Reddit hit with ransom demand
Most of the coverage about Reddit of late relates to its controversial API pricing changes. But the company also needs to deal with the threat of a data leak. The ransomware organization ALPHV posted on its leak site it will release 80GB of data exfiltrated from Reddit in an attack the company acknowledged back in February. The attackers demanded a $4.5 million ransom and a reversal on the recent API pricing changes. Reddit said the attack stole employee information and internal documents, with “no evidence” of access to personal user data.
UK’s cyber chief moves on to organized crime
The head of the UK’s National Cyber Force, or NCF, James Babbage will leave the organization after over three decades to head up the National Crime Agency’s directorate for economic and organized crime threats. The NCA’s current interim head of the directorate Rob Jones will become the NCA’s director general for operations. This leaves the NCF in a state of flux, wth a search for Babbage underway. The organization remains understaffed due to a skills shortage in the British military and intelligence communities, with its permanent base in the UK still under construction.
Binance reaches deal with the SEC
Earlier this month, the US Securities and Exchange Commission sued the crypto exchange giant for a host of charges ranging from inflating its trading volume to failing to properly restrict US investors. Now according to a court filing seen by the New York Times, the SEC reached an agreement to allow Binance to continue operations during the course of the court proceedings. In the agreement, Binance agreed to move all US customer assets to stateside holdings, and cannot provide access to these assets to its international operations. This agreement does nothing to resolve the overall lawsuit.
(Engadget)
New toolkit targets macOS
Researchers at Bitdefenders published a preliminary report detailing a new sophisticated toolkit designed to target macOS. The earliest samples in VirusTotal showing use of this toolkit date back to April 18th. This comes as part of the multi-platform supported JokerSpy payloads, which looks for macOS and seeks to establish a connection to a C2 server. It combines this with a potent backdoor meant to gather system metadata and exfiltrate batched encoded data. It combines this with a third component written in Swift that supports Macs using x86 or ARM architectures that checks permissions, seemingly as a precursor to a spyware stage. It’s unclear what party originated the toolkit, but the researchers say its sophistication and potential spyware usage could indicate a state-sponsored actor.
And now a word from our sponsor, Wing Security
Western Digital blocking unpatched devices
Back on May 15th, Western Digital released the latest firmware update to My Cloud OS 5, used on its My Cloud and SanDisk ibi devices. This update patched several flaws, including a high severity one that “could allow an attacker to write files to locations with certain critical filesystem types.” Due to the sensitive nature of the patches, Western Digital said devices without this new firmware will no longer be able to connect to its cloud services as of June 15th. Even if cut off from cloud access, users can still access files on these devices locally.
Mystic Stealer malware on the rise
Two security firms released a report on this ascendent infostealing malware, with Zscaler and Cyfirma both issuing warnings. Researchers found advertisements for Mystic Stealer on forums going back to April. This operates on a subscription model, available for $150 a month and able to target dozens of browsers, extensions, crypto apps, password managers, and messaging apps. The malware appears under rapid development, with its operators taking feedback from established customers on its Telegram channel. Right now it targets all versions of Windows, excludes machines in the Commonwealth of Independent States, and recently added the capability to download additional payloads from C2 servers.
Fayetteville hit with cyberattack
It seems municipal and regional government systems remain ripe targets for threat actors. After we saw a cyber attack against Dallas impact public safety services, the city of Fayetteville, Arkansas is dealing with a “suspected cyber incident.” This took many city services offline. City officials protectively took email, online payments, inspection scheduling and network applications offline to prevent any further compromise. Safety services remain operational, although non-emergency police phone lines remain down. The city expects its systems to remain offline for at least a few days.
The UK doubles Ukraine cyber funding
Last year the British government announced that personnel from its GCHQ intelligence agency contributed to the cyber defense of Ukraine, particularly against the Russian-backed Idustroyer2 malware. The government now announced a “major expansion” to this program, with significantly more funding to provision forensic capabilities for Ukrainian cyber experts. This will see the UK and its allies providing £25 million in funding. It’s also anticipated for UK Prime Minister Rishi Sunak to call on the private sector to contribute to a cyber counteroffensive against Russia.