News Items

According to Armorblox, most organizations use six or more communication tools across channels, with email remaining the most vulnerable channel to attacks (38 percent). Multiple-channel attacks are picking up momentum and gaining frequency, according to respondents. Over half of respondents reported weekly (36 percent) or daily (16 percent) incidents of multi-vector, socially engineered attacks. Sixty-nine percent of respondents are concerned about attacks evading security controls by exploiting siloed communication and collaboration tools outside of email. According to the survey, 38 percent of respondents consider email the most vulnerable channel to threat actors. This highlights the high level of risk associated with email communication and the continued inadequacy of legacy security tools in protecting against sophisticated threats. This article continues to discuss key findings from Armorblox's survey of Information Technology (IT) and security professionals, focusing on the challenges organizations face in securing the abundance of communication and collaboration tools used today.

Help Net Security reports "Malicious Links and Misaddressed Emails Slip Past Security Controls"

As an associate professor in the Department of Computer Science and Engineering at Michigan State University, Dr. Borzoo Bonakdarpour works to prevent the exposure of private information. Well-publicized instances of individuals being hacked due to phishing schemes or lax security practices likely come to mind when one hears "data breach." However, Bonakdarpour, a recipient of the 2023 Withrow Teaching Award, focuses on a more subtle aspect of data privacy with the same high stakes. Bonakdarpour emphasizes that programmers often make mistakes, which can result in accidental bugs. These bugs have the potential to result in massive security breaches. Bonakdarpour and his team were recently awarded a grant by the National Science Foundation (NSF) to develop what he refers to as "enforcers," or programs that can automatically detect and remedy digital mistakes before they cause damage. Enforcers watch what enters and exits a computing system, and if they detect something wrong, they take action. In addition to raising a red flag, it attempts to correct the issue. It does not fix the code, but it can take actions based on inputs and outputs. Bonakdarpour gave an analogy, where something goes wrong with the traffic light at an intersection. Accidents may occur if both directions have a green light. An enforcer would make one or both of the traffic signals red, so it does not address the underlying issue, but it prevents an accident until someone can. This article continues to discuss Bonakdarpour's insights on cybersecurity and his work to ensure bugs in computer programs do not lead to secret information being leaked.

Michigan State University reports "Ask the Expert: How New Research Can Help Protect Private Data"

The pro-Russian hacking group UserSec has announced the start of a new cyber campaign targeting and defacing the websites of North Atlantic Treaty Organization (NATO) member countries. On their official UserSec Telegram channel, the group posted an announcement about the campaign. Since the Russian invasion of Ukraine, numerous pro-Russian hacking groups have targeted Western governments and organizations supporting the war-torn country, particularly those offering weapons and strategic support to the Ukrainian military. According to UserSec's encrypted Telegram channel, the group was founded in January 2023 by a small number of ordinary civilians, most of whom have less than four years of hacking experience. UserSec claims to have supported KillNet attacks alongside Anonymous Sudan. Last month, KillNet, one of the most well-known pro-Russian hacking groups, launched its own campaign against NATO. On April 21, KillNet leaked the personal information of more than 4,000 individuals affiliated with NATO via a Telegram channel created specifically for KillNet's NATO-targeted attacks. This article continues to discuss the pro-Russian hacking group UserSec launching a new cyber campaign targeting and defacing websites belonging to NATO member nations.

Cybernews reports "NATO Member Websites Targeted by Pro-Russian Hackers"

Lawmakers recently passed a series of bills to give the Cybersecurity and Infrastructure Security Agency (CISA) new responsibilities when it comes to safeguarding open source software, protecting U.S. critical infrastructure, and expanding the cybersecurity workforce. The House Homeland Security Committee advanced a bill that would require CISA to maintain a commercial public satellite system clearinghouse and create voluntary cybersecurity recommendations for the space sector. Additionally, the committee advanced legislation requiring CISA to create a pilot civilian cyber reserve program to respond to incidents. The House Homeland Security Committee also advanced legislation requiring CISA to work with the open source community to better secure it and create a framework to assess the general risks of open source components for federal agencies. The House also advanced another bill that would give CISA the authority to train employees at DHS that aren't currently in cybersecurity positions to move to such a role.

CyberScoop reports: "Congress Looks to Expand CISA's Role, Adding Responsibilities For Satellites And Open Source Software"

KeePass 2.X Master Password Dumper is a proof-of-concept (PoC) tool developed by the security researcher Vdohney that retrieves the master password for KeePass. The tool exploits the unpatched vulnerability in KeePass, tracked as CVE-2023-32784, to retrieve the master password from the memory of KeePass 2.X versions. KeePass is a free and open-source password management application. It serves as a digital "safe" where users can store and organize sensitive information, such as passwords, credit card numbers, and notes. KeePass encrypts the data using a master key or master password, which you must provide to access the stored data. The flaw should be addressed in KeePass 2.54, which is scheduled for release at the start of June 2023. The issue arises from the fact that KeePass 2.X uses a custom-built text box ('SecureTextBoxEx') for password entry. This text box is not only used for entering the master password, but also in other areas of KeePass, such as password edit fields, allowing an attacker to recover their contents. This article continues to discuss the PoC tool that retrieves the master password from KeePass by exploiting the CVE-2023-32784 vulnerability.

Security Affairs reports "KeePass 2.X Master Password Dumper Allows Retrieving the KeePass Master Password"

Google and Android announced recently that they will now assess device vulnerability disclosure reports based on the level of information that bug hunters provide in order to encourage more comprehensive submissions. According to Google, vulnerability reports submitted to the Android and Google Vulnerability Reward Program (VRP) will be rated as "High," "Medium," or "Low" quality based on these elements: the accuracy and detail of the vulnerability description, analysis of its root cause, proof of concept, reproducibility, and evidence of reachability. Google and Android have also upped the top bug bounty prize to $15,000. Additionally, as of March 15th, 2023, Android is no longer assigning Common Vulnerabilities and Exposures (CVEs) to moderate severity issues. The CVEs are still being assigned to critical and high severity vulnerabilities. In 2022 alone, Google's VRPs paid out a record-setting $12 million in bug bounties.

Dark Reading reports: "Google Debuts Quality Ratings for Security Bug Disclosures"

Before Russia invaded Ukraine, Russian hackers knocked out Viasat satellite ground receivers across Europe. Elon Musk then offered access to Starlink, SpaceX's network of low Earth orbit (LEO) communications satellites. However, Musk reported shortly thereafter that Starlink was experiencing jamming attacks and software countermeasures. Regardless of their altitude or size, communications satellites transmit more power, requiring more power to jam than navigational satellites. However, compared to large geostationary satellites, LEO satellites have frequent handovers that introduce delays and more surface area for interference, according to Mark Manulis, a professor of privacy and applied cryptography at the University of the Federal Armed Forces' Cyber Defense Research Institute (CODE) in Munich, Germany. It is possible to infer from a handful of publications and open-source research how unprepared many LEO satellites are for direct attacks and which defenses future LEO satellites may require. Private companies and government agencies have been planning LEO constellations, with each numbering thousands of satellites. For example, the Department of Defense (DOD) has been designing its own LEO satellite network to supplement its more traditional geostationary constellations, and has already started issuing contracts for the constellation's construction. For research and demonstration purposes, university research groups are also launching small, standardized cube satellites (CubeSats) into LEO. This growth of satellite constellations coincides with the rise of off-the-shelf components and software-defined radio, both of which make satellites less expensive but less secure. This article continues to discuss the new security risks LEO satellites face and the need for more focus on cryptography for these satellites.

IEEE Spectrum reports "Satellite Signal Jamming Reaches New Lows: Starlink and Other LEO Constellations Face a New Set of Security Risks"

An 18-year-old has been charged for allegedly hacking and selling access to thousands of online sports betting accounts. Joseph Garrison of Madison, Wisconsin, who is accused of masterminding the credential stuffing scheme, is facing criminal charges. According to a criminal complaint, beginning in November 2022, Garrison purchased stolen username and password credentials on the dark web. Using the credentials, he allegedly attempted to systematically access accounts on the sports betting platform. The site is not specified in the complaint, but CNBC identified it as DraftKings. According to the complaint, this access was then sold on various websites along with instructions on how to transfer funds from the accounts. As alleged, Garrison used a sophisticated cyber-breach attack to gain unauthorized access to victim accounts and steal hundreds of thousands of dollars, according to FBI Assistant Director in Charge Michael J. Driscoll, who added that cyber intrusions aimed at stealing private individuals' funds pose a serious threat to economic security. Approximately 60,000 accounts were accessed, and $600,000 was stolen from 1,600 accounts that Garrison and his co-conspirators allegedly sold. On February 23, law enforcement agents executed a search warrant, seizing his computer and mobile phone. They found OpenBullet and SilverBullet, two programs used in credential stuffing attacks, which run customizable scripts on websites using a list of username and password combinations. This article continues to discuss the teen hacker facing criminal charges for allegedly hacking into and selling access to online sports betting accounts.

The Record reports "Teen Hacker Charged in Scheme to Siphon Funds From Sports Betting Accounts"

As part of a BATLOADER campaign designed to distribute the RedLine Stealer malware, malicious Google Search ads for generative Artificial Intelligence (AI) services such as OpenAI ChatGPT and Midjourney are being used to direct users to questionable websites. In an analysis, security researchers at eSentire noted that both AI services are popular but lack first-party standalone applications. Users interact with ChatGPT via their web interface, while Midjourney uses Discord. Threat actors have exploited this gap to direct AI app-seekers to malicious websites promoting fake apps. BATLOADER is a loader malware that is spread via drive-by downloads, in which users searching for specific keywords on search engines are shown fraudulent ads that, when clicked, redirect them to landing pages where malware is hosted. This article continues to discuss the use of malicious Google Search ads for generative AI services to direct users to sketchy websites as part of a BATLOADER campaign aimed at delivering RedLine Stealer malware.

THN reports "Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware"

According to Backslash Security, AppSec teams are struggling to keep up with the increasingly rapid and agile development pace, and playing security defense through a continuous and unproductive vulnerability hunt. Fifty-eight percent of respondents spend over 50 percent of their time hunting vulnerabilities, with 89 percent spending at least 25 percent of their time in this defensive mode. The annual cost of employing AppSec engineers who hunt for vulnerabilities rather than manage a comprehensive cloud-native AppSec program is estimated to be about $1.2 million. Given the accelerated pace of digital innovation across all enterprise sizes and the blurred lines between AppSec and CloudSec, enterprise AppSec teams are burdened with solutions that have yet to catch up to the cloud's speed. Therefore, AppSec professionals are losing confidence in the prevalent AppSec tools. The lack of cloud-native AppSec tools has a wide-ranging impact on nearly all organizations, including increasing friction between AppSec and development teams (39 percent), putting the ability to generate revenue at risk (39 percent), and an inability to retain high-value development talent (38 percent) and AppSec talent (35 percent). This article continues to discuss key findings from Backslash Security's report on AppSec teams being stuck in a catch-up cycle.

Help Net Security reports "Inadequate Tools Leave Appsec Fighting an Uphill Battle for Cloud Security"

When users access a website or send an email, they trust that their information will not be altered and read by third parties. However, maintaining the flow of information on global networks requires numerous intermediary processes, which may pose security risks. Ilies Benhabbour, a Ph.D. student working with Professor Marc Dacier at King Abdullah University of Science and Technology (KAUST), explains that, in terms of security, the more complex a system is, the more vulnerabilities it has. He added that the Internet was designed to operate as a modular system, with each data transmission component designated a specific function and contained in a protective layer known as encapsulation. The data packets are concealed and should not be altered during transmission. When a piece of information, such as an email, traverses the Internet, it encounters several third-party software components typically hidden from users. These network middleboxes, which Benhabbour and Dacier refer to as "semi-active components," improve efficiency and security by compressing large data packets or checking for viruses. Despite these benefits, some semi-active components may contain code that does not conform to international standards, is overly complex, or has been improperly configured. It is also possible for malicious hackers to pose as middleboxes in order to steal or change data. Existing tools for detecting semi-active components are often found to be cumbersome and limited to a few specific Internet protocols, so Benhabbour and Dacier designed a new tool called NoPASARAN that is simple, modular, and scalable to various situations. This article continues to discuss NoPASARAN.

KAUST reports "They Shall Not Pass: Keeping an Eye on Middleboxes"

According to a forecast by MarketsandMarkets, the global quantum cryptography market will be worth an estimated $500 million in 2023. However, like the rapidly evolving technology, the market is expected to expand significantly over the next five years. The forecast predicts that the market for quantum cryptography will grow at a compound annual growth rate of more than 40 percent over the next five years, surpassing $3 billion by 2028. Quantum cryptography applies the principles of quantum mechanics to secure communication channels and data. Although the market for quantum cryptography products is expected to grow immensely over the next few years, it is already a highly competitive market, partly because of the technical complexity required to commercialize the technology. The market includes quantum standards, quantum random number generators, and Quantum Key Distribution (QKD) systems. The market expansion parallels the government's interest in quantum cryptography and quantum computing in general. In preparation for the commercialization of quantum computers, the Office of Management and Budget (OMB) issued a memo outlining the need for federal agencies to migrate to post-quantum cryptography. This article continues to discuss the growing global quantum cryptography market.

NextGov reports "Quantum Cryptography Market to Exceed $3B by 2028"

Five organizations reported data breaches to the Maine Attorney General's Office in one day. Village Bank, Sysco, Collins Electrical Construction, Kline & Specter, and Puma Biotechnology were the five entities that disclosed data breaches on May 17. The five cyberattacks impacted nearly 150,000 people in the US. However, there could be some overlap in cases where victims suffer from two or more separate breaches. Sysco was by far the worst affected, as it reported 126,243 victims whose names and other Personally Identifying Information (PII), including Social Security numbers, were exposed in a cybersecurity incident carried out by a threat actor on January 14, 2023. As is often the case with system infiltrations, the target organization did not discover this until March 5. Kline & Specter, the second-worst affected company, had the same type of client information exposed to cybercriminals in what it described as a ransomware attack on March 13 in which some personal data may have been copied. In regard to the number of victims, Village Bank (3,324), Puma Biotechnology (1,933), and Collins Electrical (567) fared relatively well, although they, along with Sysco and Kline, all emphasized that they are treating the attacks seriously. This article continues to discuss the five cyberattacks recently disclosed to the Maine Attorney General's Office.

Cybernews reports "Five Cyberattacks in One Day Expose 150K US Residents to Data Risk"

Montana's Governor Greg Gianforte has officially signed into law a ban on TikTok usage from personal devices. The legislation will take effect on January 1, 2024, and prohibits individuals in the state from accessing the popular video-sharing platform. A TikTok Spokesperson said the ban violates the First Amendment rights of Montana residents. Because of this, the company plans to challenge the legislation in court. Governor Gianforte claims the "ban aligns with efforts to safeguard Montanans from Chinese Communist Party surveillance." While the law prohibits app stores from offering TikTok, it does not restrict existing users from utilizing the app, which currently has around 150 million users in the United States. In March, a congressional committee interrogated TikTok CEO Shou Zi Chew about the possibility of Chinese government influence and data access. Chew denied the spying allegations but confessed to employee misuse of TikTok accounts.

Infosecurity reports: "Montana Signs Ban on TikTok Usage on Personal Devices"

The Secureworks Counter Threat Unit (CTU) recently revealed that there had been a significant surge (670%) in stolen logs on online marketplace Russian Market. Infostealers are a natural choice for cybercriminals. Secureworks stated that they are readily available for purchase and, within as little as 60 seconds, generate an immediate result in the form of stolen credentials and other sensitive information. Secureworks noted that cybercriminals employ increasingly sophisticated methods to deceive users, and detecting and removing these threats is becoming even more daunting for victims. The Secureworks' report also shows that in less than nine months, the logs for sale on Russian Market surged by 150%, reaching more than five million in late February 2023 from two million in June 2022. This represents a growth rate of 670% within approximately two years. Secureworks noted that they are seeing an entire underground economy and supporting infrastructure built around infostealers, making it not only possible but also potentially lucrative for relatively low-skilled threat actors to get involved.

Infosecurity reports: "Infostealer Malware Surges: Stolen Logs Up 670% on Russian Market"

A new ransomware operation is attempting to infiltrate Zimbra servers in order to steal emails and encrypt files. Instead of a ransom payment, the threat actors demand a charity donation to provide an encryptor and not leak data. The MalasLocker ransomware attack began encrypting Zimbra servers near the end of March 2023, with victims reporting in forums that their emails were encrypted. MalasLocker's data leak site is currently distributing stolen data belonging to three companies as well as the Zimbra configuration for 169 other victims. The operation's ransom demand is quite unusual, putting it more in the realm of hacktivism. However, researchers have yet to confirm whether the threat actors keep their word when a victim donates money to a charity to get a decryptor. This article continues to discuss the MalasLocker ransomware operation and its unusual ransom demand.

Bleeping Computer reports "MalasLocker Ransomware Targets Zimbra Servers, Demands Charity Donation"

According to Immersive Labs, a continuous increase in cyberattacks and changing threat landscape are causing more organizations to focus on creating long-term cyber resilience, but many of these programs fail to demonstrate teams' real-world cyber capabilities. Although 86 percent of organizations have a cyber resilience program, 52 percent of respondents say their organization lacks a comprehensive strategy for assessing cyber resilience. Increasing the cyber resilience of cybersecurity team members (83 percent) and the general workforce (75 percent) are cited as the two highest overall focus areas for organizations in 2023. Organizations have taken measures to deploy cyber resilience programs. However, 53 percent of respondents believe that the organization's workforce is unprepared for the next cyberattack. While cyber resilience is a priority and programs exist, these statistics indicate that their current structure and training are ineffective. This article continues to discuss key findings from the Cyber Workforce Resilience Trend Report.

Help Net Security reports "Organizations' Cyber Resilience Efforts Fail to Keep Up With Evolving Threats"

Quantum Random Number Generators (QRNGs) produce true randomization using the inherent unpredictability of quantum mechanics. Therefore, they have important applications in tasks involving quantum information processing and computation. In practice, any imperfection or inaccuracy in the characterization of quantum source devices in a real implementation has a significant impact on the security and generation rate of QRNGs, and may even result in the loss of quantum randomness. To effectively resolve these problems, source-device-independent (source-DI) QRNGs operate with untrusted but well-characterized measurement devices. Researchers from Nanjing University have recently proposed and demonstrated a simple and efficient source-DI QRNG protocol that is both secure and fast. In this work, the source-DI QRNG is realized through single-photon detection technology with help from entangled photons. The extraction of random numbers occurs through a process that measures the arrival time of a photon from a pair of time-energy entangled photons. The Spontaneous Parametric Down Conversion (SPDC) process produces the time-energy entangled photon pairs. According to Yan-Xiao Gong, Professor at Nanjing University, this study strikes an excellent balance between security, speed, and practicality compared to several existing semi-DI QRNGs. He adds that this research paves the way for practical applications of secure quantum information tasks and supports the creation of high-performance and high-security QRNGs. This article continues to discuss the QRNG that operates securely and independently of source devices.

SPIE reports "Quantum Random Number Generator Operates Securely and Independently of Source Devices"

Researchers from Rutgers University have discovered a significant flaw in how algorithms designed to detect "fake news" assess the credibility of online news stories. According to the researchers, most of these algorithms rely on a credibility score for the article's "source" rather than assessing the credibility of each individual article. Vivek K. Singh, an associate professor at the Rutgers School of Communication and Information and coauthor of the study "Misinformation Detection Algorithms and Fairness Across Political Ideologies: The Impact of Article Level Labeling," stated that not all news articles published by "credible" sources are accurate, nor are all articles published by "noncredible" sources "fake news." With article-level labels matching 51 percent of the time, the researchers concluded that using source-level labels to determine credibility is not a reliable method. This labeling procedure has significant implications for tasks such as the development of robust fake news detectors and audits of fairness across the political spectrum. To address this issue, the study provides a new dataset of individually labeled articles of journalistic quality, as well as a method for misinformation detection and fairness audits. This study's findings emphasize the need for more nuanced and trustworthy methods to detect misinformation in online news and provide valuable resources for future research. This article continues to discuss the flaws discovered in using source reputation for training automatic misinformation detection algorithms.

Rutgers University reports "Rutgers Researchers Find Flaws in Using Source Reputation for Training Automatic Misinformation Detection Algorithms"

The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) recently announced that four countries have joined as members: Ukraine, Ireland, Japan, and Iceland. The announcement was made on the cybersecurity center's 15th anniversary. The organization, based in Tallinn, Estonia, now has 39 members. The NATO cyber defense hub conducts cyber defense research, training, and exercises, focusing on areas such as technology, strategy, operations, and law. The CCDCOE recently conducted the annual Locked Shields cyber defense exercise, in which the representatives of 38 countries took part. In the exercise, Red Teams compete against Blue Teams, which are tasked with defending a country's information systems and critical infrastructure from large-scale attacks.

SecurityWeek reports: "4 Countries Join NATO Cyber Defense Center"

A Russian national has recently been unmasked as a key player in the "development and deployment" of the Hive, LockBit, and Babuk ransomware strains. Mikhail Pavlovich Matveev (aka Wazawaka/m1x/Boriselcin/Uhodiransomwar) was recently charged with conspiring to transmit ransom demands, conspiring to damage protected computers, and intentionally damaging protected computers. If convicted, he faces over 20 years behind bars. However, that's not likely, as the suspect is thought to reside in Russia. The State Department has issued a $10m reward for information that leads to the arrest and/or conviction of Matveev, under its Transnational Organized Crime Rewards Program. The Department of Justice (DoJ) highlighted several alleged victims of Matveev, including a law enforcement agency and non-profit behavioral healthcare organization in New Jersey and the Washington DC Metropolitan Police Department. The DoJ estimated the combined ransom haul for the three variants at $200m, adding that the affiliates behind them demanded twice that. In addition to the indictments, the US Treasury's Office of Foreign Assets Control (OFAC) announced sanctions against Matveev.

Infosecurity reports: "US Offers $10m Reward For Alleged Prolific Ransomware Actor"

Google recently announced the release of a Chrome 113 security update that resolves a total of 12 vulnerabilities, including one rated "critical." Six of the flaws were reported by external researchers. The "critical" vulnerability, tracked as CVE-2023-2721 and reported by Qihoo 360 researcher Guang Gong, is described as a use-after-free flaw in Navigation. Google noted that a remote attacker could craft an HTML page to trigger a heap corruption when a user accesses the page. The attacker would have to convince the user to visit the page. Google stated that use-after-free vulnerabilities are memory corruption bugs that occur when the pointer is not cleared after memory allocation is freed, which could lead to arbitrary code execution, denial-of-service, or data corruption. In Chrome, use-after-free issues can be exploited to escape the browser sandbox, which also requires the attacker to target a vulnerability in the underlying system or in Chrome's browser process. Google noted that the latest Chrome update addressed three other externally reported use-after-free flaws, all rated "high" severity. The vulnerabilities impact the browser's Autofill UI, DevTools, and Guest View components. The new browser release also resolves a "high" severity type confusion bug in the V8 JavaScript engine and a "medium" severity inappropriate implementation issue in WebApp Installs. Google stated that it paid $11,500 in bug bounties to the reporting researchers. However, the company has yet to determine the amounts to be paid for two of the vulnerabilities, including the "critical" severity one, so the final amount could be higher. The latest Chrome iteration is now rolling out as version 113.0.5672.126 for macOS and Linux, and as versions 113.0.5672.126/.127 for Windows.

SecurityWeek reports: "Chrome 113 Security Update Patches Critical Vulnerability"

Apple recently announced that it blocked 1.7 million applications from being published in the App Store in 2022. The rejected apps did not meet the required privacy, security, and content standards. The App Store has more than 650 million average weekly visitors globally, who can access content from more than 36 million registered Apple developers. Apple noted that last year, they terminated 428,000 developer accounts for fraudulent activity and rejected 105,000 Developer Program enrollments. The tech giant says it blocked 57,000 untrustworthy apps distributed through illegitimate storefronts and roughly 3.9 million attempts to deploy or launch applications distributed illicitly via the Developer Enterprise Program. In 2022, Apple revealed that they disabled more than 282 million customer accounts that engaged in fraudulent activities and prevented 198 million fraudulent new accounts from being created. According to Apple, its team reviews, on average more than 100,000 app submissions per week. Last year, the team reviewed over 6.1 million app submissions and rejected 1.7 million of them on various fraud and privacy concerns. Some of the rejected apps, Apple says, contained malicious code designed to steal user credentials, while others were disguised as financial management platforms but could morph into other applications. Other applications were spam, copycats, or misleading, contained undocumented features, or attempted to obtain users' data without their consent. According to Apple, over 147 million ratings and reviews were blocked and removed from the App Store last year out of a total of more than a billion that were processed. Apple also says it blocked roughly 3.9 million stolen credit cards from being used in its store and banned 714,000 accounts, thus blocking fraudulent transactions worth more than $2 billion.

SecurityWeek reports: "Apple Blocked 1.7 Million Applications From App Store in 2022"

A joint Cybersecurity Advisory (CSA) issued by US and Australia government agencies and published by the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of the most recent tactics, techniques, and procedures (TTPs) used by the BianLian ransomware group. Since June 2022, the BianLian ransomware and data extortion group has been targeting entities within US and Australian critical infrastructure organizations. As part of the #StopRansomware initiative, the advisory is based on investigations conducted by the FBI and the Australian Cyber Security Centre (ACSC). It seeks to provide defenders with information that enables them to adjust protections and strengthen their security posture against BianLian ransomware and other threats of a similar nature. BianLian used a double-extortion model at first, encrypting systems after stealing sensitive data from victim networks and then threatening to publish the data. However, since Avast released a decryptor for the ransomware in January 2023, the group has shifted to extortion based on data theft without encrypting systems. This article continues to discuss the BianLian group's TTPs.

Bleeping Computer reports "FBI Warns Organizations of the New BianLian Ransomware Tactics"