07-Aug-23: In Security News Today

Colorado Dept. of Higher Education Hit With Massive Data Breach

The Colorado Department of Higher Education (CDHE) experienced a data breach in June due to a ransomware incident. The breach exposed private and sensitive data, including names, Social Security numbers, and student identification numbers, potentially impacting a large number of individuals. CDHE is currently reviewing the affected records and will notify those affected, while also providing credit monitoring and identity theft protection services for two years.

Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics

The Mallox ransomware group has updated its tactics by targeting vulnerable SQL servers and using advanced obfuscation methods. The group combines its custom ransomware with the Remcos RAT and BatCloak obfuscator in its latest attacks. To defend against Mallox ransomware, organizations should patch vulnerabilities in SQL servers, implement AI- and machine learning-based file checking and behavior monitoring solutions, and encourage user awareness of system security.

New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs

A new malware campaign has been observed using malicious OpenBullet configuration files to target inexperienced cyber criminals. The campaign aims to deliver a remote access trojan (RAT) capable of stealing sensitive information. The malware utilizes Telegram as a command-and-control mechanism and targets various web browsers and crypto wallets.

North Korean Hackers Target Russian Missile Engineering Firm

Two North Korean nation-state actors, ScarCruft and the Lazarus Group, have been linked to a cyber intrusion against the Russian missile engineering company NPO Mashinostroyeniya. The breach involved the compromise of an email server and the deployment of a Windows backdoor called OpenCarrot. This rare convergence of threat activity clusters indicates a strategic espionage mission that could benefit North Korea’s missile program.

New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers

A new variant of the SkidMap malware has been discovered, targeting vulnerable Redis servers on a wide range of Linux distributions. The malware is designed to adapt to the system it infects, making it difficult to detect. It deploys a dropper shell script that disguises itself as a GIF image file, adds SSH keys, disables SELinux, establishes a reverse shell, and downloads various packages and kernel modules to hide its activities and launch a botnet component.

FBI Alert: Crypto Scammers Masquerading as NFT Developers

The FBI has issued a warning about cyber criminals posing as legitimate NFT developers to steal cryptocurrency and digital assets. These scammers either gain access to NFT developer social media accounts or create fake accounts to promote fraudulent NFT releases. They use phishing links to direct victims to spoofed websites where they are tricked into connecting their cryptocurrency wallets and making purchases, allowing the scammers to steal funds and NFTs. Users are advised to verify the legitimacy of social media accounts and websites to mitigate the risks of these scams.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.