The Week in Ransomware - December 15th 2023 - Ransomware Drama

The big news over the past two weeks is the continued drama plaguing BlackCat/ALPHV after their infrastructure suddenly stopped working for almost five days. Multiple sources told BleepingComputer that this outage was related to a law enforcement operation, but BlackCat claims the outages were caused by a hardware/hosting issue. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-15th-2023-ransomware-drama/

 Microsoft unveils new, more secure Windows Protected Print Mode

Microsoft announced a new Windows Protected Print Mode (WPP), introducing significant security enhancements to the Windows print system. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-unveils-new-more-secure-windows-protected-print-mode/

 QNAP VioStor NVR vulnerability actively exploited by malware botnet

A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution (RCE) vulnerability in QNAP VioStor NVR (Network Video Recorder) devices to hijack and make them part of its DDoS (distributed denial of service) swarm. [...]

https://www.bleepingcomputer.com/news/security/qnap-viostor-nvr-vulnerability-actively-exploited-by-malware-botnet/

 MongoDB says customer data was exposed in a cyberattack

MongoDB is warning that its corporate systems were breached and that customer data was exposed in a cyberattack that was detected by the company earlier this week. [...]

https://www.bleepingcomputer.com/news/security/mongodb-says-customer-data-was-exposed-in-a-cyberattack/

 Qbot malware returns in campaign targeting hospitality industry

The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer. [...]

https://www.bleepingcomputer.com/news/security/qbot-malware-returns-in-campaign-targeting-hospitality-industry/

 What to do when receiving unprompted MFA OTP codes

Receiving an unprompted one-time passcode (OTP) sent as an email or text should be a cause for concern as it likely means your credentials have been stolen. [...]

https://www.bleepingcomputer.com/news/security/what-to-do-when-receiving-unprompted-mfa-otp-codes/

 Rhadamanthys Stealer malware evolves with more powerful features

The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion. [...]

https://www.bleepingcomputer.com/news/security/rhadamanthys-stealer-malware-evolves-with-more-powerful-features/

 WordPress hosting service Kinsta targeted by Google phishing ads

WordPress hosting provider Kinsta is warning customers that Google ads have been observed promoting phishing sites to steal hosting credentials. [...]

https://www.bleepingcomputer.com/news/security/wordpress-hosting-service-kinsta-targeted-by-google-phishing-ads/

 Mortgage giant Mr. Cooper data breach affects 14.7 million people

Mr. Cooper is sending notices of a data breach to customers who were impacted by a cyberattack the firm suffered in November 2023. [...]

https://www.bleepingcomputer.com/news/security/mortgage-giant-mr-cooper-data-breach-affects-147-million-people/

 Former IT manager pleads guilty to attacking high school network

Conor LaHiff, a former IT manager for a New Jersey public high school, has admitted to committing a cyberattack against his former employer following the termination of his employment in June 2023. [...]

https://www.bleepingcomputer.com/news/security/former-it-manager-pleads-guilty-to-attacking-high-school-network/

 FBI: Play ransomware breached 300 victims, including critical orgs

The Federal Bureau of Investigation (FBI) says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, some of them critical infrastructure entities. [...]

https://www.bleepingcomputer.com/news/security/fbi-play-ransomware-breached-300-victims-including-critical-orgs/

 Microsoft fixes Windows printer issues with new troubleshooter

Microsoft has released a troubleshooter tool to fix an issue where the HP Smart app would automatically install on Windows systems after renaming all printers to HP LaserJet M101-M106. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-printer-issues-with-new-troubleshooter/

 Vans and North Face owner VF Corp hit by ransomware attack

American global apparel and footwear giant VF Corporation, the owner of brands like Supreme, Vans, Timberland, and The North Face, has disclosed a security incident that caused operational disruptions. [...]

https://www.bleepingcomputer.com/news/security/vans-and-north-face-owner-vf-corp-hit-by-ransomware-attack/

 Microsoft discovers critical RCE flaw in Perforce Helix Core Server

Four vulnerabilities, one of which is rated critical, have been discovered in the Perforce Helix Core Server, a source code management platform widely used by the gaming, government, military, and technology sectors. [...]

https://www.bleepingcomputer.com/news/security/microsoft-discovers-critical-rce-flaw-in-perforce-helix-core-server/

 December's Windows 11 KB5033375 update breaks Wi-Fi connectivity

The KB5033375 cumulative update released during the December 2023 Patch Tuesday causes Wi-Fi connectivity issues on some Windows 11 devices. [...]

https://www.bleepingcomputer.com/news/microsoft/decembers-windows-11-kb5033375-update-breaks-wi-fi-connectivity/

 Xfinity discloses data breach after recent Citrix server hack

Comcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems. [...]

https://www.bleepingcomputer.com/news/security/xfinity-discloses-data-breach-after-recent-citrix-server-hack/

 FBI disrupts Blackcat ransomware operation, creates decryption tool

The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. [...]

https://www.bleepingcomputer.com/news/security/fbi-disrupts-blackcat-ransomware-operation-creates-decryption-tool/

 Terrapin attacks can downgrade security of OpenSSH connections

Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used. [...]

https://www.bleepingcomputer.com/news/security/terrapin-attacks-can-downgrade-security-of-openssh-connections/

 How the FBI seized BlackCat (ALPHV) ransomware’s servers

An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. [...]

https://www.bleepingcomputer.com/news/security/how-the-fbi-seized-blackcat-alphv-ransomwares-servers/

 Microsoft confirms Windows 11 Wi-Fi issues, asks for user feedback

Microsoft has confirmed that some Windows 11 devices experience Wi-Fi connectivity issues after installing recent cumulative updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-windows-11-wi-fi-issues-asks-for-user-feedback/

 Interpol operation arrests 3,500 cybercriminals, seizes $300 million

An international law enforcement operation codenamed 'Operation HAECHI IV' has led to the arrest of 3,500 suspects of various lower-tier cybercrimes and seized $300 million in illicit proceeds. [...]

https://www.bleepingcomputer.com/news/security/interpol-operation-arrests-3-500-cybercriminals-seizes-300-million/