The Student Makes a Joke and Placed the Ransomware in the PyPI Repository

Encryptors were found in the PyPI repository: three malicious packages at once (requesys, requesrs and requesr), engaged in typesquatting and faking the popular Requests package. All three packages were ransomware and, as it turned out, were created by a bored schoolboy. me remind you that we also reported that Malicious PyPI Packages Steal AWS Accounts, and also that Popular PyPI ctx Package Stole Developer’s Data. Sonatype experts who discovered the malware say that anyone who mistakenly downloads and uses these packages in their projects falls victim to a rather strange ransomware malware...

Attackers Hack into Microsoft SQL Servers and Turn Them into Proxies

Attackers hack into Microsoft SQL servers, turning them into proxy servers, which they then rent out for money. Korean company Ahnlab talks about a malicious campaign in which hackers steal someone else’s bandwidth by installing proxyware on hacked machines and using them as a proxy. Such proxy systems are used by tenants for a variety of purposes, including legitimate testing, data collection, or content distribution. However, such proxies also allow access to “live” IP addresses that are not blacklisted by online stores and can be used for a variety of illegal activities (of course...

Palo Alto Networks Specialists Spoke about the Most Common Cyberthreats for Organizations in 2022

According to Palo Alto Networks’ annual report, the average ransomware ransom demand for the first half of 2022 was $30 million, with a maximum payout of about 25% of that amount, indicating that hackers are willing to bargain with their victims. the financial, legal and manufacturing sectors were the main victims, negotiations in these areas were not easy. Palo Alto Networks estimates that the average 2021 buyout for the financial industry was nearly $8 million. However, the average payment was only about $154,000, less than 2% of the original requirement. In addition, the average...

Hackers Use WebAssembly Miner to Avoid Detection

Sucuri experts recently discovered 207 sites infected with a malicious cryptocurrency miner, whose work is based on the use of WebAssembly (Wasm) in the browser. me remind you that we talked about the fact that Mining botnet Vollgar bruteforced Microsoft SQL servers for two years, and also that Cloud Botnet of 8220 Group Infected 30,000 Hosts for Cryptocurrency Mining. Analysts say they launched the investigation after one of Sucuri’s clients’ computers became noticeably slower after switching to the company’s own WordPress-powered portal. The investigation quickly uncovered...

Sources of Rust-Written Luca Stealer Malware Published on Hacker Forums

On the hack forums, the sources of the Luca Stealer malware, designed to steal information and written in Rust, are published for free. Information security researchers report that this infostealer is already actively used in attacks. me remind you that we also wrote that New Emotet Module Steals Bank Card Data from Chrome, and also that Malicious PyPI Packages Steal AWS Accounts. The author of the malware claims that it was developed in just six hours, it can be called quite hidden, and the detection rate on VirusTotal is only 22%. Since the malware is written in Rust, it allows attacking...

Microsoft Updates May Break Printing in Windows Server

Microsoft has warned that starting with optional preview updates last week, a year-old workaround that fixed Windows Server printing issues on non-compatible devices will no longer work. Therefore, there may be problems with printing. me remind you that we wrote that Microsoft is trying to fix printing problems in Windows 10, and also that Brother printers may not work in Windows 11. Last year, the developers explained that in some versions of Windows Server after installing the July 2021 security updates, various print and scan failures may occur due to a known issue. This bug affects...

Cloud Botnet of 8220 Group Infected 30,000 Hosts for Cryptocurrency Mining

SentinelOne specialists have discovered the 8220 group mining botnet, which has about 30,000 infected hosts worldwide. experts write that the 8220 group has been active since 2017 and that it is “one of many low-skilled criminal groups” that they monitor constantly. Typically, these hackers infect cloud hosts using known vulnerabilities as well as infection vectors associated with remote access. Let me remind you that we also wrote that Law Enforcement Officers Eliminated the Russian Botnet RSOCKS, and also that Phorpiex botnet stopped working, its source code is up for sale. Interestingly...

Vulnerabilities in MiCODUS GPS Trackers Allow Remote Car Hacking

Information security specialists have discovered serious vulnerabilities in GPS trackers, which are used in about 1.5 million cars in 169 countries around the world. We are talking about the device MiCODUS MV720, which contains six vulnerabilities at once. from BitSight say that vehicles equipped with these GPS trackers are used by many Fortune 50 companies, as well as governments, military, law enforcement, aerospace, shipping and manufacturing companies. MiCODUS MV720 users on the map Let me remind you that we also said that GPS devices may behave unpredictably in the coming days due to a...