LockBit3.0 hits four new victims. The victims include Cheng Mei Materials Technology Corp, Foxsemicon Integrated Technology Inc (FITI), and East Valley Institute of Technology (EVIT). Cheng Mei Material Technology Corp (CMMT), whose headquarters is in Taiwan, specializes in manufacturing and selling polarized films for LCD televisions, mobile device displays, tabletop displays, automotive and public displays, and other product applications in Taiwan and Mainland China. The company revenue is estimated at $377.3 million.
Foxsemicon Integrated Technology, a Taiwan company and subsidiary of the famous Foxconn, suffered a ransomware attack, which led to the theft of 5 terabytes of data. Lockbit threatened Foxsemicon via the company websites by saying, “Your data is stolen and encrypted. If you are a Foxsemicon customer, we have all your personal data.” The group further threatened to release customers’ data on the internet before threatening the staff in a message reading, “If your management does not contact us, you will lose your job, as we are able to completely destroy Foxsemicon with no possibility of recovery.”
East Valley Institute of Technology (EVIT) is an institution famous for offering advanced, hands-on career and technical education (CTE) at two centralized campuses in Mesa, Arizona — the Dr. A. Keith Crandell (Main) Campus, 1601 W. Main St., and the East Campus, 6625 S. Power Road — and at Apache Junction High School. As of the time of reporting this incident, the institution’s website remains unavailable, which could be the aftermath of the attack. Although there is currently no information about stolen data, much is at stake because of the level of personal information in the institution’s possession.
Cybersecurity experts have warned against using pirated versions of applications on macOS due to discovered backdoors promoting hacker exploitation. Reports revealed this application is hosted on a Chinese pirating website called Mercyy. cn to gain more victims. The application allows the execution of a dropper called dylib upon opening. The dropper further fetches a backdoor called bd.log and a downloader called f101.log to allow remote access by hackers.
Despite patching the critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and Mobiletron Core to its known exploited vulnerability KEV, the United States Cybersecurity and Infrastructure Security Agency (CISA) has warned against the actively exploited Ivanti EPMM vulnerability. The vulnerability is CVE-2023-35082 with a CVSS score of 9.8, and according to Ivanti, “If exploited, this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server,”
Cybersecurity researchers detected the presence of a remote access trojan in the Oscompatible package uploaded to the NPM library. It can bypass UAC and install AnyDesk. Since the upload, the package (oscompatible) attracted 380 downloads before detection. The package contains some strange binaries, including a single executable file, a dynamic-link library (DLL), an encrypted DAT file, and a JavaScript file (index.js).
Hydratek, a Canadian company specializing in hydraulic and energy investigations, has suffered a security breach by Akira ransomware. At the time of reporting this incident, there are no details from the company yet about the extent of damage caused by the attack. Still, ongoing efforts are to resolve the situation and prevent future occurrences.
,){kind=link}