New Lazarus backdoor discovered. Bogus Clubhouse ads served ransomware. Cryptojacking goes to school. Strategic competition.

0
113

Attacks, Threats, and Vulnerabilities

(Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor (WeLiveSecurity) ESET researchers discover a new backdoor that the Lazarus group has deployed against a freight logistics company in South Africa.

Vietnamese hack signals ‘major leap’ in APAC cyber espionage campaigns (Channel Asia) A cyber attack largely targeting Vietnamese recipients has indicated that Chinese-speaking threat actors could potentially be expanding the scope of their cyber espionage campaigns.

How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants (Ars Technica) Patching in industrial settings is hard. Ransomware shutting down production is harder.

Attackers Target European Industrial Firms With Cring Ransomware (Decipher) Attackers exploited a previously-disclosed flaw in Fortinet VPN servers in order to hit European industrial firms with the Cring ransomware.

Cring ransomware hits ICS through two-year-old bug (ComputerWeekly.com) A long-disclosed vulnerability in Fortinet’s Fortigate VPN servers is being exploited to distribute Cring ransomware.

Expert Commentary On CISA Warns Of APTs Exploiting Fortinet Vulnerabilities (