News

Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday.

Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure.

The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures," CloudSEK said in a new report. AndroxGh0st is the name given to a Python-based cloud attack tool that's known for its targeting of Laravel applications with the goal of sensitive data pertaining to services like Amazon Web Services (AWS), SendGrid, and Twilio. Active since at least 2022, it has previously leveraged flaws in the Apache web server (CVE-2021-41773), Laravel Framework (CVE-2018-15133), and PHPUnit (CVE-2017-9841) to gain initial access, escalate privileges, and establish persistent control over compromised systems

In an unusually specific campaign, users searching about the legality of Bengal Cats in Australia are being targeted with the GootLoader malware. "In this case, we found the GootLoader actors using search results for information about a particular cat and a particular geography being used to deliver the payload: 'Are Bengal Cats legal in Australia?,'" Sophos researchers Trang Tang, Hikaru Koike, Asha Castle, and Sean Gallagher said in a report published last week. GootLoader, as the name implies, is a malware loader that's typically distributed using search engine optimization (SEO) poisoning tactics for initial access.

Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. "Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said. "Threat actors leveraged an unconventional blend of memory management functions – malloc, memmove, and memcmp – to execute malicious code directly in the memory. This approach deviates from the typical sequential execution flow seen in widespread ransomware types, enhancing its stealth capabilities." Kaspersky said it observed the ransomware used in a cyber attack targeting an unnamed organization in Colombia, with the threat actors previously delivering the RustyStealer malware to gather corporate credentials. It's believed that the stolen credentials were used to gain unauthorized access to the company's network in order to deploy the ransomware. While there typically exists a hand-off between an initial access broker and the ransomware crew, it's not clear if that's the case here. "If the brokers are indeed the same actors who deployed the ransomware, this could signal a new trend, creating additional hijacking options without relying on traditional Ransomware-as-a-Service (RaaS) groups," Kaspersky researcher Cristian Souza said.

Farhan Asif was accused of posting an article on his website falsely claiming that a Muslim asylum seeker was suspected in a knife attack on children.

Stuxnet was not an ordinary piece of malware. Its design reflected a level of sophistication unprecedented in the realm of cyber weapons.

Earlier Zakharova said that the ministry had been targeted by a large-scale distributed denial-of-service attack (DDoS).

1. CrowdStrike releases root cause analysis of outage Following July's global IT outage, which affected millions of Windows users, CrowdStrike has released a root cause analysis of the "Channel File 291" incident, explaining the software update crash. Summarizing this update to a preliminary post-incident report, Security Week said: "The new CrowdStrike root cause analysis documents a combination of factors that caused the Falcon EDR sensor crash – a mismatch between inputs validated by a Content Validator and those provided to a Content Interpreter, an out-of-bounds read issue in the Content Interpreter, and the absence of a specific test – and a vow to work with Microsoft on secure and reliable access to the Windows kernel." In the analysis document, CrowdStrike confirmed its commitment "to working directly with Microsoft on an ongoing basis as Windows continues to add more support for security product needs in userspace”. 2. US infrastructure vulnerable to cyberattacks, experts warn Hundreds of digital systems controlling US infrastructure are vulnerable to cyberattacks, according to research by cybersecurity firm Censys, shared with Bloomberg News. Over 430 industrial software controls were found to be accessible online, with more than half lacking authentication protections. Lead researcher Emily Austin stated, "There’s no password. They are quite literally sitting on the public internet for anybody who happens to find them to come and manipulate them as they will." A graphic showing the number of worldwide political cyber attacks aimed at different sectors.

Alexander “Connor” Moucka was arrested this week by Canadian authorities for allegedly carrying out a series of hacks that targeted Snowflake’s cloud customers. His next stop may be a US jail.