Time for another news recap, got some good stories this week. Enjoy!
- First news of the week is about the Locky ransomware making a comeback with a new campaign brought on by the Necurs botnet. One of the more interesting things about this campaign is that it seems like Locky is borrowing some tricks from Dridex, as their campaigns look quite similar now.
- Read More @ https://threatpost.com/locky-ransomware-roars-back-to-life-via-necurs-botnet/125156/
- Next, Russian hackers seem to be targeting the leading French presidential candidate Emmanuel Macron. There was quite a bit of concern in France over hacking being a very real threat to the election, and it looks like the fears were not for nothing.
- Read More @ http://www.darkreading.com/attacks-breaches/macron-targeted-by-russian-cyber-spies/d/d-id/1328711
- Next, the NSA’s Double Pulsar Kernel Exploit, recently publicized due to the Shadow Broker leaks is seeing use in the wild already, and research think this one might have as much staying power as the bug exploited by Conficker MS08-067. If that’s true we will be seeing this one for quite a long time.
- Read More @ https://threatpost.com/nsas-doublepulsar-kernel-exploit-in-use-internet-wide/125165/
- AV Vendor Webroot had a bad day when their April 24th update started flagging Windows system files as malicious, and even classified Facebook as a phishing site. Needless to say, that created some issues with the stability of the OS for those affected.
- Read More @ http://thehackernews.com/2017/04/webroot-antivirus-windows.html
- Next, a new IoT botnet called “Hajime” has been analyzed by Kaspersky, and at this point is about 300,000 strong. The interesting thing about this one is that it doesn’t actually seem to do anything at the moment after infecting a device, and even a message found within seems to indicate that it’s the work of a White Hat hacker. Curious.
- Read More @ https://securelist.com/blog/research/78160/hajime-the-mysterious-evolving-botnet/
- Next, a rather interesting story about how a Lithuanian man managed to trick Facebook and Google into having them send over $100M in payments, by pretending to represent a well known manufacturer that Google and Facebook work with.
- Read More @ http://www.darkreading.com/attacks-breaches/google-facebook-swindled-in-$100m-payment-scam/d/d-id/1328764
- So…the CIA Vault 7 leaks continue, and the latest to leak is the source code for a tool used to track Whistleblowers. Fantastic.
- Read More @ http://thehackernews.com/2017/04/wikiLeaks-scribbles-cia-whistleblower.html
- Last story of the week, it looks like a hacker by the name of “TDO”(The Dark Overlord) has leaked Season 5 of the Netflix series “Orange is the New Black” and he claims to have quite a lot of other content as well and was attempting to extort payment from Netflix, who refused to pay.
- Read More @ https://www.bleepingcomputer.com/news/security/hacker-leaks-orange-is-the-new-black-season-5-episodes-after-netflix-extortion-attempt-fails/