DataBreaches
Double Extortion Ransomware Victims Soar 935%
Phil Muncaster reports: Researchers have recorded a 935% year-on-year increase in double extortion attacks, with data from over 2300 companies posted onto...
The Hacker News
Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide
Play ransomware, impacting 300 entities worldwide, employs a double-extortion model by exfiltrating data before encryption.
The Cyber Express
Double Eagle Energy Holdings Targeted by Hunters Ransomware Attack
The Hunters ransomware group has claimed to have launched a cyberattack on Double Eagle Energy Holdings IV, LLC, a prominent
The Hacker News
OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability
OpenSSH releases update to fix multiple security bugs, including a pre-authentication double free vulnerability (CVE-2023-25136). Upgrade now!
Bleeping Computer
Phishing attack's unusual file attachment is a double-edged sword
A threat actor uses an unusual attachment to bypass security software that is a double-edged sword that may work against them.
Bleeping Computer
8Base ransomware gang escalates double extortion attacks in June
A 8Base ransomware gang is targeting organizations worldwide in double-extortion attacks, with a steady stream of new victims since the beginning of June.
The Hacker News
CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks
U.S. agencies warn of Rhysida ransomware double extortion attacks on multiple industries, including education, manufacturing and IT.
CyberNews
India to double data center capacity in 3 years – study
India’s data center industry capacity is expected to double in the next three years from around 0.9 Gigawatts (GW) in 2023 to nearly 2GW in 2026.
Bleeping Computer
PYSA ransomware behind most double extortion attacks in November
Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful tool in threat actors' arsenal.
Naked Security
OpenSSH fixes double-free memory bug that’s pokable over the network
It’s a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct code…
Naked Security
URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”
Double-play 0-day in Exchange – what you need to know, and what you can do
Cyber Security News
Over 33% of Employees are Clicking Malicious Links - Phishing Report
The key takeaway of these data breaches is that most of these attacks happened due to human error or inadequate knowledge about phishing and malware campaigns
The Hacker News
Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry
Dragon Breath APT group using double-clean-app technique to sideload malicious DLLs and target the online gaming and gambling industries.
Naked Security
Apple patches double zero-day in browser and kernel – update now!
Double 0-day exploits – one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
Naked Security
Linux gets double-quick double-update to fix kernel Oops!
Linux doesn’t BSoD. It has oopses and panics instead. (We show you how to make a kernel module to explore further.)
DataBreaches
Double trouble for JAKKS Pacific: double locked by two ransomware groups
JAKKS Pacific, Inc. describes itself as leading designer, manufacturer and marketer of toys and consumer products sold throughout the world. The firm is...
ThreatPost
‘Double-Extortion’ Ransomware Damage Skyrockets 935%
Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found.
Infosecurity News
PayPal Used to Send Malicious “Double Spear” Invoices
Threat actors combine techniques to trick users
Security Affairs
OpenSSH addressed a new pre-auth double free vulnerability
The maintainers of OpenSSH address multiple security issues, including a memory safety bug in the OpenSSH server (sshd). The maintainers of OpenSSH have addressed a number of security vulnerabilities with the release of version 9.2. One of the issues addressed by the maintainers is a memory safety bug in the OpenSSH server (sshd) tracked as […]
Naked Security
Mozilla patches Wednesday’s Pwn2Own double-exploit… on Friday!
That was quick! 48 hours from exploit report to published patch.
Ars Technica
Google’s AI assistant can now read your emails, plan trips, “double-check” answers
Google admits that Bard isn't always accurate; ropes in Gmail through new Extensions.
DarkReading
Cyberattackers Double Down on Bypassing MFA
As companies increasingly adopt MFA (even as companies like Twitter disable it), cybercriminals are developing a variety of strategies to steal credentials and gain access to high-value accounts anyway.
Infosecurity News
BEC Volumes Double on Phishing Surge
Business email compromise overtakes ransomware
Bleeping Computer
Bitcoin.org hackers steal $17,000 in 'double your cash' scam
This week, threat actors hijacked Bitcoin.org, the authentic website of the Bitcoin project, and altered parts of the website to push a cryptocurrency giveaway scam that unfortunately some users fell for. Although the hack lasted for less than a day, hackers seem to have walked away with a little over $17,000.
Bleeping Computer
Hackers start using double DLL sideloading to evade detection
An APT hacking group known as "Dragon Breath," "Golden Eye Dog," or "APT-Q-27" is demonstrating a new trend of using several complex variations of the classic DLL sideloading technique to evade detection.
Infosecurity News
Attacks on EMEA Financial Services Double in a Year
Region also experiences most DDoS events
DataBreaches
BlackByte ransomware uses new data theft tool for double-extortion
Bill Toulas reports: A BlackByte ransomware affiliate is using a new custom data stealing tool called ‘ExByte’ to steal data from compromised...
Security Affairs
Dragon Breath APT uses double-dip DLL sideloading strategy
An APT group tracked as Dragon Breath has been observed employing a new DLL sideloading technique. Sophos researchers observed an APT group, tracked as Dragon Breath (aka APT-Q-27 and Golden Eye), that is using a new DLL sideloading technique that adds complexity and layers to the execution of the classic DLL sideloading. The attack consists of a clean […]
Infosecurity News
Cyber-Attacks on Port of LA Double
Surge in threats coming from eastern Europe
Infosecurity News
Bot Attack Costs Double to $86m Annually
Netacea warns of growing threat from malicious automation
The Record
Cyber Command, NSA nominee now double-blocked
Air Force Lt. Gen. Timothy Haugh was already subject to a long-running blockade of nominations in the Senate. Now Sen. Ron Wyden is holding it up as leverage to get more information about the NSA's potential connections with the data broker industry.
Bleeping Computer
Phishing-as-a-service operation uses double theft to boost profits
Microsoft says BulletProofLink, a large-scale phishing-as-a-service operation it spotted while investigating recent phishing attacks, is the driving force behind many phishing campaigns that have targeted many corporate organizations lately.
DataBreaches
Hospital Mergers Double the Risk of a Data Breach, Study Shows
Joseph J. Lazzarotti of JacksonLewis writes: The healthcare sector is a prime target for data breaches. According to a summary by the HIPAA Journal, 32% of...
CyberSecurity Dive
Microsoft, Apple and Google double down on FIDO passwordless standard
The move is designed to boost digital security by allowing users to quickly authenticate across multiple devices and platforms.
Bleeping Computer
What’s a Double-Blind Password Strategy and When Should It Be Used
Password security, like threat actor methods, continues to evolve. As computing power grows, previously best-practice passwords become increasingly vulnerable. Password managers have done their best to stay up-to-date, offering increased encryption security and better password recommendations.
The Hacker News
Ransomware Double-Dip: Re-Victimization in Cyber Extortion
Major cybercrime groups are under attack by police. But are these takedowns effective? Some groups vanish, others bounce back in DAYS.
DataBreaches
Clorox Expects Double-Digit Sales Drop Following Cyberattack
Michael Novinson reports: Household cleaning product giant Clorox said Wednesday that an August cyberattack had taken a big swipe out of the bleach...
DataBreaches
3CX Breach Was a Double Supply Chain Compromise
Brian Krebs reports: In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that...
The Cyber Express
Double Trouble for Banco Promerica: RansomHouse and Snatch Escalate Cybersecurity Concerns
Banco Promerica is currently facing a possible cybersecurity dilemma following recent revelations of a data breach and cyberattack. Initially highlighted
Bleeping Computer
New RA Group ransomware targets U.S. orgs in double-extortion attacks
A new ransomware group named 'RA Group' is targeting pharmaceutical, insurance, wealth management, and manufacturing firms in the United States and South Korea.
Cyber Security News
Hacker Groups Adding New Double DLL Sideloading Technique to Evade Detection
Researchers at Sophos detected the "Dragon Breath" APT group using complex DLL sideloading variations to avoid detection.
Infosecurity News
Microsoft Sway Pages Weaponized to Perform Phishing and Malware Delivery
Most phishing attack vectors observed involved clicking a direct link to a phishing page
CSO
Engineering workstation attacks on industrial control systems double: Report
Some of the biggest challenges faced in securing industrial control systems involve integrating legacy and aging operational technology with modern IT systems.
CyberNews
DeFi on the ropes as digital thefts double | Cybernews
With blockchain protocols taking a pounding from threat actors, state-backed currencies may be the best solution, says analyst.
SecurityWeek
Investors Double Down on Pangea Cyber API Security Bet
The $26 million Series B brings the total raised by Pangea to $51 million and underscores a push by venture capital investors to bet on companies in the API security category.
Infosecurity News
Calls to Incident Response Helpline Double in a Year
A rising volume of calls to the Scottish Cyber and Fraud Centre highlights surging threat levels
DataBreaches
Double whammy? Estee Lauder Breached by Two Ransomware Groups?
Phil Muncaster reports: Estee Lauder has become the latest big name to suffer an apparently serious ransomware breach, after two groups claimed to have...
Infosecurity News
BEC Volumes and Ransomware Costs Double in a Year
Annual Verizon report reveals humans are still a major source of risk
The Cyber Express
AI’s Transformative Impact on Cybersecurity: A Double-Edged Sword
The fusion of Artificial Intelligence (AI) and cybersecurity has ushered in a new era of warfare, one conducted not on
Naked Security
Double zero-day in Chrome and Edge – check your versions now!
Wouldn’t it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?
DarkReading
US Offers $10M Double-Reward for North Korea Cyberattacker Info
North Korean state-sponsored actors, who help economically prop up Kim Jong Un's dictatorship, continue to pummel US infrastructure.
DarkReading
Legal Industry Faces Double Jeopardy as a Favorite Cybercrime Target
Hackers are increasingly tantalized by the troves of sensitive data held by lightly protected law firms and legal services organizations.
The Cyber Express
Double Trouble: BlackSuit Cripples Two More Businesses in Ransomware Attack
The BlackSuit ransomware group has struck again, adding two new victims to its ever-growing list of targets. This time, the
ZDNet
NortonLifeLock sees second straight quarter of double-digit growth | ZDNet
The antivirus vendor's revenues, profits, and even bookings all exceeded 10% year-over-year growth as it barrels toward an early closure of its Avast merger.
CyberNews
Double-extorted Change Healthcare says “a substantial proportion” of Americans exposed
UnitedHealth Group has confirmed that cyberattackers compromised a massive trove of sensitive data from its tech branch Change Healthcare.
Infosecurity News
Number of Firms Unable to Access Cyber-Insurance Set to Double
Even those with policies may see coverage greatly reduced
The Cyber Express
Double Trouble: Following Ticketmaster Cyberattack, Hackers Target Parent Company Live Nation
Within a mere two-day period, two major companies have allegedly fallen victim to cyberattacks. The first incident came to light
Infosecurity News
New Spear Phish Methodology Relies on PuTTY SSH Client to Infect Systems
It tried to trick victims into clicking on malicious files as part of a fake Amazon job assessment
Infosecurity News
Ransom Demands Surge 45% in 2021
Double extortion now the norm, says Group-IB
Cyber Security News
New Cyber Attack Targeting Facebook Business Accounts
The email campaign impersonates the Facebook Ads Team to trick users into clicking a malicious link, as the email leverages social
The Record
Phishing attacks targeting Middle East countries double ahead of World Cup: report
Phishing attacks leveraging FIFA and targeting people living in Middle Eastern countries have grown 100% in the last month as the World Cup approaches.
SC Magazine
Unpatched Adobe ColdFusion bug led to double breach of US federal agency
Hackers gained initial access to the civilian agency two months after a mandatory deadline to patch the vulnerability had expired.
Bleeping Computer
WinRAR zero-day exploited since April to hack trading accounts
A WinRar zero-day vulnerability tracked as CVE-2023-38831 was actively exploited to install malware when clicking on harmless files in an archive, allowing the hackers to breach online cryptocurrency trading accounts.
ZDNet
Phishing attacks are getting scarily sophisticated. Here's what to watch out for
Phishing campaigns use fake social media profiles, in-depth research, and more to trick unsuspecting victims into clicking malicious links.
Cyber Security News
Beware of Sophisticated Phishing Campaigns That Attack Hotel Guests
Phishing is a common cyberattack technique that involves tricking users into clicking on malicious links, downloading malicious attachments, or entering sensitive information on fake websites.
ZDNet
iPhone, Android users lose life savings to romance fraud, cryptocurrency operation | ZDNet
Attackers now 'double dip' to clear out victim bank accounts.
SC Magazine
Azure-connected IoT devices at risk of RCE due to critical vulnerability
A flaw in Microsoft’s uAMQP C library for developers can lead to a “double free” memory error.
SecurityWeek
Governments Issue Warning After Play Ransomware Hits Hundreds of Organizations
US and Australian government agencies warn organizations of the Play ransomware group’s double-extortion tactics.
DataBreaches
State audits of school district IT reveal why k-12 districts are sitting ducks for threat actors
On July 15, New York State Comptroller Thomas P. DiNapoli released the following school district audits. Clicking on the links will take you to the fuller...
Infosecurity News
Researchers Discover Nearly 200,000 New Mobile Banking Trojan Installers
Kaspersky said the figures are more than double what the team observed in 2021
Bleeping Computer
Windows 11 will let you end tasks directly from the taskbar
Microsoft will soon add a new way to end unresponsive processes in Windows 11 in the form of a new option that will show up when right-clicking an app's taskbar icon.
The Hacker News
Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks
Mallox ransomware surges 174% in 2023, employing double extortion tactics by stealing data before encryption.
Bleeping Computer
Microsoft is showing ads in the Windows 11 sign-out menu
Microsoft is now promoting some of its products in the sign-out flyout menu that shows up when clicking the user icon in the Windows 11 start menu.
Bleeping Computer
Donut extortion group also targets victims with ransomware
The Donut (D0nut) extortion group has been confirmed to deploy ransomware in double-extortion attacks on the enterprise.
DarkReading
GhostLocker 2.0 Haunts Businesses Across Middle East, Africa & Asia
Ransomware cybercrime gangs GhostSec and Stormous have teamed up in widespread double-extortion attacks.
DarkReading
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs
The newly emerged ransomware actively targets both Windows and Linux systems with a double-extortion approach.
The Record
Bogus post office texts deliver a ‘shocking’ amount of traffic to scam websites
Researchers at Akamai examined how much internet traffic actually arises from people clicking on links in fake U.S. Postal Service texts.
SecurityWeek
Radiant Snags $15 Million for AI-Powered SOC Technology
Radiant Security gets $15 million in new financing as investors double down on early stage companies experimenting with AI technology.
Bleeping Computer
Microsoft found TikTok Android flaw that let hackers hijack accounts
Microsoft found and reported a high severity flaw in the TikTok Android app in February that allowed attackers to "quickly and quietly" take over accounts with one click by tricking targets into clicking a specially crafted malicious link.
ZDNet
Ransomware warning: Hackers are using Log4j flaw as part of their attacks, warns Microsoft | ZDNet
A new China-based double extortion ransomware has started exploiting the Log4Shell bug in VMware server products.
DarkReading
Emerging Ransomware Group 8Base Doxxes SMBs Globally
A threat you've never heard of is using double extortion attacks on mom-and-pop shops around the globe.
Bleeping Computer
Linux version of Akira ransomware targets VMware ESXi servers
The Akira ransomware operation uses a Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide.
Bleeping Computer
Windows 10 is getting a 'Windows Tools' control panel for power users
In future versions of Windows 10, Microsoft has removed the venerable 'Administrative Tools' and added a new 'Windows Tools' control panel with almost double the number of tools promoted within it.
DarkReading
Newbie Akira Ransomware Builds Momentum With Linux Shift
A new version of the double-extortion group's malware reflects a growing trend among ransomware actors to expand cybercrime opportunities beyond Windows.
Infosecurity News
Mastercard Doubles Speed of Fraud Detection with Generative AI
Mastercard said it is using generative AI-based predictive technology to double the speed at which it can detect potentially compromised cards
DataBreaches
If you pay ransom, you may not get your data back and worse, you probably WILL get hit again – Cybereason Survey
Ever since ransomware attacks and “double extortion” attacks became common, law enforcement has urged victims not to pay ransom demands. Paying...
Cyber Security News
Onyx Ransomware Overwrites Files Over 2MB Instead of Encrypting Them
The ransomware group uses the double extortion method of encrypting and exfiltrating data from a victim in order to extort money.
DarkReading
Lorenz Ransomware Goes After SMBs via Mitel VoIP Phone Systems
The ransomware gang has been seen exploiting a Mitel RCE flaw discovered in VoIP devices in April (and patched in July) to perform double-extortion attacks.
CyberSecurity Dive
HHS warns providers of 'exceptionally aggressive' ransomware group
The Hive group practices double extortion — demanding payment to free data it has encrypted while also threatening to release the unencrypted data publicly.
DarkReading
Stealer Thugs Behind RedLine & Vidar Pivot to Ransomware
In a notable shift in strategy, the threat actors are abusing code-signing certificates to spread a double whammy of infostealers and ransomware payloads.
Bleeping Computer
Atlassian doubles the number of orgs affected by two week outage
Atlassian says that this month's two-week-long cloud outage has impacted almost double the number of customers it initially estimated after learning of the incident.
ZDNet
One in seven ransomware extortion attempts leak key operational tech records | ZDNet
Researchers say that double-extortion ransomware attacks represent a severe risk to operational processes.
Bleeping Computer
Night Sky is the latest ransomware targeting corporate networks
It's a new year, and with it comes a new ransomware to keep an eye on called 'Night Sky' that targets corporate networks and steals data in double-extortion attacks.
Bleeping Computer
DoubleVPN servers, logs, and account info seized by law enforcement
An international law enforcement operation has seized the servers, data, and customer logs for DoubleVPN, a double-encryption service commonly used by threat actors to evade detection while performing malicious activities.
CSO
Uptycs launches agentless cloud workload scanning
Double-barreled API- and agent-based scanning is now available from cloud security company Uptycs.
The Cyber Express
2023’s Cybersecurity Slip-Ups: Small Mistakes, Big Consequences
Within the intricate landscape of cybersecurity, the year 2023 unfolds as a double-edged sword, where the interplay of innovation and
Cyber Security News
Financial Sectors Lost $20 Billion Over the Past 20 Years
In a startling revelation, cyberattacks have surged to more than double their pre-pandemic levels, casting a long shadow over global financial stability.
The Hacker News
Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023
Over 17,000 WordPress sites hit by Balada Injector malware in Sept 2023, double the August numbers
Ars Technica
FTC warns consumers to beware of QR codes used in malware and payment scams
The convenience of QR codes is a double-edged sword. Follow these tips to stay safe.
Naked Security
Firefox patches two actively exploited zero-day holes: update now!
Firefox just published a double-zero-day patch – “remote code execution” combined with “sandbox escape”. Update now!
Loading more articles....