Security News Headlines #104

Today's focus on the latest developments in cyber threats, tactics, and legal actions. From ransomware attacks on critical infrastructure to the discovery of new malware variants and legal disputes over cyber incident disclosures, today's round-up brings you up to speed on the evolving landscape of cybersecurity.

We cover major incidents affecting platforms like VMware, GitHub, and Apple, as well as innovative techniques used by cybercriminals. This newsletter also touches on industry responses to these threats, including Microsoft's updates on APT activity and AWS's new security features.

A New Variant of Cicada Ransomware Targets VMware ESXi Systems
A new strain of Cicada ransomware is now focusing on VMware ESXi systems, showcasing its ability to spread and encrypt data across virtualized environments. This evolution underscores the rising trend of ransomware groups targeting critical enterprise infrastructure, posing significant threats to business continuity.

Peach Sandstorm Deploys Custom 'Tickler' Malware in Prolonged Intelligence-Gathering Operations
Microsoft has identified a new custom malware called "Tickler" being used by the Iranian APT group Peach Sandstorm. The malware is part of a sophisticated campaign aimed at intelligence gathering, with a focus on critical sectors, demonstrating the group's evolving capabilities and persistence.

Docker OSX Image for Security Research Faces Apple DMCA Takedown
Apple issued a DMCA takedown notice against a Docker OSX image used by security researchers, citing unauthorized use of macOS. This move highlights the ongoing tension between tech companies and security researchers over the use of proprietary software in research.

DVUEFI Tool Simulates Real-World Firmware Attacks
DVUEFI is a new tool designed to simulate firmware attacks on UEFI, enabling organizations to test their defenses against these complex threats. The tool helps bridge the gap between theoretical vulnerabilities and practical, real-world attack scenarios.

Malicious NPM Packages Mimic Popular Libraries
Threat actors have been caught uploading malicious packages to NPM that mimic popular libraries, aiming to exploit developers' trust. These packages can steal sensitive data or inject malicious code into applications, underscoring the importance of verifying third-party code sources.

SlowTempest Campaign by China Targets Multiple Industries
China's SlowTempest campaign is targeting various industries with sophisticated cyber espionage techniques. This long-term operation, attributed to a Chinese APT group, is focused on intelligence collection, highlighting the persistent threat of state-sponsored cyber activities.

City of Columbus Sues Man After He Discloses Severity of Ransomware Attack
The City of Columbus is suing a local man who disclosed the severity of a ransomware attack against city infrastructure. The lawsuit raises ethical and legal questions about the responsibilities of those who discover and report cybersecurity incidents.

Critical Workflow Vulnerability in Fortra FileCatalyst Fixed
Fortra has released a patch for a critical workflow vulnerability in its FileCatalyst product. The flaw could have allowed unauthorized access to sensitive data, emphasizing the need for regular updates and security reviews in enterprise software.

New Voldemort Malware Abuses Google Sheets to Store Stolen Data
A newly discovered malware, dubbed Voldemort, uses Google Sheets to exfiltrate stolen data, making detection more difficult. This technique illustrates how cybercriminals exploit legitimate cloud services to avoid traditional security measures.

Voldemort Malware Exploits Global Tax Authorities
The Voldemort malware is actively targeting global tax authorities, leveraging cloud-based tools like Google Sheets for data theft. The campaign reveals the growing complexity of threats against governmental and financial institutions worldwide.

AWS Introduces Automatic Replication for Card Payment Keys Across Regions
AWS has launched a feature that automatically replicates card payment keys across multiple regions, enhancing security and resilience. This update is crucial for businesses that handle sensitive financial transactions and require robust disaster recovery options.

Grace Hopper Lecture: NSA Insights from 1982 Declassified
A recently declassified NSA lecture by Grace Hopper from 1982 reveals early insights into cybersecurity and digital systems. Hopper’s foresight continues to resonate, reflecting the enduring challenges and strategies in cybersecurity.

Green Berets' WiFi Hacking Experiment Draws Scrutiny
A WiFi hacking experiment conducted by Green Berets has raised questions about the ethical boundaries of military cyber operations. The incident underscores the growing intersection between cybersecurity and military tactics.

Okta Suggests Reducing the Number of Super Admins
Okta recommends organizations reduce the number of super admins in their systems to minimize security risks. This advice is part of a broader push to enforce the principle of least privilege and strengthen access controls.

GitHub Comments Exploited to Push Password-Stealing Malware
Cybercriminals are using GitHub comments to distribute password-stealing malware disguised as code fixes. This tactic highlights the need for vigilance when reviewing community-contributed code and underscores the risks associated with open-source platforms.