Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Play ransomware warning, QakBot is back, Mr. Cooper hack | #ransomware | #cybercrime | #hacking | #aihp

Play ransomware is no game

The US Federal Bureau of Investigation issued a joint warning about the Play ransomware group, along with CISA and the Australian Signals Directorate’s Australian Cyber Security Centre. This claims the group breached about 300 organizations since it surfaced in June 2022. This included several critical infrastructure organizations across North America, South America, and Europe. The advisory included mitigation measures specific to the group. Overall the FBI recommended organizations prioritize patching known issues, do routine vulnerability assessments, and implement multifactor authentication.  

(Bleeping Computer)

The return of QakBot

Back in August, a coordinated law enforcement effort led by the FBI took down the infrastructure of QakBot, which at the time compromised over 700,000 machines globally. Now researchers at Microsoft report seeing new activity from the group as of December 11th. This attack targeted the hospitality industry, using a spoofed IRS phishing message with a malicious PDF attached. Cisco Talos reported a rise in QakBot affiliate traffic back in October, but this is the first new activity from the group directly since the takedown.

(The Hacker News)

Hacking with Mr. Cooper

In a filing with Maine’s attorney general’s office, the mortgage and loan company Mr. Cooper, previously known as Nationstar Mortgage, confirmed it lost data on over 14 million customers in a recent cyberattack. Data included names, social security numbers, and bank account numbers. On it’s site, Mr. Cooper indicated the attack impacted 4 million current customers. A filing with federal regulators confirms the rest come from past customers. The company did not reveal further details about the method or party behind the attack. 


Predatory Sparrow blamed for Iranian fuel attack

The Israeli-linked hacktivist group Predatory Sparrow claimed it orchestrated a cyber attack against Iran’s fuel network. The attack reportedly disrupted services at roughly 70% of the country’s gas stations. Iranian media quoted the group saying it planned the attack to avoid disruption of emergency services. Iran’s civil defence agency said its still investigating the incident. Oil Minister Javad Owji said impacted stations have resumed some manual operations, but confirmed the wide scope of the disruption.. 


Huge thanks to our sponsor, Barricade Cyber Solutions

Facing a ransomware attack? Don’t panic, remain calm and remember to contact Barricade Cyber Solutions, the DFIR team trusted to quickly recover business data with exclusive ransomware recovery services for small and medium businesses alike. Recover from ransomware and get your business back online with Barricade Cyber Solutions. Visit to schedule a call with the team today.

EU investigating X

The European Union said it opened a formal investigation into the platform formally known as Twitter over potential violations to the Digital Services Act, the first such investigation under that law. A commission will look at how the social network countered the spread of misinformation in relation to the Israel-Hamas war. This will look at the function of its Community Notes feature, alleged “deceptive design” with its verification system, and advertising transparency. The investigation isn’t too much of a surprose. EU commissioner for internal affairs Thierry Breton raised concerns about misinformation on X back in October. 

(The Verge)

UK’s National Grid pulls Chinese equipment

The Financial Times’ sources say the UK electricity transmission network opted to terminate its contract with a subsidiary of the Chinese state-owned supplier Nari Technology. This came after seeking advice from the National Cyber Security Centre. Sources say National Grid will remove Nari Technology equipment that manages load balancing as well as communications between energy stations and the grid. The company made the contract decision back in April but did not give Nari a reason. 

(The Register)

Adobe ends bid to acquire Figma

The company initially announced plans to acquire Figma for $20 billion back in September 2022. Adobe now says there remains no path to obtaining regulatory approval for the deal in the EU and UK. Adobe will pay a $1 billion breakup fee. The European Commission sent Adobe a Statement of Objections back in November, warning that the deal “may reduce competition” in the design software market. 


SMTP Smuggling looks to bypass email authentication

Security researcher Timo Longin documented this new attack technique, which targets the Simple Mail Transfer Protocol. This attack takes advantage of differences in how SMTP servers interpret sequences at the end of mail messages to get around SPF, DKIM, and DMARC authentication. Impacted vendors include Microsoft, Cisco, and GMX. Both GMX and Microsoft patched the behavior. Cisco did not view the issue as a vulnerability and the technique still works against Cisco Secure Email Instances. 

(Security Week)

New SEC rules in effect

If you’re a CISO and you felt the stiff and unforgiving winds of change yesterday, it’s because the US Securities and Exchange Commission’s new rules on disclosing cyber incidents went into effect. These require reporting “material” incidents within 96 hours, although this does not require any data on remediation status or any data loss. We’ve already covered exemptions to this law for national security or public safety reasons, as well as legal challenges to it. We can assume we’ll see more of those as time goes on. 


Click Here For The Original Source.