SC Magazine: Hackers rush to new doc builder that uses Macro-exploit, posing as DocuSign

SC Magazine: Hackers rush to new doc builder that uses Macro-exploit, posing as DocuSign. “Researchers at Intel471 have identified a new malicious document builder that has gone from a new, relatively unknown exploit to being incorporated into the attack chains of top cybercriminal groups in less than a year. The builder, dubbed EtterSilent, comes in two flavors: one version exploits an old remote code execution vulnerability in Microsoft Office and another uses a Macro-based exploit and is designed to look like DocuSign, a popular software program that allows individuals or businesses to electronically sign documents.”

‘We have your porn collection’: The rise of Extortionware (BBC)

BBC: ‘We have your porn collection’: The rise of Extortionware. “Cyber-security companies are warning about the rise of so-called ‘extortionware’ where hackers embarrass victims into paying a ransom. Experts say the trend towards ransoming sensitive private information could affect companies not just operationally but through reputation damage. It comes as hackers bragged after discovering an IT Director’s secret porn collection.”

SC Magazine: Policyholders may be the primary target in hack of cyber insurance provider CNA

SC Magazine: Policyholders may be the primary target in hack of cyber insurance provider CNA. “Insurance firm CNA Financial, a prominent provider of cyber insurance, confirmed a cyberattack against its systems, which has some concerned that cybercriminals may target policyholders. Cybercriminals generally know that companies represented by a cyber insurance company are more likely to pay a large ransomware demand than an uninsured business that doesn’t have the financial backing.”

Bleeping Computer: Computer giant Acer hit by $50 million ransomware attack

Bleeping Computer: Computer giant Acer hit by $50 million ransomware attack. “Computer giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000. Acer is a Taiwanese electronics and computer maker well-known for laptops, desktops, and monitors. Acer employs approximately 7,000 employees and earned $7.8 billion in 2019.”

BetaNews: Phishing campaign uses US tax season to lure victims

BetaNews: Phishing campaign uses US tax season to lure victims . “Researchers at Cybereason have detected a new campaign targeting US taxpayers with documents that purport to contain tax-related content. These deliver NetWire and Remcos — two powerful and popular RATs which can allow attackers to take control of the victims’ machines and steal sensitive information. The malicious documents used are roughly 7MB in size, which allows them to evade traditional AV mechanisms and heuristic detection.”

ZDNet: Malicious apps on Google Play dropped banking Trojans on user devices

ZDNet: Malicious apps on Google Play dropped banking Trojans on user devices. “On Tuesday, Check Point Research (CPR) said in a blog post that the Android applications appear to have been submitted by the same threat actor who created new developer accounts for each app. The dropper was loaded into otherwise innocent-looking software and each of the 10 apps were utilities, including Cake VPN, Pacific VPN, BeatPlayer, QR/Barcode Scanner MAX, and QRecorder.”

StateTech Magazine: New Forms of Ransomware and 5G Smart City Attacks Could Cause Real Harm, Expert Warns

StateTech Magazine: New Forms of Ransomware and 5G Smart City Attacks Could Cause Real Harm, Expert Warns. “The threat of ransomware attacks for state and local governments has been an ever-present peril over the past several years, one that has gotten worse, experts say. What’s more, the threat is likely going to evolve to attack cloud service providers that host government services. That’s according to cybersecurity expert Theresa Payton, who detailed her IT security predictions for 2021 and 2022 during a recent webinar sponsored by CDW and Intel.”

NBC News: Ripe for extortion? Navajo Nation hospital targeted by large-scale ransomware hack

NBC News: Ripe for extortion? Navajo Nation hospital targeted by large-scale ransomware hack. “Last year, at least 560 health care facilities were infected with ransomware, according to a survey from the cybersecurity company Emsisoft. In October, amid a particularly brutal wave of attacks, several federal agencies issued warnings of ‘an increased and imminent cybercrime threat’ to hospitals. An advisory from the American Hospital Association laid out how the Covid-19 pandemic had encouraged cybercriminals ‘to exploit, victimize and profit’ from ransomware attacks.”

Ransomware: Sharp rise in attacks against universities as learning goes online (ZDNet)

ZDNet: Ransomware: Sharp rise in attacks against universities as learning goes online. “The number of ransomware attacks targeting universities has doubled over the past year and the cost of ransomware demands is going up as information security teams struggle to fight off cyberattacks. Analysis of ransomware campaigns against higher education found that attacks against universities during 2020 were up 100 percent compared to 2019, and that the average ransom demand now stands at $447,000.”

Associated Press: Cybercops derail malware botnet, FBI makes ransomware arrest

Associated Press: Cybercops derail malware botnet, FBI makes ransomware arrest. “European and North American cyber cops have joined forces to disrupt what may be the world’s largest network for seeding malware infections. The operation appears to strike a major blow against criminal gangs that have used that network for years to install ransomware for extortion schemes and to steal data and money.”

The Verge: Chrome is blocking popular extension The Great Suspender, but there’s a way to recover your tabs

The Verge: Chrome is blocking popular extension The Great Suspender, but there’s a way to recover your tabs. “Google has apparently blocked The Great Suspender extension from Chrome, with existing users now receiving a message that it has ‘been disabled because it contains malware.’ It’s also been removed from the Chrome Web Store, with any links to it now leading to a 404 page. Some are worried about losing their tabs, but Reddit users have found a way to recover them (via XDA-Developers’ Mishaal Rahman).”

The Register: Clop ransomware gang clips sensitive files from Atlantic Records’ London ad agency The7stars, dumps them online

The Register: Clop ransomware gang clips sensitive files from Atlantic Records’ London ad agency The7stars, dumps them online. “The attack appears to have happened after 15 December, when The7stars’ annual return was prepared for filing with Companies House. While the document talks in length about its healthy financial performance, it mentions nothing about cyber risks or attacks. Screenshots published on the Clop gang’s Tor website show scans of passports, invoices, what appears to be a photo from a staff party and, ironically, a ‘data protection agreement.’”