The source code of another ransomware is leaked, giving wannabe cybercriminal groups looking to get into the ransomware scene a headstart. It appears that the tool with which one can build Babuk Locker ransomware has been leaked online and is available to anyone for free. The leaked data can be used to customize versions of the ransomware.
An interesting incident of widescale exploitation of a previously known vulnerability has been reported in the last 24 hours. The flaw in question is a cross-site-scripting flaw found in Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD). The patches for the same have been issued by Cisco last year.
Top Breaches Reported in the Last 24 Hours
NewsBlur restores data
Popular news reader NewsBlur has restored services after a hacker managed to wipe the service’s MongoDB database. After gaining access, the hacker had deleted all of NewsBlur’s data.
New details on SolarWinds attack
Microsoft has observed new activities associated with the Nobelium threat group. It found that the SolarWinds attack, which impacted hundreds of organizations, continues to be active. The attack was discovered by tracing the password spray and brute-force attack patterns linked with the APT group.
A cyberattack on AcadME has affected the personal information of approximately 280,000 students in Israel. The leaked data includes emails, passwords, first and last names, addresses, and even phone numbers of students.
Top Malware Reported in the Last 24 Hours
Source code of Babuk Locker leaked
The source code of the Babuk Locker ransomware was found being shared on hacking forums. It appears that the tool with which one can build the Babuk Locker ransomware is leaked and available for free.
Top Vulnerabilities Reported in the Last 24 Hours
XSS flaw exploited in the wild
A cross-site scripting flaw discovered in Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) is being exploited in the wild. The flaw, tracked as CVE-2020-3580, was patched last year. It can be exploited by sending malicious links to users.
Microsoft rolls out patches
Microsoft has rolled out updates for two security flaws found in its Edge browser. While one is a security bypass vulnerability, the other is associated is an arbitrary code execution vulnerability.