The Week in Ransomware – October 13th 2023
Ransomware gangs continue to pummel the enterprise, with attacks causing disruption in business operations and resulting in data breaches if a ransom is not paid.…
Category: Bleeping Computer
October Windows 10 security updates fail to install
Microsoft says Windows 10 security updates released during this month’s Patch Tuesday may fail to install with 0x8007000d errors, although initially displaying progress. On systems…
23andMe hit with lawsuits after hacker leaks stolen genetics data
Genetic testing provider 23andMe faces multiple class action lawsuits in the U.S. following a large-scale data breach that is believed to have impacted millions of…
Kwik Trip IT systems outage caused by mysterious ‘network incident’
Kwik Trip has been impacted by a wide range of mysterious business disruptions since this weekend that are indicative of a ransomware attack. Kwik Trip…
Microsoft plans to kill off NTLM authentication in Windows 11
Microsoft announced earlier this week that the NTLM authentication protocol will be killed off in Windows 11 in the future. NTLM (short for New Technology LAN Manager) is…
Hackers use Binance Smart Chain contracts to store malicious scripts
Cybercriminals are employing a novel code distribution technique dubbed ‘EtherHiding,’ which abuses Binance’s Smart Chain (BSC) contracts to hide malicious scripts in the blockchain. The…
CISA shares vulnerabilities, misconfigs used by ransomware gangs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled additional details regarding misconfigurations and security vulnerabilities exploited by ransomware gangs, aiming to help critical…
FBI shares AvosLocker ransomware technical details, defense tips
The U.S. government has updated the list of tools AvosLocker ransomware affiliates use in attacks to include open-source utilities along with custom PowerShell, and batch…
Malicious Solana, Kucoin packages infect NuGet devs with SeroXen RAT
Malicious NuGet packages appearing to have over 2 million downloads impersonate crypto wallets, crypto exchange, and Discord libraries to infect developers with the SeroXen remote access…
Ransomware attacks now target unpatched WS_FTP servers
Internet-exposed WS_FTP servers unpatched against a maximum severity vulnerability are now targeted in ransomware attacks. As recently observed by Sophos X-Ops incident responders, threat actors…
New Microsoft bug bounty program focuses on AI-powered Bing
Microsoft announced a new AI bounty program focused on the AI-driven Bing experience, with rewards reaching $15,000. With the AI-powered Bing experience as the first…
Apple fixes iOS Kernel zero-day vulnerability on older iPhones
Apple has published security updates for older iPhones and iPads to backport patches released one week ago, addressing two zero-day vulnerabilities exploited in attacks. “Apple is…