Ransomware isn’t always about gangs making money. Sometimes it’s about nations manufacturing mayhem.

Written by Tim Starks Jan 18, 2022 | CYBERSCOOP Ransomware is fundamentally about reaping massive profits from victims — payments were on pace to cross the billion-dollar threshold in 2021,…

Suspected Chinese hackers use Log4j flaw to deploy Night Sky ransomware, Microsoft warns

Written by AJ Vicens Jan 11, 2022 | CYBERSCOOP A China-based ransomware operator has been exploiting a vulnerability in Log4j software to attack internet-facing systems running a popular virtualization service,…

US Senate passes Bill to ban goods produced from Uyghur forced labour

The US Senate on Thursday unanimously passed a Bill banning the import of all goods, including technology, produced in the Chinese region of Xinjiang to penalise the Chinese government for…

Meta removes accounts of spyware company Cytrox after Citizen Lab report on gov't hacks

Citizen Lab has released a new report highlighting widespread government use of the “Predator” spyware from North Macedonian developer Cytrox. Researchers found that Predator was used to attack two people…

Firefox: Ad blockers are 2021's most popular browser extensions

Multiple ad blockers topped Firefox’s list of the most popular and innovative add-on browser extensions of 2021.  Firefox determines which add-ons are “most popular” by calculating their average daily users…

Meta takes down 7 hacking-for-hire operations that targeted 50,000 users

Written by Tonya Riley Dec 16, 2021 | CYBERSCOOP Meta removed seven “surveillance-for-hire” organizations that used Facebook to target at least 50,000 individuals across 100 countries for surveillance operations, some…

‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems

It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks. Researchers have tracked new spyware…

The Log4j Vulnerability Is Now Used by State-Backed Hackers

The vulnerability, officially tagged as CVE-2021-44228 and called Log4Shell or LogJam, is an unauthenticated RCE vulnerability that allows total system takeover on systems running Log4j 2.0-beta9 through 2.14.1. What Happened? Nation-state hackers…

Log4j flaw: This new threat is going to affect cybersecurity for a long time

If there ever was any doubt over the severity of the Log4j vulnerability, director of US cybersecurity and infrastructure agency CISA, Jen Easterly, immediately quashed those doubts when she described…

Relentless Log4j Attacks Include State Actors, Possible Worm

More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell. Call it a “logjam” of threats: Attackers including nation-state actors have already targeted…