Researchers Spot Snowballing BianLian Ransomware Gang Activity

The operators of the emerging cross-platform ransomware BianLian increased their command and control infrastructure this month, indicating an acceleration in their operational pace. [TechWeb]( Follow Dark Reading: [RSS]( September 06, 2022 LATEST SECURITY NEWS & COMMENTARY [Researchers Spot Snowballing BianLian Ransomware Gang Activity]( The operators of the emerging cross-platform ransomware BianLian increased their command and control infrastructure this month, indicating an acceleration in their operational pace. [Raspberry Robin Malware Connected to Russian Evil Corp Gang]( Infections attributed to the USB-based worm have taken off, and now evidence links the malware to Dridex and the sanctioned Russian cybercriminal group Evil Corp. [AWS Tokens Lurking in Android, iOS Apps Crack Open Corporate Cloud Data]( Thousands of corporate mobile apps developed by businesses for use by their customers contain hardcoded AWS tokens that can be easily extracted and used to access the full run of corporate data stored in cloud buckets. [Feds, npm Issue Supply Chain Security Guidance to Avert Another SolarWinds]( The US government and the Open Source Security Foundation have released guidance to shore up software supply chain security, and now it's up to developers to act. [The Makings of a Successful Threat-Hunting Program]( Threat hunters can help build defenses as they work with offensive security teams to identify potential threats and build stronger threat barriers. [Ragnar Locker Brags About TAP Air Portugal Breach]( TAP assures its customers that it stopped data theft in a recent cyberattack, but the Ragnar Locker ransomware group says it made off with user info. [(Sponsored Article) The Pros and Cons of Managed Firewalls]( Managed firewalls are increasingly popular. This post examines the strengths and weaknesses of managed firewalls to help your team decide on the right approach. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Google Fixes 24 Vulnerabilities With New Chrome Update]( But one issue that lets websites overwrite content on a user's system clipboard appears unfixed in the new Version 105 of Chrome. [The Inevitability of Cloud Breaches: Tales of Real-World Cloud Attacks]( While cloud breaches are going to happen, that doesn't mean we can't do anything about them. By better understanding cloud attacks, organizations can better prepare for them. (First of two parts.) [Real-World Cloud Attacks: The True Tasks of Cloud Ransomware Mitigation]( Cloud breaches are inevitable — and so is cloud ransomware. (Second of two parts.) [MORE]( EDITORS' CHOICE [Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects]( The insecurities exist in CI/CD pipelines and can be used by attackers to subvert modern development and roll out malicious code at deployment. LATEST FROM THE EDGE [Don't Let 'Perfect' Be the Enemy of a Good AppSec Program]( These five suggestions provide a great place to start building a scalable and affordable program for creating secure apps. LATEST FROM DR TECHOLOGY [4 Scenarios for the Digital World of 2040]( Our digital future depends on the choices we make today. We need to invest in cybersecurity technologies and skills so that humanity can control its future. WEBINARS - [Using Identity & Access Management to Improve Cyber Defense]( End user credentials have become a central target for online attackers, enabling them to navigate your enterprise systems as trusted users. As online attackers target these credentials and end users seek to gain access to a wider variety of applications ... - [Understanding Machine Learning, Artificial Intelligence, & Deep Learning, and When to Use Them]( Advancements in artificial intelligence technology and machine learning and deep learning algorithms promise to transform enterprise security by giving IT security teams tools to detect and respond to attacks faster than before. Before security teams can use these tools, they ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [Implementing Zero Trust In Your Enterprise: How to Get Started]( - [6 Elements of a Solid IoT Security Strategy]( - [Five Best Practices for AWS Security Monitoring]( - [Eight Best Practices for a Data-Driven Approach to Cloud Migration]( - [Gartner, Quick Answer: How Can Organizations Use DNS to Improve Their Security Posture?]( - [Understanding DNS Threats and How to Use DNS to Expand Your Cybersecurity Arsenal]( [View More White Papers >>]( FEATURED REPORTS - [Breaches Prompt Changes to Enterprise IR Plans and Processes]( - [Incorporating a Prevention Mindset into Threat Detection and Response]( - [State of the Cloud: A Security Perspective]( Cloud computing has evolved over the years from a nice-to-have item on the IT wish list to a core technology driving business initiatives. But despite widespread adoption, cloud-based IT systems continue to be saddled with issues related to data security, ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [(ISC)² Launches 'Certified in Cybersecurity' Entry-Level Certification to Address Global Workforce Gap]( [(ISC)² Opens Global Enrollment for '1 Million Certified in Cybersecurity' Initiative]( [SecureAuth Announces General Availability of Arculix, Its Next-Gen Passwordless, Continuous-Authentication Platform]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Building & Maintaining an Effective Remote Access Strategy]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2022]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)