Security Leftovers and Windows TCO

posted by Roy Schestowitz on Oct 22, 2024

• Cyble Inc ☛ Fake WordPress Plugins Prompt Users To Install Malware

  The malicious campaign, based on a new variant of the ClickFix fake browser update malware, has infected more than 6,000 sites with fake WordPress plugins since June 2024. Overall, ClickFix has now compromised more than 25,000 sites since August 2023, according to the GoDaddy security team.

• LWN ☛ Security updates for Monday

  Security updates have been issued by Debian (asterisk, chromium, php-horde-mime-viewer, and php-horde-turba), Fedora (apache-commons-io, buildah, chromium, containers-common, libarchive, libdigidocpp, oath-toolkit, podman, rust-hyper-rustls, rust-reqwest, rust-rustls-native-certs, rust-rustls-native-certs0.7, rust-tonic, rust-tonic-build, rust-tonic-types, rust-tower, rust-tower-http, rust-tower-http0.5, rust-tower0.4, thunderbird, and unbound), SUSE (buildah, chromedriver, chromium, element-desktop, element-web, jetty-annotations, nodejs-electron, php7, php74, php8, podman, python3-virtualbox, qemu, thunderbird, and valkey), and Ubuntu (amd64-microcode).

• Windows TCO

  • The Record ☛ Internet Archive hacker claims to still have access, responds to Zendesk support tickets

    The platform has been struggling for more than a week after it rode out a distributed denial-of-service (DDoS) attack and someone defaced its website. A [cracker] also stole data on 31 million users of the platform that included usernames, emails and encrypted passwords.

  • The Record ☛ Japanese watchmaker Casio warns of delivery delays after ransomware attack

    In an update, the company said the October 5 ransomware attack has caused “significant delays in the delivery of items requested for repair, and many items are backlogged.”

  • Threat Source ☛ Akira ransomware continues to evolve

    Their success is partly due to the fact that they are constantly evolving. For example, after Akira already developed a new version of their ransomware encryptor earlier in the year, we just recently observed another novel iteration of the encryptor targeting Windows and Linux hosts alike.

    Previously, Akria typically employed a double-extortion tactic in which critical data is exfiltrated prior to the compromised victim systems becoming encrypted. Beginning in early 2024, Akira appeared to be sidelining the encryption tactics, focusing on data exfiltration only. We assess with low to moderate confidence that this shift was due in part to the developers taking time to further retool their encryptor.