CISA: CISA, FBI, NSA, MS-ISAC Publish Updated #StopRansomware Guide . “The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) today published the #StopRansomware Guide—an updated version of the 2020 guide containing additional recommended actions, resources, and tools.”
Ars Technica: Malware turns home routers into proxies for Chinese state-sponsored hackers. “Researchers on Tuesday unveiled a major discovery—malicious firmware that can wrangle a wide range of residential and small office routers into a network that stealthily relays traffic to command-and-control servers maintained by Chinese state-sponsored hackers.”
Bleeping Computer: New ZIP domains spark debate among cybersecurity experts. “Cybersecurity researchers and IT admins have raised concerns over Google’s new ZIP and MOV Internet domains, warning that threat actors could use them for phishing attacks and malware delivery.”
Washington Post: Computer system used to hunt fugitives is still down 10 weeks after hack. “A key law enforcement computer network has been down for 10 weeks, the victim of a ransomware attack that has frustrated efforts by senior officials to get the system back up and running — raising concerns about how to secure critical crime-fighting operations.”
Smart Cities Dive: Dallas ransomware attack causes critical service outages. “Dallas, the ninth-most populated city in the U.S., is responding and attempting to recover from a ransomware attack that shut down multiple critical systems, including websites for the police department and city hall. The city continues to receive and dispatch emergency 911 calls, and service from police and fire remain unaffected, Dallas said in a statement issued Wednesday night.”
Search Engine Journal: Google Strikes Back: A Legal Victory Against CryptBot Malware Distributors . “Google triumphs in legal action against CryptBot malware distributors, protecting Chrome users and disrupting cybercriminal ecosystems.”
Bleeping Computer: Google ads push BumbleBee malware used by ransomware gangs. “The enterprise-targeting Bumblebee malware is distributed through Google Ads and SEO poisoning that promote popular software like Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace. Bumblebee is a malware loader discovered in April 2022, thought to have been developed by the Conti team as a replacement for the BazarLoader backdoor, used for gaining initial access to networks and conducting ransomware attacks.”
WIRED: Apple’s Macs Have Long Escaped Ransomware. That May Be Changing. “SECURITY RESEARCHERS ARE examining newly discovered Mac ransomware samples from the notorious gang LockBit, marking the first known example of a prominent ransomware group toying with macOS versions of its malware.”
XDA Developers: Despite the best efforts of Google Play Protect, the Play Store is not as safe as it may appear. “Recently, a report from Russian cybersecurity firm Kaspersky’s Secure List detailed how much it costs for different types of malware to function on the Play Store. For example, it costs anywhere from $2,000 to $20,000 to pay for a ‘loader’ that injects an already existing app with malicious code while bypassing Google Play Protect.”
CNBC: FBI warns against using public phone charging stations. “The FBI recently warned consumers against using free public charging stations, saying crooks have managed to hijack public chargers that can infect devices with malware, or software that can give hackers access to your phone, tablet or computer.”
PC Magazine: MSI Confirms Breach as Ransomware Gang Claims Responsibility. “A new statement from MSI says users should avoid downloading firmware and BIOS updates from third-party sources, and instead only obtain such software from the company’s official website. The statement suggests MSI is worried hackers could circulate malicious versions of the company’s BIOS software when the ransomware gang, Money Message, claims it stole the PC maker’s source code.”
Engadget: Biden administration bans federal agencies from using commercial spyware. “In an executive order signed Monday, President Biden barred federal agencies from using commercial spyware that threatens US national security or carries a risk of improper use by foreign governments and individuals. “
Bleeping Computer: Dole discloses employee data breach after ransomware attack. “Fresh produce giant Dole Food Company has confirmed threat actors behind a February ransomware attack have accessed the information of an undisclosed number of employees. Dole employs around 38,000 people worldwide, providing fresh fruits and vegetables to customers in more than 75 countries.”
Bloomberg: Google Suspends Pinduoduo After Finding Malware in Versions. “Google has suspended PDD Holdings Inc.’s main Chinese shopping app Pinduoduo after discovering malware in unsanctioned versions of the software, dealing a blow to one of the country’s biggest online retailers.”
Tom’s Guide: Look out! These AI-generated YouTube tutorials are spreading dangerous malware. “According to a new report(opens in new tab) from the no-code platform CloudSEK, there has been a 200-300% month-to-month increase since November of last year of YouTube videos containing malicious links in their descriptions. These links take unsuspecting users to fake sites where their devices are infected with the Vidar, RedLine, Raccoon and other info-stealing malware.”
