Ransomware hits hard around the world – again, Cybercriminals steal food and Fortnite’s developer is fined millions. Here are the latest threats and advisories for the week of December 23, 2022.  Threat Advisories and Alerts  Criminal Actors Use BEC Attacks to Steal Large Food Shipments   Three U.S. government agencies – The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI) and the U.S. Department of Agriculture (USDA) – have issued a joint warning to food suppliers that their industry is seeing an uptick in business email compromise (BEC) attacks. Criminal actors are impersonating legitimate companies to order shipments of food valued at hundreds of thousands of dollars. The catch? The threat actors never

Beware the BatLoader, the NSA calls for more memory-safe programming language use and ransomware causes more trouble in Australia….Here are the latest threats and advisories for the week of November 18, 2022. Threat Advisories and Alerts Researchers Sound Alarm on Dangerous BatLoader Malware Dropper A dangerous new malware loader with features for determining whether it's running on business or home computers has begun rapidly infecting systems worldwide over the past few months. Researchers at VMware Carbon Black claim the threat, dubbed BatLoader, is being used to distribute a variety of malware tools including a banking Trojan, an information stealer, and the Cobalt Strike post-exploit toolkit on victim systems. Source: https://www.darkreading.com/attacks-breaches/researchers-alarm-batloader-malware-dropper Windows Kerberos Authentication Impacted by November Patches Microsoft is investigating

Cyberattacks on Dropbox, Europe’s biggest copper producer and another Australian business make this week’s headlines. Here are the latest threats and advisories for the week of November 4, 2022. Threat Advisories and Alerts Google Chrome Suffers Seventh Zero-Day Vulnerability of the Year Google has released an emergency update for its Chrome web browser to address its seventh zero-day vulnerability (CVE-2022-3723) of the year. If the security flaw is exploited, attackers could perform remote code execution, access memory regions that could crash applications or read sensitive information of other apps. Google Chrome users are advised to update their browsers immediately.  Source: https://thehackernews.com/2022/10/google-issues-urgent-chrome-update-to.html Patches Released for Two High-Severity OpenSSL Vulnerabilities The popular cryptography library OpenSSL has released an update to address high-severity

Tech giant vulnerabilities, menacing malware and child abductions via rideshare apps…. Here are the latest threats and advisories for the week of October 28, 2022. Threat Advisories and Alerts Daixin Team Ransomware Group Targets U.S. Businesses The FBI and CISA released a joint cybersecurity advisory to warn companies of the cybercrime group Daixin Team. The threat actors are a ransomware and data extortion group that have been actively targeting U.S. businesses since at least June 2022, mostly in the healthcare sector. The group gains access to victims’ systems via virtual private network (VPN) servers, and then moves laterally via Remote Desktop Protocol and Secure Shell. See the full advisory for more details, mitigations and how to prepare for a ransomware

Cyberattacks on the video game industry, big-name brand data breaches and the Tea Pot gangster make headlines this week. Here are the latest threats and advisories for the week of September 23, 2022. Threat Advisories and Alerts Iranian Cybercriminals Target Western Nations Bad actors associated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) have been exploiting Microsoft Exchange, Fortinet and VMware Horizon Log4j vulnerabilities. The attacks have hit critical US infrastructure sectors as well as Canadian, Australian and U.K. organizations. Rather than targeting specific sectors or entities, the cybercriminals are exploiting known vulnerabilities on unprotected networks to extort data and encrypt discs in support of their ransom operations. Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-257a Cybercriminals Steal Millions via Healthcare Payment Processors The FBI