Tag Archive for: starts

Ransomware gang starts leaking data stolen from Quebec university

/in


The LockBit ransomware gang has started releasing data it says was stolen last month from a Quebec university.

The data is from the University of Sherbrooke, with a student body of about 31,000 and 8,200 faculty and staff. Sherbrooke is a city about a two-hour drive east of Montreal.

Asked in an email to comment on the action by LockBit, university Secretary General Jocelyne Faucher referred to the institution’s Dec. 7 statement that said, “certain data from one research laboratory has been compromised.” The incident has had no impact on the university’s activities, the statement added. An investigation continues.

According to a news report on the French language Radio Canada, the university said last month it had not been hit with ransomware.

The university hasn’t said if the compromised data included personal information or intellectual property.

Threat actors go after the education sector for several reasons: First, they believe public school boards can be pressured into paying to get access back to stolen data about children. Second, they believe post-secondary institutions will be subject to pressure from students to pay for the return of stolen personal and research data.

According to Sophos’ most recent annual ransomware report, the education sector was the most likely to have experienced a ransomware attack in 2022. Eight per cent of educational institutions surveyed said they had been hit. “Education traditionally struggles with lower levels of resourcing and technology than many other industries,” the report says, “and the data shows that adversaries are exploiting these weaknesses.”

In June, Ontario’s University of Waterloo interrupted a ransomware attack after being tipped off by the RCMP. The university’s on-premises email server was compromised, but “only a tiny number of users were impacted,” the institution said. All university IT users had to re-set their login passwords.

One of the most recent cyber attacks on a Canadian university happened in December, when Memorial University’s Grenfell campus in Corner Brook, NL, was hit. According to the CBC, IT services at the Marine Institute were temporarily shut down. The start of the new…

Source…

Nitrogen Campaign Starts with Fake Ads, Ends with Ransomware

/in


Threat actors are using bogus advertisements for IT tools on sites like Google and Microsoft’s Bing in hopes of luring tech users to inadvertently download malware that kicks off an attack that eventually leads to ransomware like BlackCat.

The hackers use the Nitrogen malware to get initial access into corporate networks, leading to second stage of the attack, which includes deploying Cobalt Strike Beacons and the Meterpreter shell, a payload designed to let an attacker move through a targeted system and execute code, according to cybersecurity firm Sophos X-Ops team.

“We assess it is likely that the threat actors mean to leverage this infection chain to stage compromised environments for ransomware deployment,” X-Ops researchers Gabor Szappanos, Morgan Demboski, and Benjamin Sollman wrote in a report.

The Nitrogen campaign is only the latest in what the researchers said are an increasingly popular type of attack that abuses click-per-play ads displayed in search engine results. They’ve seen the attackers targeted organizations in the tech and no-profit industries in North America and, given the array of trojanized installers that lead to the infections of systems, “the threat actors are trying to cast a wide net to lure unsuspecting users seeking certain IT utilities, and it is likely this campaign will attempt to impersonate other types of popular software to deliver Nitrogen in future attacks.”

Sophos’ look at the campaign follows on other research by security firms Trend Micro and eSentire, both of which found similar pattern.

It Starts with Malvertising

According to Sophos, the infections begin with the fake ads – malverstising – in Google and Bing Ads in hopes of directing victims to compromised WordPress sites and phishing pages that look like legitimate and popular sites where people can buy software. Instead, they inadvertently download trojanized ISO installers.

Included in the list of software the campaign impersonates are AnyDesk remote desktop app, Cisco AnyConnect VPN installers, and WinSCP, a Windows client. The researchers listed nine trojanized installers deploying the Nitrogen package.

“These applications are often used for business-related…

Source…

SiriusXM hack unlocks, starts cars

/in


Curry, who works for New York-based Yuga Labs, a blockchain-based software development company, is known in cybersecurity circles for his interest in automobile telematics.

In September 2022, a hacker reached out to Curry to show him how he had breached Uber’s backend systems and compromised the ride-hailing service’s Amazon and Google-hosted cloud environments where the company stores its source code and customer data.

The automakers and SiriusXM said no mishaps resulted from the potential security breach.

“Honda is aware of a reported vulnerability involving SiriusXM connected vehicle services provided to multiple automotive brands, which, according to SiriusXM, was resolved quickly after they learned of it,” Jessica Fini, a Honda spokeswoman, said in a statement. “Honda has seen no indications of any malicious use of this now-resolved vulnerability to access connected vehicle services in Honda or Acura vehicles.”

In a statement, SiriusXM Connected Vehicle Services said that “the issue was resolved within 24 hours after the report was submitted. At no point was any subscriber or other data compromised, nor was any unauthorized account modified using this method.”

Hyundai spokesman Ira Gabriel told Automotive News that the automaker worked with third-party consultants to investigate the vulnerability as soon as Curry and his team brought the security issues to their attention.

“Importantly, other than the Hyundai vehicles and accounts belonging to the researchers themselves, our investigation indicated that no customer vehicles or accounts were accessed by others as a result of the issues raised by the researchers,” Gabriel said.

To hack a Hyundai, Gabriel said one needed the email address associated with the account, along with the VIN and the script, or code, used by the hackers.

Nevertheless, Hyundai implemented countermeasures within days of notification to further enhance the safety and security of its systems, he said.

Curry told Automotive News that he thought automakers could make their smartphone applications more secure through standardization, but they each take separate approaches in developing their applications.

“This is a really complicated issue, but I’d like to…

Source…

Samsung Galaxy S22 series starts receiving the May 2022 security update

/in


What you need to know

  • Samsung has begun rolling out the May 2022 update to the Galaxy S22 series.
  • The update appears to only include the latest Android security patch.
  • It is currently rolling out to Snapdragon 8 Gen 1 variants in Asia, and will likely expand in the coming days and weeks.

Samsung has made a habit of updating its flagship smartphones to the latest security patch ahead of other Android devices and often before we enter the corresponding month. May is no different, as the company has already started rolling out the May update to its Galaxy S22 series.

The new update is arriving for the Snapdragon 8 Gen 1 variant of the Galaxy S22 series has so far been spotted in several Asian countries, including India, Malaysia, Sri Lanka, and the Phillippines.

(Image credit: Naveenpippal via Samsung Community)

There doesn’t appear to be anything particularly interesting arriving with the update aside from a bump to the latest Android security patch. For now, there are no details on what is included in the patch, although fortunately, the pesky “Dirty Pipe” vulnerability was already patched with the April update.

Source…