LockBit gang doesn’t keep its word, the LockBit bounty, White House tackles U.S. maritime threats
LockBit gang doesn’t keep its word?
The saga of the LockBit takedown continues, with new details emerging that highlight the bad guys are as bad as we imagined. Earlier this week, we reported that two operators of the LockBit ransomware gang were arrested in Poland and Ukraine in an operation dubbed ‘Operation Cronos.’ Law enforcement now reveals that the ransomware group retained victims’ data even after receiving ransom payments and promising victims they would delete the information, (shocking, the bad guys didn’t do what they said they would do.). According to The Record, LockBit’s extortion note promised victims that their information would be deleted upon payment, stating, “If we do not delete your data after payment, then nobody will pay us in the future.” This revelation underscores officials’ reminders that cybercriminals should not be trusted.
The LockBit bounty?
Information that helps identify members or associates of the LockBit ransomware gang could earn you a reward of up to $15 million. The U.S. State Department has announced a $10 million reward for details leading to the discovery or identification of a LockBit leadership member, with an additional $5 million for tips on any ransomware affiliates. A small price compared to the over $144 million taken by the ransomware gang from more than 2,000 victims, as reported by a U.S. State Department spokesperson. If you do have any information on the identity or whereabouts of a LockBit member, please direct information in response to the reward offer to the FBI via Signal at +1-646-258-2533, via Telegram at @LockbitRewards, or by email at [email protected].
White House tackles U.S. maritime threats
The Department of Transportation and the White House released two separate initiatives aimed at bolstering the protection of the U.S. maritime industry from cyber threats on Wednesday. According to Infosecurity Magazine, the president issued an executive order which gives new powers to the Department of Homeland Security to directly address maritime threats by developing new standards for U.S. ports’ networks and systems. The order will also require all cyber incidents or threats to harbors, vessels, ports, or other waterfront facilities to be reported. Meanwhile, the DoT issued a warning on Wednesday, about the threats of Chinese vendors to the U.S. port infrastructure.?
iMessage upgrade to withstand decryption
Apple has announced an addition of a new security layer to iMessages, integrating post-quantum cryptography to bolster defenses against potential future threats posed by quantum computing. In simpler terms, according to TechCrunch, current messaging apps, including iMessage, rely on encryption through a combination of public and private keys. The public key encrypts messages sent, while the private key is utilized by the recipient to decrypt them. Hackers can decrypt messages by exploiting the strength of technology used in today’s cryptographic ciphers. Apple indicates that the evolution of quantum computing could create vulnerabilities in the future but these upgrades are Apple’s proactive approach at stopping the problem.?
领英推荐
Huge thanks to our sponsor, Conveyor
Wi-Fi software vulnerabilities threaten Android, Linux, ChromeOS devices?
Cybersecurity researchers have discovered two authentication bypass flaws in open-source Wi-Fi software that affects Android, Linux, and ChromeOS devices. According to The Hacker News, the flaw exposes users to the risk of unknowingly connecting to malicious networks or allows an attacker to join a trusted network without requiring passwords. The specific vulnerabilities are being tracked are noted in our blog post for this episode (CVE-2023-52160 and CVE-2023-52161). Major Linux distributions and ChromeOS have issued updates to address the flaws. Meanwhile, Android users are urged to manually configure CA certificates for enterprise networks as a preventive measure.?
VoltSchemer attack exposes flaws in wireless chargers
Blowing up key fobs and manipulating a smartphone’s voice assistant with a wireless charger—a sentence I never imagined piecing together, but researchers at the University of Florida and CertiK say it’s possible. The researchers say they’ve discovered a new set of attacks called “VoltSchemer” that can inject voice commands to manipulate a smartphone’s voice assistant through the magnetic field emitted by an off-the-shelf wireless charger, according to Bleeping Computer. The research shows that the attack uses electromagnetic interference to manipulate the charger’s behavior, which can heat a device close to the charge to over 536 degrees Fahrenheit (280°C). For perspective, those temperatures are high enough to cause the battery of a car key fob to explode (we know this because researchers actually tested it). Researchers say the purpose of the experiment was to highlight security gaps to vendors to remove the risk of a VoltSchemer attack.
Immediate patching needed for ConnectWise users
ConnectWise, a provider of remote access software, is urging users to promptly update the self-hosted version of its ScreenConnect product due to critical vulnerabilities. The most severe bug identified received a Common Vulnerability Scoring System (CVSS) score of 10, the highest possible rating. According to ConnectWise, the cloud-based versions of the software have been patched, but organizations using on-prem versions should update immediately to prevent the possibility of remote code execution. TechCrunch reports that although ConnectWise initially stated there was no evidence of public exploitation, the company has since confirmed compromised accounts and identified three IP addresses recently used by threat actors. ConnectWise added that 80 percent of their customer environments are cloud-based and were patched automatically within 48 hours.
Nearly 100,000 thousand impacted by school district ransomware attack
A DC-area school district reported nearly 100,000 people impacted by a ransomware attack before classes resumed last fall. Prince George’s County Public Schools says the information stolen varied from names and financial account information to social security numbers. Although the school district did not identify any specific ransomware group as being behind the attack, it stated that the Rhysida ransomware gang posted the stolen data on its leak site.