Cybersecurity firm Emsisoft has released free decryptor tools for AstraLocker, a “smash-and-grab” ransomware family that was recently retired.
Free Decryptors Released for AstraLocker Ransomware
Microsoft Confirms Temporary Rollback of Macro Blocking Feature
Microsoft has confirmed that the recent rollback of a feature related to the blocking of internet macros in its Office suite is only temporary.
‘Raspberry Robin’ Windows Worm Abuses QNAP Devices
A recently discovered Windows worm is abusing compromised QNAP network-attached storage (NAS) devices as stagers to spread to new systems, according to Cybereason.
Dubbed Raspberry Robin, the malware was initially spotted in September 2021, spreading mainly via removable devices, such as USB drives.
New ‘HavanaCrypt’ Ransomware Distributed as Fake Google Software Update
Security researchers at Trend Micro have identified a new ransomware family that is being delivered as a fake Google Software Update application.
OpenSSL Patches Remote Code Execution Vulnerability
OpenSSL has issued an urgent advisory to warn of a memory corruption vulnerability that exposes servers to remote code execution attacks.
The vulnerability, tracked as CVE-2022-2274, was introduced in OpenSSL 3.0.4 and could potentially allow malicious hackers to launch remote code attacks on unpatched SSL/TLS server side devices.
Apple Adds ‘Lockdown Mode’ to Thwart .Gov Mercenary Spyware
Faced with a surge in state-sponsored mercenary spyware attacks targeting its flagship iOS platform, Apple plans to add a new ‘Lockdown Mode’ that significantly reduces attack surface and adds technical roadblocks to limit sophisticated software exploits.
Researchers Flag ‘Significant Escalation’ in Software Supply Chain Attacks
Security researchers at ReversingLabs are warning of a “significant escalation in software supply chain attacks” after discovering more than two dozen malicious NPM packages siphoning user data from mobile and desktop applications.
DoD Launches ‘Hack US’ Bounties for Major Flaws in Publicly Exposed Assets
The United States Department of Defense (DoD) has launched a one-week bug bounty program to reward researchers who find high- and critical-severity vulnerabilities in publicly accessible assets owned by the DoD.
Evasive Rust-Coded Hive Ransomware Variant Emerges
A new variant of the Hive ransomware written using the Rust programming language is more evasive and provides attackers with flexibility, courtesy of support for command-line parameters.
Oak9 Lands $8 Million in New Venture Investment
Chicago-based Infrastructure-as-Code (IaC) startup oak9 has attracted new interest from venture capitalists with Cisco Investments and Morgan Stanley’s Next Level Fund joining a new $8 million funding round.
