Title: Tor Project Upgrades Network Speed Performance with New System
Date Published: May 5, 2022
Excerpt: “The Tor Project has published details about a newly introduced system called Congestion Control that promises to eliminate speed limits on the network. This new system is up and running in the Tor protocol version 0.4.7.7, the latest stable release available since last week. Congestion Control “will result in significant performance improvements in Tor, as well as increased utilization of our network capacity,” say the maintainers of the project.”
Title: F5 Warns its Customers of Tens of Flaws in its Products
Date Published: May 5, 2022
https://securityaffairs.co/wordpress/130934/security/f5-flaws.html
Excerpt: “Security and application delivery solutions provider F5 released its security notification to inform customers that it has released security updates from tens of vulnerabilities in its products.
The company addressed a total of 43 vulnerabilities, the most severe one is a critical issue tracked as CVE-2022-1388 (CVSS score of 9.8). An unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses can exploit the CVE-2022-1388 flaw to execute arbitrary system commands, create or delete files, or disable services.”
Title: VHD Ransomware Linked to North Korea’s Lazarus Group
Date Published: May 5, 2022
https://threatpost.com/vhd-ransomware-lazarus-group/179507/
Excerpt: “Cryptocurrency thief Lazarus Group appears to be widening its scope into using ransomware as a way to rip off financial institutions and other targets in the Asia-Pacific (APAC) region, researchers have found. Financial transactions and similarities to previous malware in its source code link a recently emerged ransomware strain called VHD to the North Korean threat actors, also known as Unit 180 or APT35.”
Title: Stealthy APT Group Plunders Very Specific Corporate Email Accounts
Date Published: May 4, 2022
https://www.helpnetsecurity.com/2022/05/04/apt-corporate-email/
Excerpt: “An eminently sophisticated and stealthy APT group is going after specific corporate email accounts and has, on occasion, managed to remain undetected in victim environments for at least 18 months. Catalogued as UNC3524 by Mandiant, the threat actor is also extremely adept at re-gaining access to a victim environment when booted out, “re-compromising the environment with a variety of mechanisms, immediately restarting their data theft campaign.””
Title: Ransomware Payments: Just 46% of Victims Now Pay a Ransom
Date Published: May 5, 2022
https://www.bankinfosecurity.com/blogs/ransomware-payments-just-46-victims-now-pay-ransom-p-3225
Excerpt: “Is the tide finally turning on ransomware? One piece of good news is that the number of organizations hit by ransomware who choose to pay a ransom to their attackers has been declining, reports ransomware incident response firm Coveware. Based on thousands of cases on which it has worked, Coveware says the number of ransomware-hit victims who paid a ransom declining from 85% in Q1 of 2019, to 46% in Q1 of this year.”
Title: Researchers Disclose Years-Old Vulnerabilities in Avast and AVG Antivirus
Date Published: May 5, 2022
https://thehackernews.com/2022/05/researchers-disclose-10-year-old.html
Excerpt: “Two high-severity security vulnerabilities, which went undetected for several years, have been discovered in a legitimate driver that’s part of Avast and AVG antivirus solutions. “These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded,” SentinelOne researcher Kasif Dekel said in a report shared with The Hacker News.
Title: Security and Exchange Commission Doubles Enforcement Team for Crypto Markets
Date Published: May 5, 2022
Excerpt: “Investment company malfeasance has played a key role in cinematic and real-world incidents in recent years. Hence, the U.S. Securities and Exchange Commission is eager to reduce negative appearances. The SEC announced May 3 that it will be adding 20 new positions to its enforcement team for crypto markets in an effort to find fraud in the financial industry. The regulator also said that it is henceforth naming this team of 50 employees the “Crypto Assets and Cyber Unit.””
Title: China-Backed Winnti APT Siphons Reams of US Trade Secrets in Sprawling Cyber-Espionage Attack
Date Published: May 4, 2022
https://www.darkreading.com/attacks-breaches/china-winnti-apt-trade-secrets-us
Excerpt: “China’s Winnti cyberthreat group has been quietly stealing immense stores of intellectual property and other sensitive data from manufacturing and technology companies in North America and Asia for years. That’s according to researchers from Cybereason, who estimate that the group has so far stolen hundreds of gigabytes of data from more than 30 global organizations since the cyber-espionage campaign began. Trade secrets are a big part of that, they said, including blueprints, formulas, diagrams, proprietary manufacturing documents, and other business-sensitive information.“
Title: Heroku Admits that Customer Credentials were Stolen in Cyberattack
Date Published: May 5, 2022
Excerpt: “Heroku has now revealed that the stolen GitHub integration OAuth tokens from last month further led to the compromise of an internal customer database. The Salesforce-owned cloud platform acknowledged the same compromised token was used by attackers to exfiltrate customers’ hashed and salted passwords from “a database.” Heroku’s update comes after BleepingComputer reached out to Salesforce yesterday.”
Title: Experts Linked Multiple Ransomware Strains North Korea-backed APT38 Group
Date Published: May 4, 2022
https://securityaffairs.co/wordpress/130892/apt/ransomware-strains-linked-to-nk-apt38.html
Excerpt: “The ransomware was employed in attacks on financial institutions, experts estimated that APT38 (Unit 180 of North Korea’s cyber-army Bureau 121) has stolen at hundreds of million dollars from banks worldwide. APT38 appears to be a North Korea-linked group separate from the infamous Lazarus group, it has been active since at least 2014 and it has been observed targeting over 16 organizations across 11 countries.”