Research has shown that payments to threat actors, demanded by ransomware, has dropped, but the double action of stealing the data and threatening exposure and encrypting that data at source is increasing: Ransom payments fall as fewer victims choose to pay hackers (bleepingcomputer.com) This next story wasn’t really surprising, that …
Samba releases security updates
The US Cybersecurity and Infrastructure Security Agency has issued a notice for Samba updates: Samba Releases Security Updates | CISA
CISA Log4Shell examination
The US Government Cybersecurity and Infrastructure Security Agency has published a report examining the malware that infected an organisation with unpatched Log4Shell vulnerability in a VMware Horizon server. CISA Releases Log4Shell-Related MAR | CISA
Stealing emails undetected using Chrome extensions
The malicious extension has been called SHARPEXT by researchers at Volexity and impacts the Chromium-based web browsers, Chrome, Edge, and can steal email from Gmail. Cyberspies use Google Chrome extension to steal emails undetected (bleepingcomputer.com)
Commercialised cyberweapons
For when you have time, here are two articles from Microsoft looking at cyberweapons: Continuing the fight against private sector cyberweapons – Microsoft On the Issues Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits – Microsoft Security Blog The view from the US Government Pegasus spyware: Just ‘tip of …
