The residents of the largest city in South Africa Johannesburg were left without electricity due to the attack of the cryptographer on the net company City Power, responsible of its energy supply. Malware encrypted databases, applications and network. What about the extortionist in question has not yet been reported.
Criminals distribute e-mail ransomware Sodinokibi (also known as REvil and Sodin), posing as employees of the German Federal office for information security. Intizarova system, the malware removes the shadow copies of files and disables the Windows startup repair. Then Sodinokibi to encrypt files on the system and their recovery requires $2500 in bitcoins, after this period, the amount increases to $5,000
Grouping Intrusion Truth revealed the identity of the alleged members of cybergraphic APT17 (aka DeputyDog, Team Tailgater, Hidden Lynx, Voho, Group 72 and AuroraPanda), presumably associated with the Chinese government. One of them owns four companies in China and is alleged to be the employee of the Ministry of public security of China. The remaining two participants were employees of these companies.
The Federal trade Commission and Facebook have signed an agreement, which obliges the company to pay a fine of a record $5 billion for the use of confidential user data. Facebook also needs to change the policy of handling of personal data and to strengthen their protection.
FIN8 group continues to develop and adapt their tools. According to experts, cyber criminals have added to their Arsenal for new malware attacks on PoS-terminals, called BADHATCH.
Apple was suspected of wiretapping and voice command users. According to available information, the company employs workers who listen to private conversations and voice commands of users in order to improve the work of the virtual assistant Siri.
Attackers attack available on the Internet Elasticsearch clusters with the aim to turn them into DDoS botnets. In multi-stage attacks, attackers used a script to embed a backdoor, capable of stealing information and carry out DDoS attacks.
Cyber criminals are attacking vulnerable servers, Jira and Exim with the purpose of infecting their new version of Linux-Trojan Watchbog and mining Monero cryptocurrency. Fresh variant of the malware exploits a newly discovered vulnerability in the implementation template (template injection) in Jira (CVE-2019-11581), which allows to execute remote code. The malware also uses RCE-vulnerability in Exim (CVE-2019-10149), allowing attackers to execute commands with root privileges.
Read more •••