VPN brute-force attacks, water utilities bill, LockBit developer extradited
In today’s cybersecurity news…
Black Basta creates tool to automate VPN brute-force attacks
BRUTED is the name of an automated brute-forcing framework designed to breach edge networking devices like firewalls and VPNs. It was discovered by a researcher from threat intelligence platform maker EclecticIQ following “an examination of the ransomware gang’s leaked internal chat logs.” This discovery suggests Black Basta has been using this at least since 2023, and was designed to target technologies from SonicWall, Palo Alto Networks, Cisco, Fortinet, Citrix, Microsoft, and WatchGuard.
Bipartisan Senate bill offers improved cybersecurity for water utilities
The bill is being re-introduced by Senators Catherine Cortez Masto of Nevada and Mike Rounds of South Dakota, after previous legislation was stalled during the 118th Congress. Named the Cybersecurity for Rural Water Systems Act, bill would “update and expand the Department of Agriculture’s Circuit Rider Program, which provides technical assistance to rural water systems.” A press release announcing the bill, states that “just 20% of water and wastewater systems across the U.S. have basic cyber protections.”
LockBit developer extradited from Israel, appears in New Jersey court
Following up on a story we covered last December, 51-year-old Rostislav Panev, who is accused of being the developer of the LockBit ransomware, has been brought to the U.S. to face 40 charges related to dozens of LockBit ransomware attacks. The Justice Department had been pressing for Panev’s extradition since unsealing an indictment against him in December. Aside from being caught with credentials for a LockBit developer repository, Panev is also accused of sending direct messages to LockBit’s suspected primary administrator, Dimitry Yuryevich Khoroshev, who is still at large.
Recent Windows updates make USB printers print random text
This problem may affect some connected dual-mode printers that support both USB Print and IPP Over USB protocols, said Microsoft. The problem arises from Windows updates released since January 29 and applies to Windows 10 (version 22H2) and Windows 11 (versions 22H2 and 23H2). The latest Windows 11 24H2 is not impacted. “You might observe that the printer unexpectedly prints random text and data, including network commands and unusual characters,” said Microsoft. A fix is already available through a Known Issue Rollback (KIR) but will also be repaired in a future update.
Huge thanks to our sponsor, DeleteMe
Malicious PyPI packages steal cloud tokens
Researchers from ReversingLabs are warning of a campaign targeting users of the Python Package Index (PyPI) repository with “bogus libraries masquerading as time related utilities but harboring hidden functionality to steal sensitive data such as cloud access tokens.” Time-related means that half of the package files include the word “time” in their titles, such as “time-check-server-get.” These time-related packages were used to upload data to the threat actor’s infrastructure, while another set, many of which have the word “client” in their names, “consist of packages implementing cloud client functionalities for several services like Alibaba Cloud, Amazon Web Services, and Tencent Cloud.” The researchers say these packages all together have been downloaded over 14,000 times.
Sentence upheld for former Uber cyber executive Joe Sullivan?
The former chief security officer of Uber who was convicted of obstruction of justice charges in 2023 was appealing several aspects of his sentence and charges, arguing that “the district court made several mistakes in rejecting two of his proposed instructions to the jury regarding one of the charges and … unfairly allowing the guilty plea signed by one of the hackers into the case.” Sullivan was “given three years’ probation by a U.S. federal judge in 2023 after a federal jury convicted him of two charges related to his attempted coverup of a 2016 security incident at Uber, where hackers stole the personal details of 57 million customers and the personal information of 600,000 Uber drivers.”
Denmark warns of Europe telecom threat
The cybersecurity agency of Denmark made this warning in a threat assessment published last Thursday warning of “an increase in state-sponsored cyber espionage activities targeting the telecommunications sector in Europe.” Although no direct mention of Salt Typhoon’s activities in the U.S. was made in the statement, nor has there been any confirmation of Salt Typhoon activity in Europe, the Danish agency stated “there have been several attempts at cyber espionage against the European telecommunications sector in the past few years,” and it worries that European governments may “lack the political incentives to make a public attribution even if China is identified as responsible.”
Micronesian island suffers cyberattack
To show that nowhere on earth is safe from cybercrime, the tiny island nation of Yap has suffered a ransomware attack, forcing the shutdown of all computers in its government health agency. Yap is one of the four states of the Federated States of Micronesia (FSM) and is located in the middle of the Pacific Ocean equidistant between the Philippines and Guam. Health officials from the island announced the attack, which occurred on March 11, on Facebook, stating that health services are still continuing, but are slower due to systems having been taken offline.
Security Professional at Anticounterfeit Ltd
6 天前Curious about real impact