A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers.
This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is “likely used in ransomware attacks to establish a foothold for lateral movement.”
Read more…
Source:
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Google patches critical vulnerability for Androids with Qualcomm chips
April 3, 2024
In April’s update for the Android operating system (OS), Google has patched 28 vulnerabilities, one of which is rated critical for Android devices equipped with Qualcomm chips. You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you, ...
- Unveiling the Fallout: Operation Cronos’ Impact on LockBit Following Landmark Disruption
April 3, 2024
The RaaS group LockBit that has been in operation since early 2020, grew to become one of the largest RaaS groups in the ransomware ecosphere and was responsible for 25% to 33% of all ransomware attacks in 2023. The group has claimed thousands of victims and was, by far, the biggest financial threat actor group in ...
- CVE-2024-0394: Rapid7 Minerva Armor Privilege Escalation (FIXED)
April 3, 2024
Rapid7 is disclosing CVE-2024-0394, a privilege escalation vulnerability in Rapid7 Minerva’s Armor product family. Minerva uses the open-source OpenSSL library for cryptographic functions and to support secure communications. The root cause of this vulnerability is Minerva’s implementation of OpenSSL’s OPENSSLDIR parameter, which was set to a path accessible to low-privileged users (such as C:\git\vcpkg\packages\openssl_x86-windows-static-vs2019-static\openssl.cnf). Rapid7 has ...
- OWASP Foundation reveals data breach following Wiki web server issue
April 2, 2024
The Open Worldwide Application Security Project (OWASP) suffered a data breach in late February 2024 resulting in the exposure of sensitive data belonging to some of its members. In an announcement published on the OWASP website, Executive Director Andrew van der Stock confirmed the breach and explained that it happened due to a misconfiguration of an ...
- Cyberthreats in the transportation industry
April 2, 2024
Transportation is a key economic sector. It spans a multitude of diverse companies engaged in logistics, urban transit, land and air cargo and passenger conveyance, and other activities. The transportation system performs critical functions that support nationwide objectives by connecting different areas of a country and sectors of the economy. Carriers also do business with large ...
- Prudential Financial February incident exposed data of nearly 37K customers
April 2, 2024
Prudential Financial disclosed that 36,545 individuals had personal information stolen in an early February breach that was claimed by ALPHV/BlackCat, the group also responsible for the Change Healthcare ransomware attack. In a letter to consumers March 29, the large insurance company said the stolen personal data includes names, addresses, driver’s license numbers, and non-driver identification card ...