LockBit Ransomware Gang Earned $91 Million

andreasc
-
0
LockBit Ransomware Gang Earned $91 Million
[ad_1]
LockBit Ransomware Gang

LockBit was one of the most widely used ransomware in 2022, targeting both small and large organizations irrespective of their size or net worth.

The threat actor group deploying this LockBit ransomware was working as a RaaS (Ransomware-as-a-service) based group with affiliates working anonymously worldwide.

CSN

The group is also said to have recruited affiliates for deploying the ransomware in various industries like government, agriculture, education, etc. The group also conducted some publicity-generating stunts to attract more people to their group.

Recent reports from CISA (Cybersecurity and Infrastructure Security Agency), the group has reportedly earned a revenue of $91 million in ransom in the United States itself, making it one of the highest-earning malware groups in history.

Attack Timeline

LockBit was discovered as part of an activity in the ABCD ransomware in 2019.  In 2020, the first LockBit-named ransomware was found in the Russian Language. The ransomware has been upgraded to version 2 in June 2021 and version 3 in March 2022.

According to the reports, 18% of the ransomware incidents reported between 1st April 2022 to 31st March 2023 included LockBit ransomware, whereas 22% of ransomware reports in Canada in 2022 were related to the same ransomware.

In addition, the FBI reported that there have been 1700 successful attacks in the US using the LockBit ransomware.

Exploitation of CVE(s)

The affiliates recruited by the LockBit ransomware group were exploiting older and newer vulnerabilities. Some of the very common vulnerabilities exploited by the affiliates were,

  • CVE-2023-0669 –  Fortra GoAnywhere Managed File Transfer (MFT) Remote Code Execution Vulnerability 
  • CVE-2023-27350 – PaperCut MF/NG Improper Access Control Vulnerability
  • CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
  • CVE-2021-22986 – F5 BIG-IP and BIG-IQ Centralised Management iControl REST Remote Code Execution Vulnerability
  • CVE-2020-1472 – NetLogon Privilege Escalation Vulnerability
  • CVE-2019-0708 – Microsoft Remote Desktop Services Remote Code Execution Vulnerability
  • CVE-2018-13379 – Fortinet FortiOS Secure Sockets Layer (SSL) Virtual Private Network (VPN) Path Traversal Vulnerability

Mitigations

  • Keep all the OS, hardware, firmware and software up to date
  • Control and restrict all the network connections
  • Apply local execution policies for applications
  • Disable unused ports
  • Investigate abnormal activity and other activities
  • Use Web Filtering
  • Maintain Offline backups of data and encrypt them
  • Create a recovery plan

Stop Advanced Email Threats That Target Your Business Email – Try AI-Powered Email Security


[ad_2]
Source link

Motorola moves Razr+ pre-orders up a day & AT&T has an incredible deal

andreasc
-
0
Motorola moves Razr+ pre-orders up a day & AT&T has an incredible deal
[ad_1]

Motorola claims that they “couldn’t hold in the excitement” another day, and has moved up pre-orders to June 15. So starting tomorrow, you can pre-order the new Razr+. It will still ship on June 23, as was originally announced earlier this month.

Along with that news of the earlier pre-order date, AT&T has also announced a pretty incredible deal for the new Razr+. You’ll be able to get the Razr+ for just $5/month, without a trade-in. That’s $5 per month for 36 months. Which comes out to a final price of $180. That’s a pretty incredible deal for a phone that has an MSRP of $999.

There are a couple of caveats here, like it does require an eligible unlimited plan. And if you cancel or leave AT&T before the 36 months are up, you’ll forfeit the remaining bill credits. So you will need to stick with AT&T for three years.

The Razr+ might be the flipping phone to buy this year

This is really the third-generation of the Razr, since Motorola brought it back as a foldable, and it looks less like the traditional Razr, but it might be the best flipping phone yet.

New this year, Motorola has added a larger front-display. It’s so large on the Razr+, that it is the entire front-side of the phone. It’s about 3.6-inches and for some reason, it’s a 144Hz display. While the inside is a 6.7-inch 165Hz 22:9 aspect ratio display. With almost no crease, as we saw from our hands on a few weeks ago. It also has the Snapdragon 8+ Gen 1, and a 3800mAh battery inside. That might seem small, but it is a huge upgrade over the previous Razr which was just 2800mAh.

It comes in just one SKU, which is the 8GB of RAM and 256GB of storage model. So there’s plenty of storage available here for most people.


[ad_2]
Source link

New Twitter CEO outlines her plans for the social media platform

andreasc
-
0
New Twitter CEO outlines her plans for the social media platform
[ad_1]

The new Twitter CEO, Linda Yaccarino, is now making moves to improve the platform’s services. She also shares the same vision with Elon Musk, which is to make the platform an area to share thoughts from varying backgrounds. In a recent tweet thread, Linda Yaccarino highlights her plans for Twitter now that she is in control of its affairs.

As she takes over control of Twitter from Elon Musk, most users of the platform might expect some changes. Well, that might not be the case, as she repeatedly made references to Elon Musk in the tweet explaining her vision for the social media platform. This shows that she concords with Elon’s ideas for the platform before purchasing it.

This isn’t bad, as they are great ideas that aim to promote freedom of speech on Twitter for all users. In her words, Linda Yaccarino says that “Twitter is on a mission to become the world’s most accurate real-time information source.” She also expresses optimism for the platform’s dream of becoming “a global town square for communication.”

Linda Yaccarino takes on the role of Twitter’s CEO to promote accurate information for users

As Linda Yaccarino takes on the role of Twitter’s CEO, there comes an important mantle. Ever since he purchased the social media platform, Elon Musk has held this mantle to the best of his abilities. Now he is handing things over to someone with the technical know-how when it comes to running Twitter and ensuring its users are well taken care of.

Linda Yaccarino was the advertising chair for NBCUniversal, a position she evacuated a few weeks ago. She also worked with the Trump administration, occupying the President’s Council on Sports, Fitness, and Nutrition office. Her achievements and prowess throughout her career make her an ideal choice to fill in Musk’s position at Twitter.

But what are her plans for the social media platform, will there be any changes to the affairs of things? Well, her goal with the social media platform isn’t to bring any change but to build on the already established aims and objectives. This involves becoming a platform that promotes freedom of speech to all users, regardless of their background.

The entirety of this goal is known as Twitter 2.0 and users globally are already getting new features that help in its actualization. With Linda Yaccarino working together with Elon Musk and the team at Twitter, the platform hopes to make some needed improvements. In the coming months, netizens will see how the new Twitter CEO Linda Yaccarino is working to achieve the social media platform’s goals.


[ad_2]
Source link

WhatsApp is adding a new way (kind of) to communicate with your friends

andreasc
-
0
WhatsApp is adding a new way (kind of) to communicate with your friends
[ad_1]
We have more ways than ever to communicate with each other nowadays: you can simply text someone, send them a voice message, or compose an email if it is a more formal conversation. What is that? You can also call people on the phone you say? Sure, if you are weird.

Do you know what’s not so weird (ironically), though? Sending short, spontaneous, raw video clips. Snapchat was the first to make this communication medium popular back when Snapchat was yet to be robbed and swallowed up by Meta’s apps.

While we are on the topic of Meta’s apps stealing prominent Snapchat features, WhatsApp is apparently looking of implementing its own jab at video messaging, as spotted by WABetaInfo in a beta update. The new feature was discovered in both the Android and iOS versions of the app, and it is already accessible to some beta testers.

Of course, WhatsApp users already had the ability to send recorded videos in chat, either by selecting one from their gallery or by recording one on the spot and clicking the send button. The video messaging feature, on the other hand, will work more like voice messages.

In other words, you tap and hold the button while recording, and it will automatically send itself once you remove your finger. Presumably, you would also be able to swipe up to lock the recording in, so you don’t have to keep pressing. You should also be able to swipe left to delete.

The new video messaging button will be where the voice messaging one is, and users have to tap once to switch between the two modes.

Safety-wise, these video messages will be end-to-end encrypted, meaning the only people with access to them would be the sender and recipient. Additionally, the one receiving the video message won’t be able to forward it to others. The video message will stay in the chat after being sent, however, unless it is manually deleted.

The feature is still in beta, but it is safe to assume something as fundamental as this will eventually come to the stable version of the app sometime in the near future.


[ad_2]
Source link

Chinese Hackers Exploit VMware ESXi Zero-Day

andreasc
-
0
Chinese Hackers Exploit VMware ESXi Zero-Day
[ad_1]
VMware ESXi Zero-Day

The Chinese cyberespionage gang, identified as UNC3886, has been spotted employing a VMware ESXi zero-day vulnerability to get escalated privileges on guest virtual machines.

UNC3886 has been using malicious vSphere Installation Bundles (VIBs), typically used to maintain systems and deploy updates, to install backdoors on ESXi hypervisors, and gain access to command execution, file manipulation, and reverse shell capabilities. This activity was first reported in September 2022.

CSN

The group’s malicious activities would affect Windows virtual machines (VM), vCenter servers, and VMware ESXi hosts.

UNC3886 VMware Zero-Day Attack

The gang has also used a zero-day vulnerability in VMware Tools to bypass authentication and run privileged commands on Windows, Linux, and PhotonOS (vCenter) guest VMs.

The vulnerability, CVE-2023-20867, has been given a “low severity” rating since it can only be exploited by an attacker with root access to the ESXi server.

“A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine,” VMware said in its security advisory.

Mandiant claims that UNC3886 was seen employing scripts to enumerate all ESXi hosts and their guest VMs, change lists of allowed IPs across all connected ESXi hosts, and collect credentials from compromised vCenter servers using the associated vPostgreSQL database.

Expanded UNC3886 attack path
Expanded UNC3886 attack path

“Additionally, the use of CVE-2023-20867 does not generate an authentication log event on the guest VM when commands are executed from the ESXi host,” researchers said.

The cybersecurity company also saw the group installing two backdoors (VirtualPita and VirtualGate) that used VMCI sockets for persistence and lateral movement.

In addition to enabling network segmentation bypass and the evasion of security inspections for open listening ports, the malware gives the attackers a new degree of persistence (access to the infected ESXi host is recovered by accessing a VM).

“The attack is highly targeted, with some hints of preferred governmental or government-related targets,” Fortinet said.

“The exploit requires a deep understanding of FortiOS and the underlying hardware. Custom implants show that the actor has advanced capabilities, including reverse-engineering various parts of FortiOS.”

Fortimanager attack flow
Fortimanager attack flow

According to Mandiant, UNC3886’s usage of a wide variety of new malware families and harmful tools designed specifically for the platforms they are targeting implies significant research capabilities and an out-of-the-ordinary capacity to comprehend the sophisticated technology the use of the targeted appliance.

In assaults against organizations involved in defense, technology, and telecommunications in the US and the Asia-Pacific area, UNC3886 is renowned for using zero-day vulnerabilities in firewall and virtualization solutions.

Stop Advanced Email Threats That Target Your Business Email – Try AI-Powered Email Security


[ad_2]
Source link

Don’t Miss Out on This Deal on the MSI Creator Z16

andreasc
-
0
Don’t Miss Out on This Deal on the MSI Creator Z16
[ad_1]

Amazon has a great deal on the MSI Creator Z16 Professional Laptop right now, where you can pick it up for just $1,499. That’s going to save you about $1,000 on this laptop. Making it a really great deal right now.

MSI Creator Z16 – Amazon

Why you should buy the MSI Creator Z16

The MSI Creator Z16 is a powerful and versatile laptop that is perfect for creative professionals. It features a 16-inch QHD+ (2560×1600) display with a 120Hz refresh rate, which is ideal for video editing, graphic design, and gaming. The laptop is also powered by an 11th Gen Intel Core i9 processor and an NVIDIA GeForce RTX 3060 graphics card, which provides plenty of power for demanding tasks.

In addition to its powerful performance, the MSI Creator Z16 also features a number of other features that make it ideal for creative professionals. These include a backlit keyboard, a fingerprint sensor, a Thunderbolt 4 port, and a Wi-Fi 6E connection. The laptop also comes with a number of pre-installed creative software applications, such as Adobe Photoshop, Illustrator, and Premiere Pro.

The MSI Creator Z16 is a great value for creative professionals who are looking for a powerful and versatile laptop. It is currently on sale for just $1,499, which is a great deal for a laptop with this level of performance and features.

Here are some of the reasons why you should buy the MSI Creator Z16:

  • Powerful performance: The 11th Gen Intel Core i9 processor and NVIDIA GeForce RTX 3060 graphics card provide plenty of power for demanding tasks such as video editing, graphic design, and gaming.
  • Stunning display: The 16-inch QHD+ (2560×1600) display with a 120Hz refresh rate is ideal for video editing, graphic design, and gaming.
  • Versatile features: The laptop also features a backlit keyboard, a fingerprint sensor, a Thunderbolt 4 port, and a Wi-Fi 6E connection.
  • Great value: The MSI Creator Z16 is currently on sale for just $1,499, which is a great deal for a laptop with this level of performance and features.

If you are a creative professional who is looking for a powerful and versatile laptop, the MSI Creator Z16 is a great option. It is currently on sale for just $1,499, which is a great deal.

MSI Creator Z16 – Amazon


[ad_2]
Source link

Spotify fined $5.4 million for allegedly mishandling user data

andreasc
-
0
Spotify fined $5.4 million for allegedly mishandling user data
[ad_1]

Over the past few years, the European Union has been the top watchdog when it comes to safeguarding its people’s data. Now, in line with these efforts, the Swedish Authority for Privacy Protection (IMY) has fined Spotify of SEK 58 million ($5.4 million) for allegedly mishandling user data, thereby breaching the General Data Protection Regulation (GDPR).

The complaint, lodged in 2019 by privacy advocacy group Noyb, led by campaigner Max Schrems, stated that Spotify not only failed to provide customer data upon request but also neglected to disclose the purpose of processing such data. Additionally, upon further investigation, the IMY also found that Spotify couldn’t adequately explain how they were using this data, raising some serious concerns.

As a result, the IMY has now ordered Spotify to provide the complete set of requested data and emphasized the need for the company to be transparent about how they handle personal data and the purposes for which they process it.

Stefano Rossetti, a privacy lawyer at Noyb, expressed his satisfaction with IMY finally taking action and stated that it is a basic right for every user to have full information about their processed data. However, he also highlighted the prolonged duration of the case and the need for the Swedish authority to expedite its procedures.

Spotify’s response

While Spotify’s inadequate measures to protect customer data raised some concerns, the IMY considered the violations to be of “low level of seriousness” and recognized that Spotify had taken steps to address the issues. Moreover, the authority also mentioned that they fined Spotify based on its revenue and user count.

In response to the fine, a Spotify spokesperson stated, “Spotify offers all users comprehensive information about how personal data is processed. During their investigation, the Swedish DPA found only minor areas of our process they believe need improvement. However, we don’t agree with the decision and plan to file an appeal.”


[ad_2]
Source link

Save $200 on the Dolby Atmos-powered Sony HT-A3000 Soundbar

andreasc
-
0
Save $200 on the Dolby Atmos-powered Sony HT-A3000 Soundbar
[ad_1]

Today, Amazon has a great deal on a pretty good soundbar from Sony. It’s the Sony HT-A3000 which is a Dolby Atmos soundbar, and now it’s just $498. That’s going to save you $200 off of its regular price. Making this a really great deal.

Sony HT-A3000 Soundbar – Amazon

Why you should buy the Sony HT-A3000 soundbar

The Sony HT-A3000 is a great soundbar for anyone looking to upgrade their home theater experience. It offers immersive surround sound, thanks to its support for Dolby Atmos and DTS:X. The soundbar also has a sleek and compact design that will look great in any room.

Here are some of the reasons why you should buy the Sony HT-A3000:

  • Immersive surround sound: The Sony HT-A3000 supports Dolby Atmos and DTS:X surround sound, which creates a more immersive audio experience. This is ideal for watching movies or TV shows, as it will make you feel like you are right in the middle of the action.
  • Sleek and compact design: The Sony HT-A3000 has a sleek and compact design that will look great in any room. It is also relatively lightweight, making it easy to move around if needed.
  • Powerful bass: The Sony HT-A3000 is powered by two 100W subwoofers that deliver powerful bass and clear sound. This is ideal for watching action movies or listening to music.
  • Built-in features: The Sony HT-A3000 has a number of built-in features, such as Bluetooth, Wi-Fi, and Google Assistant compatibility. This makes it easy to connect to your devices and control the soundbar with your voice.

If you are looking for a great soundbar that offers immersive surround sound, a sleek and compact design, powerful bass, and built-in features, the Sony HT-A3000 is a great option. It is currently on sale for just $498, which is a great deal for a soundbar with this level of performance and features.

Sony HT-A3000 Soundbar – Amazon


[ad_2]
Source link

Popular Reddit app might adopt a subscription based model

andreasc
-
0
Popular Reddit app might adopt a subscription based model
[ad_1]

Reddit’s recent decision to start charging for API access has caused widespread outrage among Redditors, as it would essentially be the end of many popular third-party clients unless they are willing to pay exorbitant fees each month. However, it looks like Relay for Android, the popular Reddit client, might have found a way to survive the API changes by implementing a new strategy.

In a recent blog post, developer Dave shared his insights on the future of the app and stated that the current free version of Relay would no longer be financially sustainable. Instead, the app will adopt a subscription-based model, which will also come with the added benefits of no ads or recommended content.

However, Dave also acknowledged the challenges associated with transitioning to a subscription-based model and explained that the success of this new approach would depend on users’ willingness to stick with Relay and embrace the subscription system. Additionally, he also expressed concerns about the tight timeline to implement the necessary changes, as Reddit’s new API pricing goes into effect on July 1st.

“The entire model is ultimately subject to how many, and what type of, users choose to stay with Relay as a subscription-based app. I want to stress that my estimates are only relevant to call data collected by Relay for Relay. Other apps have different layouts and feature sets,” said Dave.

Pricing structure

Under this new proposed model, users might need to pay a base subscription fee of $2 per month along with an additional $1 fee for the message notifications to accounts. However, it is important to note that the current pricing model is based on the latest release of Relay for Reddit, which included bug fixes and other changes aimed at reducing API calls.

Although the prospect of Relay surviving this API change is exciting and showcases developers’ determination to navigate evolving platform policies while providing users with a positive experience, it’s crucial to recognize that these projections are purely speculative at this point, and the future of the app remains uncertain.


[ad_2]
Source link

Ticket scammers target Taylor Swift tour

andreasc
-
0
Ticket scammers target Taylor Swift tour
[ad_1]

We take a look at multiple reports of ticket reseller fraud aimed at fans of Taylor Swift’s Era tour.

Taylor Swift fans are being warned to be cautious when buying tickets for her current “Eras” tour, with scammers waiting in the wings to trick would-be gig goers. The Better Business Bureau says it has received somewhere in the region of 200 complaints from residents of Michigan, and there’s bound to be more from other locations.

The issue is so bad that Michigan’s Attorney General advised the local “Swifties” about fraud in relation to last weekend’s Michigan leg of the tour. His warning reads as follows:

“Michigan residents who are defrauded by online ticket scammers should not just shake it off,” said Nessel. “We know these scams all too well. If you believe you were taken advantage of, filing a complaint with my office is better than revenge.”

Reports of scammers taking advantage of Swift’s fans, called Swifties, indicate some have lost as much as $2,500 paying for tickets that don’t exist or that never arrive. The Better Business Bureau has reportedly received almost 200 complaints nationally related to the Swift tour. The complaints range from refund struggles to outright scams.

Other locations for the tour are trying to get ahead of the scam curve, issuing their own warnings ahead of events where possible. For example, Cincinnati has highlighted tales of woe related to fake ticket sales on Facebook. Detroit flagged fake ticket sales on Instagram. CBC covered multiple fake sale attempts cheating folks in Canada out of significant chunks of money. Elsewhere, teens have lost out on $1,200 thanks to Craigslist scammers.

With something like 19 dates left in the US alone stretching from Minneapolis and Pittsburgh to Los Angeles and Seattle, there’s still plenty of opportunity for scammers to crawl out of the woodwork. These are undoubtedly the hottest music tickets around at the moment, so you’ll want to follow some common sense rules before trying to get your hands on some. This is especially the case given that the only ticket source left may be resellers.

How to avoid ticket scams

  • Research the ticket seller. Anybody can set up a fake ticket website, and sponsored ads showing at the top of search engines can be rife with bogus sellers. You may also run into issues buying tickets from sites like ebay. Should you decide to use sites other than well known entities like Ticketmaster, check for feedback on the BBB website.
  • Use a credit card if possible. You’ll almost certainly have more protection than if you pay using your debit card, or cash. We definitely recommend that you avoid using cash. If someone decides to rip you off, that money is gone forever.
  • A “secure” website isn’t all it seems. While sites that use HTTPS (the padlock) ensure your communication is secure, this does not guarantee the site is legitimate. Anyone can set up a HTTPs website, including scammers.
  • It’s ticket inspector time. One of the best ways to know for sure that your ticket is genuine is to actually look at it. Is the date and time correct? The city, the location? Are the seat numbers what you were expecting to see? It may well be worth calling the event organisers or the event location and confirming that all is as it should be. Some events will give examples of what a genuine ticket should look like on the official website.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link
1...1,1681,1691,170...1,472Page 1,169 of 1,472