News – October 2024

  • Finland’s NBI probes wave of bank cyber attacks

    October 18, 2024

    Finland’s National Bureau of Investigation has opened a preliminary probe on a series of cyber attacks on the country’s financial sector. Finnish banks have been targeted in cyber attacks in recent months. In particular, Nordea Bank has been hit by several distributed denial of service (DDoS) attacks throughout the autumn. The bank has faced recurring problems ...

  • Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia

    October 18, 2024

    Last December, Kaspersky researchers discovered a new group targeting Russian businesses and government agencies with ransomware. Further investigation into this group’s activity suggests a connection to other groups currently targeting Russia. Kaspersky researchers have seen overlaps not only in indicators of compromise and tools, but also tactics, techniques, and procedures (TTPs). Moreover, the infrastructure partially overlaps ...

  • Greek police data leak exposes details of elite crime-fighting unit members

    October 18, 2024

    A Greek police officers association says it is planning legal action after names and details of hundreds of officers from a new elite crime-fighting agency were published on the internet. The Directorate for Combating Organised Crime, DAOE, was launched Thursday to tackle organized crime activities including contract killings, fuel smuggling and money laundering. Police officials confirmed ...

  • New macOS vulnerability, “HM Surf”, could lead to unauthorized data access

    October 17, 2024

    Microsoft Threat Intelligence uncovered a macOS vulnerability that could potentially allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user’s protected data. The vulnerability, which we refer to as “HM Surf”, involves removing the TCC protection for the Safari browser directory and modifying a configuration ...

  • Europol: Charges unveiled in ongoing effort to de-anonymise DDoS group Anonymous Sudan

    October 17, 2024

    US authorities have unveiled this week charges against two Sudanese nationals involved in a significant Distributed-Denial-of-Service (DDoS) cybercrime network, following an international investigation that spanned multiple countries. The investigation exposed the activities of Anonymous Sudan, a prolific cybercrime group conducting destructive DDoS attacks to support their ideologically-motivated agenda. Europol coordinated the European dimension of the investigation, ...

  • European companies anxious over non-implementation of EU cyber rules

    October 17, 2024

    Most EU member states are set to miss an implementation deadline falling today (17 October) to implement rules to protect critical entities against cyber-attacks and organisations are also concerned about fragmentation of such rules. Euronews reported last week that the European Commission had so far only received confirmations from Belgium and Croatia on transposition of the ...

  • Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism

    October 17, 2024

    Unit 42 researchers have found that certain third-party utilities and applications pertaining to archiving, virtualization and Apple’s native command-line tools do not enforce the quarantine attribute. This can pose a threat to the integrity of a security feature on macOS known as Gatekeeper, which is responsible for ensuring that only trusted software runs on the system. ...

  • Cyber Security Association of China calls for cybersecurity review of Intel products sold in China

    October 16, 2024

    The Cyber Security Association of China on Wednesday called for the launch of a systematic review of potential cybersecurity risks in Intel products due to frequent vulnerabilities and high failure rates, in order to effectively safeguard China’s national security and the legitimate rights and interests of Chinese consumers. The association cited four reasons for the review: ...

  • Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 to Steal Data

    October 16, 2024

    From infostealer development to data exfiltration, cloud service providers are increasingly being abused by threat actors for malicious schemes. While in this case the ransomware samples we examined contained hard coded AWS credentials, this is specific to this single threat actor and in general, ransomware developers leverage other online services as part of their tactics. In ...

  • Tor Browser and Firefox users should update to fix actively exploited vulnerability

    October 16, 2024

    Mozilla has announced a security fix for its Firefox browser which also impacts the closely related Tor Browser. The new version fixes one critical security vulnerability which is reportedly under active exploitation. To address the flaw, both Mozilla and Tor recommend that users update their browsers to the most current versions available. Firefox users that have ...