InfoSec News

DeadBolt ransomware gang tricked into giving victims free decryption keys Dutch police and other law enforcement agencies have managed to trick the DeadBolt ransomware operators into releasing 150 decryption keys for free. The method of obtaining decryption keys was found by a Dutch incident response company called Responders.NU , who shared the method with the police. The basis for the trick iss that it was possible to cancel an unconfirmed Bitcoin transaction before payment went through through, but after the decryption key was released. Because of the large amount of Bitcoin transactions taking place at one time, it can take a while for payment to actually go through. That gave police enough time to block the transactions from going through before the payment actually took place. By then they'd already received the decryption key and could pass it on to the victims. They managed to repeat the process around 150 times before the ransomware gang pulled the plug on their sy...

The 6 best VPN deals right now: October 2022 What is the best VPN deal? Surfshark VPN is ZDNET's top choice because of its low cost relative to its strong performance. We compared these VPNs' prices and value to bring you the best current deals. via Latest stories for ZDNET in Security

How to enable end-to-end encryption for Facebook Messenger chats Here's how to enable end-to-end encryption on a per-chat basis with Facebook Messenger. via Latest stories for ZDNET in Security

This latest Firefox update makes it easier to protect your privacy online The latest Mozilla Firefox release makes it easier for users to access private browsing mode. via Latest stories for ZDNET in Security

Government officials, including Russia, call for dialogue in combating cybersecurity threats Need for multilateral cooperation and open communications is the shared message amongst senior government officials from across the globe, including Russia and the United States, who have gathered in Singapore to discuss strategies in cyberdefence. via Latest stories for ZDNET in Security

Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update Details have emerged about a previously undocumented and fully undetectable (FUD) PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted approximately 100 victims," Tomer Bar, director of security research at via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

CISA Warns of Critical Flaws Affecting Industrial Appliances from Advantech and Hitachi The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released two Industrial Control Systems (ICS) advisories pertaining to severe flaws in Advantech R-SeeNet and Hitachi Energy APM Edge appliances. This consists of three weaknesses in the R-SeeNet monitoring solution, successful exploitation of which "could result in an unauthorized attacker remotely deleting files on the via The Hacker News (author: noreply@blogger.com (Ravie Lakshmanan))

How to spot a scam via Malwarebytes Labs

Fake tractor fraudsters plague online transactions The agriculture sector has been under fire from digital attacks for some time now. The primary problem so far has been ransomware, and law enforcement recently warned that malware authors may be gearing up to time their attacks in this sector for maximum damage. The FBI highlighted that attacks occurred throughout both 2021 and 2022, including outbreaks of ransomware at multi-state grain companies. Conti, Suncrypt, BlackByte, and more also put in appearances at several grain cooperatives. And now another issue for the agricultute sector: Sophisticated scams involving fake tractors and sale portals have cost certain businesses $1.2 million in the space of a month . Worryingly, the Australian Competition and Consumer Commission claims this is an increase of 20% versus the same period of time a year earlier. From fake ad to fake tractor As with so many internet scams, it begins with fake online adverts. These take the form of ...

Thermal cameras could help reveal your password Thermal imaging cameras detect heat energy, a helpful tool for engineers when hunting for thermal insulation gaps in buildings. But did you know that such devices can now aid in password theft? Because these devices are sold a lot cheaper than they used to, pretty much anyone can get their hands on them. And anyone with a thermal imaging device could be a potential password thief. Researchers from the University of Glasgow’s School of Computing Sciences have developed a system, ThermoSecure, in order to demonstrate how these thermal imaging cameras can be used for "thermal attacks." In their paper, ThermoSecure: Investigating the effectiveness of AI-driven thermal attacks on commonly used computer keyboards , Dr. Mohamed Khamis, who led the development of ThermoSecure, Dr. John Williamson, and Norah Alotaibi, the authoring team, said: "Thermal cameras, unlike regular cameras, can reveal information without requiring...