FCC moves forward with BGP security, LockBit victims get lifeline, Gitloker attacks target GitHub
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts , RSS link , add as an Alexa Skill , or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
FCC moves forward with BGP security measures
The Federal Communications Commission unanimously voted to advance a proposal to improve the security of the Border Gateway Protocol (BGP) for the internet. Under this proposal, broadband providers must develop and maintain private BGP security plans, with the top nine providers submitting quarterly progress reports to the FCC. The commission highlighted current BGP vulnerabilities that have been exploited by a Chinese telecommunications company to misroute U.S. internet traffic multiple times. Additionally, the FCC approved a $200 million pilot program to help schools and libraries purchase cybersecurity equipment, despite opposition.??
LockBit ransomware gang victims get lifeline from FBI
Are you or someone you know a victim of the LockBit ransomware gang? The FBI’s Cyber Division says they can help. A spokesperson for the agency said they have obtained more than 7,000 LockBit ransomware decryption keys and are urging victims to reach out to the FBI’s Internet Crime Complaint Center (IC3).? The report asks for information such as which version of LockBit was used to encrypt your system, what files were encrypted, and a copy of the ransom note.
Gitloker attacks target GitHub repositories
New Gitloker attacks are targeting GitHub repositories, wiping their contents, and instructing victims to contact the attackers on Telegram. According to the researcher who discovered the attack, the attackers use stolen credentials to compromise accounts, claim to have created a backup, and rename the repository with a README.me file containing the ransom note. The note states the data has been compromised and secured, urging victims to reach out on Telegram.?
U.S. seeks to recover over $5 million lost in BEC scam
The US government has filed a civil forfeiture action to recover over $5.3 million lost by a Massachusetts workers union in a business email compromise (BEC) scam. The union, which was not named was tricked in January 2023 by cybercriminals using a spoofed email from a trusted investment firm, leading to a $6.4 million transfer. Security Week reports, while some of the money was sent to cryptocurrency exchanges and bank accounts in Hong Kong, China, Singapore and Nigeria, authorities have traced $5.3 million to bank accounts at JPMorgan Chase and Texas Bank and Trust, which have now been seized.
领英推荐
Thanks to today’s episode sponsor, Conveyor
Old ThinkPHP vulnerabilities exploited in new attacks
A new warning from Akamai researchers as they have found Chinese hackers exploiting old remote code execution vulnerabilities in ThinkPHP, targeting content management systems using outdated versions of the framework. These vulnerabilities, CVE-2018-20062 and CVE-2019-9082, were patched over five years ago but are now being exploited in new attacks due to the availability of proof-of-concept code and unpatched systems.The attackers use the Dama web shell to navigate the file system, tamper with local files, and escalate privileges.?
Pandabuy extorted again after paying initial ransom
Chinese shopping platform PandaBuy told BleepingComputer it previously paid a ransom to prevent stolen data from being leaked, only to be extorted again by the same threat actor this week. Pandabuy, which facilitates international purchases from Chinese e-commerce sites like Tmall, Taobao, and JD.com , suffered a data breach on March 31, 2024. The attacker, ‘Sanggiero,’ published 3 million rows of customer data after exploiting critical vulnerabilities in Pandabuy’s API. The attacker is now allegedly offering to sell what he claims is the entire database for $40,000, while PandaBuy says “ We cannot continue to pay the hacker fees due to frozen funds” and “ We cannot cooperate with him in the future.”
Mallox ransomware targets VMWare ESXi with new Linux variant
The Mallox ransomware group, also known as TargetCompany, is now targeting VMWare ESXi environments with a new Linux variant that uses a custom shell script for payload delivery and execution, which is a first for the group. This script not only deploys ransomware but also exfiltrates victim information to two servers, ensuring the attackers have a backup. The variant specifically checks for high-level user privileges and VMWare ESXi environments before proceeding with an attack. This tactic aims to disrupt operations more effectively and increase the chances of a ransom payout, with recent activity seen across Asia.?
Apple to debut rival password management app?
Apple is saying move over 1Password and LastPass. According to Bloomberg, the tech giant plans to launch its competing password management app as early as next week. The new app, called Passwords, is similar to iCloud Keychain in that it will sync passwords the same way, but the new app will separate logins into different categories, including accounts, Wi-Fi networks, and passkeys. The new app is expected to be introduced on June 10 and available in iOS 18, iPadOS 18, and macOS 15.