Security and Windows TCO Leftovers

posted by Roy Schestowitz on Feb 21, 2025

• Security Week ☛ VC Firm Insight Partners Hacked

  Venture capital firm Insight Partners has been targeted in a cyberattack that involved unauthorized access to its information systems.

• SANS ☛ Using ES|QL in Kibana to Queries DShield Honeypot Logs, (Thu, Feb 20th)

• Security Week ☛ New FrigidStealer macOS Malware Distributed as Fake Browser Update

  A recently identified macOS infostealer named FrigidStealer has been distributed through a compromised website, as a fake browser update.

• Windows TCO / Windows Bot Nets

  • Silicon Angle ☛ CISA and FBI warns Ghost ransomware is targeting critical infrastructure and businesses

    The group behind Ghost ransomware allegedly operates out of China and has targeted organizations in more than 70 countries, including critical infrastructure, schools, healthcare, government networks and businesses, for financial gain.

  • The Record ☛ China-linked hackers target European healthcare orgs in suspected espionage campaign

    The flaw, tracked as CVE-2024-24919, allows attackers to access sensitive data on Check Point’s Security Gateway. The vulnerability likely enabled the hackers to steal user credentials and access virtual private networks (VPNs) using legitimate accounts, the researchers said.

  • The Register UK ☛ Microsoft Azure outage hits Norway for hours

    Norwegians fell victim to a prolonged Microsoft Azure outage today, which impacted businesses and took down multiple government websites delivering online services to citizens.

    According to Down Detector, the problems first showed up at 9am local time and lasted for more than three hours, though The Reg could find no official indication on the Azure health dashboard that the services were offline – and we're not the only ones.

  • The Register UK ☛ Medusa extortion gang demands $2M from UK's HCRG Care Group

    Previously known as Virgin Care and now owned by Twenty20 Capital, HCRG runs child and family health and social services across the UK for the NHS and local authorities, with a workforce said to number 5,000. Its annual turnover to March 2023, its latest available figure, was just shy of £250 million ($315 million).

  • The Register UK ☛ Feds warn Ghost ransomware crew remains active, potent

    The operators of Ghost ransomware continue to claim victims and score payments, but keeping the crooks at bay is possible by patching known vulnerabilities and some basic infosec actions, according to a joint advisory issued Wednesday by the FBI and US Cybersecurity and Infrastructure Security Agency.

  • Security Week ☛ Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines

    Researchers at Symantec and Trend Micro separately discovered sophisticated tools, once deployed exclusively for nation-state level cyberespionage, in financially motivated extortion schemes, suggesting deliberate collusion or even the possibility that members of APT groups are moonlighting as ransomware criminals.

    In one striking case, Symantec threat hunters documented an incident where a toolset typically linked to China-based espionage was used against an Asian software and services company.

  • Cyble Inc ☛ Ghost Ransomware Strikes Again—Is Your Organization At Risk?

    A Ghost ransomware group also referred to as Cring, has been actively exploiting vulnerabilities in software and firmware as recently as January 2025, according to an alert issued Wednesday by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA).

    Operating from China, Ghost has been targeting [Internet]-facing services with unpatched security flaws—some of which could have been mitigated years ago. Cybersecurity researchers first detected the group’s activities in 2021, and their recent attacks continue to compromise organizations across more than 70 countries, including within China itself.

  • 404 Media ☛ Beverly Hills Plastic Surgeon Sued for Not Telling Patients Hackers Stole Their Nude Photos

    A class-action lawsuit filed against the surgeon claims he also did nothing to protect his patients’ data, including their financial information and nude photos of them.

  • SANS ☛ XWorm Cocktail: A Mix of PE data with PowerShell Code, (Wed, Feb 19th)

    While hunting, I spent some time trying to deobfuscate a malicious file discovered on VT. It triggered my PowerShell rule. At the end, I found two files that look close together:

  • The Register UK ☛ Microsoft Power Pages websites attacked via security hole • The Register