a training course. Experts say the technique avoids most antivirus programs because JPEG files are parsed from the beginning of the file whereas ZIP implementations are parsed from the end of the file without looking at the signature in the front.

(Bleeping Computer)

WhatsApp may be adding fingerprint authentication to its desktop app

With competition and cybercrime both expanding in the smartphone-based messaging space, WhatsApp, owned by Facebook, is seeking to make the connection between the desktop app and the phone app more secure. The desktop app relies on a user’s phone as the connection point to WhatsApp, and the connection between the two is a security weak point. This new fingerprint authentication feature, which will remain on the phone, has been spotted in the latest beta build of the Android client and will likely be available for iOS as well soon.


Thanks to this week’s sponsor, Trusona

Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around.

CIA’s Skunkworks lab promises profits for inventors

Facing increasing competition from the private sector, the CIA is now offering cash incentives in an effort to attract and retain technical talent. The initiative, announced Monday, will allow CIA officers to publicly file patents and collect 15 percent of the total income from the new invention with a cap of $150,000 per year. That could double most agency salaries and make the work more competitive with Silicon Valley.

(MIT Technology Review)

British hacker sentenced to 5 years for cyber extortion

Nathan Wyatt, a 39 year-old UK resident and member of the Dark Overlord hacking group, has been sentenced to five years in prison and ordered to pay almost $1.5 million in restitution after pleading guilty on Monday at U.S. federal district court in St. Louis, Missouri. According to court documents, Wyatt has attacked multiple healthcare providers and accounting firms in Missouri and Illinois, part of a long string of extortion and hacking crimes that also includes Netflix, a cancer charity, and a member of the British Royal Family.

(The Hacker News)

Ransomware actors are forming cartels

Ransomware attackers are starting to band together, forming cartels that share information, intelligence and techniques and forming into business-like organizations. The Department of Homeland Security has identified specific roles within ransomware organizations such as the malware office, ransom negotiators, and money mules who move the money to the head office. Currently 41 percent of all cybersecurity insurance claims come from ransomware attacks, and experts say the pandemic and economic downturn will only make things worse.

(CSO Online)

Old TV caused 18 month long broadband outage in Wales

A homeowner in a small Welsh town inadvertently caused broadband outages for 18 months, whenever he switched on his old TV set. At 7 a.m. every day, the town’s broadband signal would be silenced by a large burst of electrical interference. It took engineers a few days, using a spectrum analyzer to locate the source, which turned out to be an old model television emitting a single high-level impulse noise. The homeowner said he felt mortified by his mistake and has promised not to use that TV again.

(BBC News)