Security and Windows TCO Leftovers
-
Security Week ☛ Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS
Cupertino’s security response team documented at least 16 vulnerabilities on iPhones and iPads and called special attention to CVE-2024-23296, a memory corruption bug in RTKit that the company says “may have been exploited” prior to the availability of patches.
-
Windows TCO
-
Krebs On Security ☛ How Did Authorities Identify the Alleged Lockbit Boss?
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy, saying the charges don't explain how they connected him to Khoroshev. This post examines the activities of Khoroshev's many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years.
[...]
Federal investigators say Khoroshev ran LockBit as a “ransomware-as-a-service” operation, wherein he kept 20 percent of any ransom amount paid by a victim organization infected with his code, with the remaining 80 percent of the payment going to LockBit affiliates responsible for spreading the malware.
-
The Register UK ☛ 'Cyberattack' shutters Christie's site days before auction
Christie's website remains offline as of Monday after a "technology security issue" shut it down Thursday night – just days before the venerable auction house planned to flog $840 million of art.
-
Security Week ☛ NATO Draws a Cyber Red Line in Tensions With Russia
On May 3, the German government denounced APT28 for a cyberattack against the SPD political party using a Microsoft Outlook vulnerability that allowed “data to be leaked without user interaction”. Germany took a very strong diplomatic position, summoning Russia’s representative, and then recalling its own Russian ambassador for talks. Annalena Baerbock, the German foreign minister, added, “This is absolutely intolerable and unacceptable and will have consequences.”
-
The Register UK ☛ Ransomware negotiator weighs in on the payment debate
In this role, Schmitt has interacted with all of the major ransomware crews. The Register recently caught up with him to discuss the criminal gangs' evolving ransomware tactics, the role he plays in companies' incident response when they have suffered an infection or intrusion, and the larger question of whether ransomware payments should be completely banned. You can watch the full interview below.
-
Security Week ☛ Black Basta Ransomware Hit Over 500 Organizations
The Black Basta ransomware group has hit more than 500 organizations globally, including critical infrastructure entities in North America, Europe, and Australia, the US government warns.
-