Positive Technologies has identified a new threat actor, "ChamelGang," an APT targeting the fuel, energy, and aviation sectors. The company's announcement focuses on attacks against Russian organizations, but it also notes that the United States, India, Nepal, Taiwan, and Japan have been hit as well. Comparable organizations in the UK are also believed to be vulnerable. The APT operates by "exploiting ProxyShell vulnerabilities in attacks to infect Microsoft Exchange." The researchers have not yet attributed ChamelGang to any particular nation-state.
RansomEXX, a new entrant into the ransomware-as-a-service criminal-to-criminal market, apparently has some quality control issues: their decryptor, Profero reports, doesn't work reliably. It leaves many encrypted files damaged beyond immediate recovery. Many files can be recovered with additional work, but the criminals' decryptor won't help.
SecureWorks has reported a brute-force vulnerability in Azure Active Directory. Microsoft, after some initial resistance to accepting that the researchers' findings and proof-of-concept represented an actual security flaw, now intends to issue a mitigation for the vulnerability, GovInfoSecurity writes. Ars Technica summarizes what users can do in the meantime.
Researchers from the Universities of Birmingham and Surrey have demonstrated, the BBC reports, a contactless hack of a locked iPhone that enabled them to extract a Visa payment of £1,000 from Visa cards set up in the iPhone's wallet 'Express Transit' mode.
A lawsuit alleges that an Alabama hospital that delivered a baby while systems were degraded by a ransomware attack missed a condition that ultimately resulted in the baby's death, the Wall Street Journal reports.