The personal data of over 500 million Facebook users has been posted online in a low-level hacking forum, making it widely accessible to anyone. Researchers have found approximately 213,000 Bruneian records might be exposed to data leakage. The leak includes personal information such as phone numbers, full names, location, email address, birthdates, and biographical information.
A brand new ransomware variant called .hello ransomware or WickrMe Ransomware uses a Microsoft SharePoint 2019 vulnerability (CVE-2019-0604) to enter the victims’ network. From there, the threat actor leverages Cobalt Strike to pivot to the domain controller and launch ransomware attacks.
.hello (WickrMe) ransomware encrypts files and appends the ".hello" extension. For example, it renames a file named "1.jpg" to "1.jpg.hello", "2.jpg" to "2.jpg.hello", etc.
Ransomware groups are now using DDoS attacks as a negotiation tactic to increase pressure on victims who do not cooperate in paying the ransom. This "Triple Extortion" strategy has recently been used by ransomware operators SunCrypt, RagnarLocker, and Avaddon.
A new botnet named DreamBus is a malware with worm-like behavior that can propagate itself both across the Internet and literally through compromised internal networks using a variety of techniques. It installs the XMRig crypto miner on powerful enterprise-class Linux and Unix systems with the goal of using their computing power to Mine Monero cryptocurrency.