Threat Intelligence Cybersecurity Hacking News

Ransomeware is increasing rapidly as more organizations continue to fall victim to ransomware attacks. However, there's good news amid this rising threat. Avast has released free decryption keys to recover files encrypted by three ransomware strains - AtomSilo, Babuk, and LockFile.

Ransomware is shaking up the threat landscape as more organizations continue to fall victim to such attacks. However, there’s good news amid this rising threat. Avast has released free decryption keys to recover files encrypted by three ransomware strains - AtomSilo, Babuk, and LockFile. While the decryptor for AtomSilo and LockFile are the same, the decryption key for Babuk will work on files encrypted with .babuk or .babyk file extensions.

In another cyber update, Adobe released a patch for over 90 security vulnerabilities. These flaws can be abused to launch remote code execution attacks and create denial-of-service conditions. threat actors capitalized on the widespread popularity of Squid Game to spread the infamous Joker trojan. The malware was disguised as a wallpaper app with the same name on the Google Play Store to trick users. Amid all these scary threats, there’s a piece of good news for victims affected by BlackMatter ransomware. A decryptor for a version of the ransomware that was used between July and September is now available for free.

Top Breaches Reported

Cream Finance Hacked

Cybercriminals steal around $130 million from Cream Finance; the company’s 3rd hack this year.

The attack occurred after the hacker found a major vulnerability in the platform's flash loaning system. This is the third time that the platform has been hacked this year.

Scoolio exposed

Around 400,000 German students' data were exposed by API flaws. The exposed data includes nicknames, parent email addresses, interests, GPS location at which the app was last opened

, UUID details and Personality traits (origin, religion, sexuality)

Nobelium once again Strike

Microsoft has warned that Nobelium, the hacking group behind the SolarWinds fiasco, has targeted at least 140 resellers and technology service providers in global IT supply chains. The group relied on password spraying attacks token theft and API abuse to obtain sophisticated credentials and gain privileged access to victims' systems.

Tesco's website suspected cyberattack

Tesco's website temporarily faced major outages due to cyberattacks. Due to cyberattacks customers were prevented to placed ordering or canceling deliveries. Tesco confirmed on Sunday evening that the website and app were completely now restored but that it was using a virtual waiting room to handle a backlog in orders.

Millions of date on sell

Cybercriminals selling almost 50 million records of Moscow drivers on an underground forum for $800. The exposed data includes full names, dates of birth, phone numbers, license plate numbers, and VIN codes of individuals.

KT's nationwide network under major DDOs attack

Major DDoS attack on South Korea-based Telco KT had to temporarily shut down its network. During the DDoS attack, users were not unable to use credit cards, trade stocks, or access online apps.

Top Malware Reported

Chaos Ransomware

Cybersecurity researchers uncovered a new variant of Chaos ransomware that Minecraft gamers in Japan. Once the executable file is opened, the malware searches for files smaller than 2,117,152 bytes on the compromised machine and encrypts them. It then appends those files with four random characters chosen from “abcdefghijklmnopqrstuvwxyz1234567890” as a file extension.

DECAF Ransomware

Day by day Go language is becoming increasingly popular among threat actors, with attacks starting to appear in 2019. DECAF uses the AES-CBS-128 algorithm to encrypt the files. Once it encrypts the files, it creates a README.txt file inside each directory.

SEO Poisoning attack

The researcher declared two active campaigns linked to the REvil ransomware gang or SolarMaker backdoor that used the SEO poisoning attack to serve payloads. SEO poisoning is also known as "search poisoning" is a way of attack method that relies on optimizing websites using black hat SEO techniques to rank high in Google search results.