Monthly Security Digest for July
Every month, we are covering the major security events for our clients. Please find an exclusive selection below.
New CosmicStrand UEFI Firmware Rootkit
An unknown Chinese-speaking threat actor has been attributed to a new kind of sophisticated Unified Extensible Firmware Interface (UEFI) firmware rootkit called CosmicStrand. Rootkits are malware implants that can embed themselves in the deepest layers of the operating system and have morphed from a rarity to an increasingly common occurrence in the threat landscape, by equipping threat actors with stealth and persistence for extended periods of time. […]
New Omega Ransomware
A new ransomware dubbed Omega targets organizations worldwide using double-extortion attacks and demands for ransom in millions of dollars. Once the ransomware infects, it appends the .omega extension to the names of the encrypted files and creates ransom notes named DECRYPT-FILES.txt. These ransom notes include a link to a Tor payment negotiation site with a support chat that victims can use to contact the ransomware gang. […]
New RedAlert Ransomware
A new ransomware operation called RedAlert or N13V has been found that targets Windows, and Linux VMware ESXi servers. This new ransomware is called RedAlert which is based on a string used in the ransom note. It was discovered by MalwareHunterTeam. The ransomware uses a Linux encryptor to target VMware ESXi servers, with command-line options that allow the threat actors to shut down any running virtual machines before encrypting files.