Lifeboat Foundation

Businesses around the world rushed Saturday to contain a ransomware attack that has paralyzed their computer networks, a situation complicated in the U.S. by offices lightly staffed at the start of the Fourth of July holiday weekend.

It’s not yet known how many organizations have been hit by demands that they pay a ransom in order to get their systems working again. But some cybersecurity researchers predict the attack targeting customers of software supplier Kaseya could be one of the broadest ransomware attacks on record.

It follows a scourge of headline-grabbing attacks over recent months that have been a source of diplomatic tension between U.S. President Joe Biden and Russian President Vladimir Putin over whether Russia has become a safe haven for cybercriminal gangs.

User records from a popular no-logs VPN service were obtained following a data breach.

A hacker has obtained LimeVPN’s entire database from a backup of its website which they are now selling online.

Russian military intelligence tied to the group Fancy Bear are using brute force techniques to infiltrate the networks of government and private sector organizations, a joint advisory from US and UK cybersecurity agencies said.

Answer.

Financially motivated cybercriminals are increasingly turning to Cobalt Stike, a legitimate tool that cybersecurity professionals use to test system security, researchers at Proofpoint found.

The cybersecurity firm declined to disclose specific numbers but reported a 161% increase in attacks using Cobalt Strike in 2020 compared to 2019. Proofpoint researchers have already seen tens of thousands of organizations targeted by the tool this year and expect those numbers to climb in 2021, according to the report the firm released Tuesday.

Continue reading “Cybercriminals are deploying legit security tools far more than before, researchers conclude” »

Ransomware continues to grow more sophisticated and lucrative, and now security firm LIFARS says operators have built a Silicon Valley-like VC ecosystem.

Redmond’s legendary QA strikes again.

SAN FRANCISCO, June 25 (Reuters) — Microsoft (MSFT.O) said on Friday an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers.

The company said it had found the compromise during its response to hacks by a team it identifies as responsible for earlier major breaches at SolarWinds (SWI.N) and Microsoft.

Microsoft said it had warned the affected customers. A copy of one warning seen by Reuters said the attacker belonged to the group Microsoft calls Nobelium and that it had access during the second half of May.

The artificial intelligence revolution is just getting started. But it is already transforming conflict. Militaries all the way from the superpowers to tiny states are seizing on autonomous weapons as essential to surviving the wars of the future. But this mounting arms-race dynamic could lead the world to dangerous places, with algorithms interacting so fast that they are beyond human control. Uncontrolled escalation, even wars that erupt without any human input at all.

DW maps out the future of autonomous warfare, based on conflicts we have already seen – and predictions from experts of what will come next.

Continue reading “How AI is driving a future of autonomous warfare | DW Analysis” »

Rather than steal credentials or hold data for ransom, a recent campaign observed by Sophos prevents people from visiting sites that offer illegal downloads.

The objective of most malware is some kind of gain — financial or otherwise — for the attackers who use it. However, researchers recently observed a unique malware with a single intent: Blocking the infected computers from visiting websites dedicated to software piracy.

The malware (which SophosLabs principal researcher Andrew Brandt called “one of the strangest cases I’ve seen in a while”) works by modifying the HOSTS file on the infected system, in a “a crude but effective method to prevent a computer from being able to reach a web address,” he wrote in a report published Thursday.