Articles of interest from the week of May 8, 2023

New Cactus Ransomware Encrypts Itself To Evade Antivirus

A new ransomware operation called Cactus has been exploiting vulnerabilities in VPN appliances for initial access to networks of “large commercial entities.”

The Cactus ransomware operation has been active since at least March and is looking for big payouts from its victims. (BleepingComputer) 

“Threat actors’ tools and tactics are constantly advancing and evolving. To effectively combat these new threats, a layered defense approach that collectively monitors for and detects anomalous behavior then leverages human-in-the-loop root-cause analysis becomes imperative. By combining automated monitoring via an advanced tool stack with highly trained human expertise, we are able to provide a cybersecurity overwatch service that detects and mitigates potential threats, safeguarding organizations’ valuable data and resources.” – Kris Brochhausen, SOC Deputy Director at Ingalls Information Security

New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets

Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer (or AMOS) on Telegram for $1,000 per month, joining the likes of MacStealer.

"The Atomic macOS Stealer can steal various types of information from the victim's machine, including Keychain passwords, complete system information, files from the desktop and documents folder, and even the macOS password," Cyble researchers said in a technical report. (The Hacker News)

How One Researcher Used ChatGPT To Fool a Hacker

The release of GPT-4 back in March has changed enterprise security forever. While hackers have the ability to jailbreak these tools and generate malicious code, security teams vendors have also begun experimenting with generative AI’s detection capabilities. However, one security researcher has quietly developed an innovative new use case for ChatGPT: deception. (VentureBeat)

Microsoft Fixes Two Actively Exploited Bugs, One Used by BlackLotus Bootkit (CVE-2023-29336, CVE-2023-24932)

For May 2023 Patch Tuesday, Microsoft has delivered fixes for 38 CVE-numbered vulnerabilities, including a patch for a Windows bug (CVE-2023-29336) and a Secure Boot bypass flaw (CVE-2023-24932) exploited by attackers in the wild. (Help Net Security)

Feds Take Down 13 More DDoS-for-Hire Services

The U.S. Federal Bureau of Investigation (FBI) this week seized 13 domain names connected to “booter” services that let paying customers launch crippling distributed denial-of-service (DDoS) attacks. Ten of the domains are reincarnations of DDoS-for-hire services the FBI seized in December 2022, when it charged six U.S. men with computer crimes for allegedly operating booters. (Krebs on Security)

The Global Food Distribution Giant Sysco Discloses a Data Breach

Sysco, the global food distribution giant, disclosed a data breach, the compromised data includes customer and employee data. (Security Affairs)