The Conti ransomware group has been slowly posting stolen information following a data breach of the Parker-Hannifin Corporation, an engineering firm with strong ties to Lockheed Martin. In other cyber security news, 200+ apps on the Google Play store have been found to distribute infostealer Facestealer.
Infostealer found in 200+ Android apps
Researchers have been tracking more than 200 Android apps, currently circulating on the Google Play store, that are being used to distribute the known infostealer Facestealer. This spyware, once installed on a device, can quickly begin extracting login credentials and other data that is commonly stored directly to the device’s memory. In the year since first being spotted, Facestealer has disguised itself as a variety of different services, including VPNs, cameras and cryptocurrency miners, though none of these apps performed the desired tasks.
Conti ransomware targets Parker-Hannifin Corp.
Nearly 2 months after a security incident at the engineering firm, Parker-Hannifin Corporation, officials have released a statement informing clients and employees of a data breach. Stolen information from the firm has been slowly posted to the Conti ransomware group’s leak site, up until April 20, when the entirety of the 419GB data set was published. This incident is significant because of the business relations that Parker-Hannifin has with Lockheed Martin and other aerospace companies for technical designs and fabrication.
Malicious trojans hiding in Roblox scripting tools
A common scripting tool for Roblox, Synapse X, has recently been discovered to be distributing trojan backdoors and other malicious files by using the tool’s self-execution services on Windows devices. With a well-known user-base of 50 million players, Roblox is a lucrative target for actors who want to hit the largest number of devices, while taking advantage of the game’s younger audience who are likely to install Synapse X without question. Fortunately, a team of researchers are working with Roblox to verify that the exploit is not more extensive.
Omnicell investigates ransomware attack
Two weeks ago, officials at Omnicell discovered a security intrusion that later developed into a full ransomware attack, which was posted in their quarterly SEC filing. The company is still investigating the extent of the attack and is working with law enforcement to verify if any information was stolen during the breach. So far, they haven’t posted anything on their official website regarding the incident. This breach continues a worrying trend of malicious actors targeting healthcare organizations that are typically lacking comprehensive security and data protection protocols.
IT Admin faces 7 years for wiping servers
Following years of being ignored regarding the significant lack of security for their company’s vital servers, a Beijing IT admin and several colleagues wiped 4 servers belonging to a real-estate brokerage firm. The admin has since been sentenced to 7 years in prison for his actions, as it cost the company $30,000 in system restorations along with unknown loss from operational inactivity. While this incident originally took place in 2018, several similar attacks by disgruntled employees have occurred in the years since and have only increased in severity.
