Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, April 29, 2023.
LockBit ransomware group claimed to have stolen critical data from an Indian financial solutions company ‘Fullerton India.’a firm offering clients a wide range of services.
According to our investigations, the LockBit group claimed to have nicked about 600GB of company data from the Indian financial solutions firm coming from a successful hack.
2. RSA Conference – San Francisco 2023
Microsoft has claimed that recent attacks exploiting two vulnerabilities in the PaperCut print management software are likely the result of a Clop ransomware affiliate. The two vulnerabilities in tracked as CVE-2023–27350 a critical unauthenticated remote code execution flaw with a CVSS score of 9.8 and CVE-2023–27351 a high severity unauthenticated information disclosure flaw.
PaperCut alerted users that the vulnerabilities were being exploited in the wild and urged customers to update their servers immediately.
Researchers have spotted a new ransomware binary targeting Linux system has been attributed to the ransomware-as-a-service RTM group. RTM Locker malware is specifically geared toward ESXi hosts, as it has two related commands. Its first access vector stays unknown. Both asymmetric and symmetric encryption make it impossible to decrypt files without the attacker’s private key.
Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware’s leaked source code. It uses a combination of ECDH on Curve25519 (asymmetric encryption) and Chacha20 (symmetric encryption) to encrypt files
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Researchers discovered a vulnerability in an UDP-based network service called the Service Location Protocol (SLP) that can be abused to amplify DDoS attacks. Attackers could use the internet exposed system and their services to generate massive attacks and cleaning them up will likely take a very long time.