The US Department of Justice announced a revised version of its enforcement policy regarding charging violations of the Computer Fraud and Abuse Act (CFAA), which now states that security researchers acting in good-faith shouldn’t face federal charges under the CFAA.

The DoJ describes good-faith security research as an activity aimed at accessing a computer solely for purposes of testing, investigation, and/or correction of a security flaw or vulnerability carried out in such a way as to avoid any damage to individuals or the public, and where the information obtained as part of the research is used primarily to promote the security or safety of devices and online services.

The updated policy also states that “claiming to be conducting security research is not a free pass for those acting in bad faith.”

Conti shuts down ransomware operation, splits into smaller units

Conti, a notorious Russian-speaking cybercrime syndicate behind ransomware attacks on multiple organizations and private businesses worldwide, officially shut down its operation. However, security researchers warn that the gang didn’t disappear for good, but rather split into several small, more novel brands.

On May 19, the admin panel of the Conti’s brand official website and negotiations service site were shut down. According to the cybersecurity firm AdvIntel, over the two past months the group had been creating subdivisions that began operations before the start of the shutdown process. These units used either existing Conti alter egos (like KaraKurt, BlackByte, or BlackBasta) or created new ones.

The researchers say that the shutdown was not a spontaneous decision, but rather calculated move. It appears that the group has not received any ransom payments since February due to the reluctance of victims to pay in fear of being sanctioned by the US government.

Indian airline SpiceJet grounds flights due to ransomware

Low-cost Indian airline SpiceJet has been forced to delay or cancel flights after an attempted ransomware attack on its IT systems leaving hundreds of passengers stranded in airports across the country.

The company has confirmed the incident on Twitter and said that its IT team managed to contain the attack and that SpiceJet has returned to normal operations. However, multiple customers complained via social media about the company’s response to the incident. In some cases customers have encountered flight cancellations or hours-long delays at the airports, while other passengers have been stuck inside their airplanes before departure.

SpiceJet didn’t provide any additional information on the ransomware strain involved in the attack, or how the infection has occurred.

Interpol arrests alleged leader of a Nigerian cybercrime gang behind BEC scams

Interpol announced the arrest of an unnamed 37-year-old Nigerian suspected to be a leader of a transnational cybercrime syndicate known as SilverTerrier responsible for launching mass phishing campaigns and BEC (business email compromise) attacks targeting companies and individuals across four continents.

The arrest was made as part of a police operation codenamed “Delilah” conducted by Interpol together with Nigerian law enforcement and several cybersecurity firms.

Interpol didn’t share any details but said it had enough intelligence from the partners to map out and track alleged malicious online activities of the suspect.

According to Palo Alto Networks' Unit 42, one of the cybersecurity companies assisting in the investigation, the suspect has been active since 2015 and was involved in the creation of 240 domains, 50 of which were used as command-and-control domains for ISRStealer, Pony, and LokiBot malware. The man fled Nigeria in June 2021 and was arrested in March 2022 when he attempted to re-enter the country.

General Motors suffered the credential stuffing attack that exposed customer data

US automobile manufacturer General Motors (GM) revealed it was a victim of a credential stuffing attack that exposed customer data and allowed attackers to redeem rewards points for gift cards.

In a data breach notification the company explained that the intrusion occurred between April 11, 2022 and April 29, 2022, when an unauthorized party gained access to some GM online customer accounts using compromised customer login credentials. GM said that there is no evidence that the login information was obtained from GM itself.

As a result of the intrusion, hackers could have gained access to limited customer info such as first and last name, personal email address, personal address, username and phone number for registered family members tied to the account, last known and saved favorite location information, and other personal data. Social Security numbers and driver’s license details weren’t impacted in the breach, the car giant said.

What’s next:

Follow ImmuniWeb on Twitter and LinkedIn
Subscribe to newsletter to get the next post automatically
Explore 18 use cases how ImmuniWeb can help
See the benefits of our partner program
Request a demo, quote or special price
Subscribe to our newsletter

Application Security Weekly

Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law.

Recent Blog Posts:

Cybersecurity Authorities Share A List of Top Initial Access Attack Vectors

Cybersecurity Authorities Warn of Increase of Attacks Targeting MSPs

Chinese Hackers Silently Siphoned Trade Secrets For Years