Researchers from the University of Cambridge have described a new attack method they're calling "Trojan Source." The method abuses Unicode; the researchers explain, "Rather than inserting logical bugs, adversaries can attack the encoding of source code files to inject vulnerabilities. These adversarial encodings produce no visual artifacts." Trojan Source places Bidi override characters into comments and strings from where they're moved into source code in ways that compilers accept, and that will appear unproblematic to human reviewers. The method amounts to a software supply chain vulnerability.
Ransomware gangs continue to evolve their tactics. The Daily Beast reports that the Grief Gang has sought to ratchet up the pressure on the National Rifle Association, recently one of the gang's victims, by amplifying the threat of leaks with an army of Twitter bots created in August and September. And an FBI alert issued Friday warned that the HelloKitty ransomware gang had added a third threat, distributed denial-of-service attacks, to the now familiar double extortion threat of encryption followed by the threat of doxing.
The FBI also warned, yesterday, of a ransomware tactic that's familiar but remains prominent: gangs time their attacks to coincide with significant events. In this case the noteworthy events involve major financial news.
Reuters reports that an apparent ransomware attack, detected Sunday, has disrupted healthcare management services in the Canadian province of Newfoundland. The incident has forced cancellation of some appointments, and the Niagara Falls Review says that healthcare providers in the province have temporarily reverted to paper records.