SecurityWeek
Police Dismantle Major Ukrainian Ransomware Operation
Police from several countries have dismantled a major Ukraine-based ransomware operation and arrested its alleged ringleader.
Latest Hacking News
New Alerts Issued For CitrixBleed Flaw Following Active Exploits
Given the continuous rise in active exploitation of the now-known CitrixBleed flaw, governments issued new alerts to patch unpatched Netscaler systems. The recent alerts originate from the Government of Australia and the United States, alongside
Security Affairs
Security Affairs newsletter Round 447 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
Citrix Warns Admin to Kill Active or Persistent Sessions to Thwart Hackers
This vulnerability affected Citrix NetScaler Gateway and ADC devices. Following this, AssetNote published a proof-of-concept for this vulnerability named “CitrixBleed.”
CyberNews
FEAM Aero reportedly hit by ransomware
Feam Aero, the global aircraft maintenance and technical services company, has been claimed by the LockBit ransomware gang.
Infosecurity News
LockBit Affiliates Exploiting Citrix Bleed, Government Agencies Warn
Multiple threat actor groups are found to be exploiting a vulnerability in Citrix NetScaler gateway appliances, government agencies have warned
SecurityWeek
Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability
Administrators are urged to patch the recent CitrixBleed NetScaler vulnerability as LockBit starts exploiting it.
Latest Hacking News
Canada Government Admits Data Breach Impacting Public Employees
The Government of Canada recently admitted suffering a security breach that impacted data of current and former public employees. The incident even affected the staff from the Royal Canadian Mounted Police and Canadian Armed Forces. Canada
Security Affairs
Citrix provides additional measures to address Citrix Bleed
Citrix urges admins to kill NetScaler user sessions after patching their appliances against the CVE-2023-4966 Citrix Bleed vulnerability.
CSO
Flaw in Citrix software led to the recent cyberattack on Boeing: Report
Malicious elements, including LockBit 3.0, managed to exploit vulnerabilities in Citrix software even after they were fixed.
The Hacker News
LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In
LockBit ransomware affiliates are exploiting the Citrix NetScaler flaw ("Citrix Bleed") to hijack user sessions and gain unauthorized access.
Bleeping Computer
Citrix warns admins to kill NetScaler user sessions to block hackers
Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks.
SecurityWeek
Canadian Military, Police Impacted by Data Breach at Moving Companies
Data breaches at two moving companies impacts Canadian government employees, and military and police personnel.
The Record
‘Citrix Bleed’ vulnerability targeted by nation-state and criminal hackers: CISA
The bug has caused alarm for weeks as cybersecurity experts warned that many government agencies and major companies were leaving their appliances exposed to the internet — opening themselves up to attacks.
Security Affairs
Canadian government impacted by data breaches of its contractors
The Canadian government discloses a data breach after threat actors hacked two of its contractors.
Bleeping Computer
Canadian government discloses data breach after contractor hacks
The Canadian government says two of its contractors have been hacked, exposing sensitive information belonging to an undisclosed number of government employees.
The Record
Personal info of Canadian Armed Forces, RCMP stolen in cyberattack
A cyberattack on the systems of a Canadian government contractor used for relocation services has compromised data belonging to service members and the Royal Canadian Mounted Police.
The Hacker News
8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader
The threat actors behind the 8Base ransomware are utilizing a variant of the Phobos ransomware for their attacks.
Bleeping Computer
The Week in Ransomware - November 17th 2023 - Citrix in the Crosshairs
Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files.
SecurityWeek
In Other News: Major Law Firm Hacked, Chinese Bank Pays Ransom, PyPI Security Audit
Noteworthy stories that might have slipped under the radar: top law firm hacked, Chinese bank pays ransom, PyPI conducts first security audit
SecurityWeek
CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack
Toyota Financial Services has been hit by a ransomware attack that may have involved exploitation of the CitrixBleed vulnerability.
Infosecurity News
Royal Mail to Spend £10m on Ransomware Remediation
Postal service was breached in January 2023
Ars Technica
Ransomware group reports victim it breached to SEC regulators
Group tells SEC that the victim is in violation for not reporting it was hacked.
Bleeping Computer
Toyota confirms breach after Medusa ransomware threatens to leak data
Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company.
The Hacker News
CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks
U.S. agencies warn of Rhysida ransomware double extortion attacks on multiple industries, including education, manufacturing and IT.
Infosecurity News
Half of Ransomware Groups Operating in 2023 Are New
WithSecure report highlights widespread code reuse
CyberNews
LockBit ransom gang behind mass exploitation of Citrix bug, researchers say
Security researchers are blaming a now-patched Citrix zero-day vulnerability for a recent spate of ransomware attacks said to be carried out by the LockBit gang.
The Record
FCC proposes cybersecurity pilot program for schools, libraries as attacks increase
The Federal Communications Commission proposed on Tuesday the creation of a “Schools and Libraries Cybersecurity Pilot Program” that would allow officials to collect data about the cybersecurity and advanced firewall services that would best help K-12 schools and libraries across the country defend themselves from hackers.
Bleeping Computer
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed
The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability (CVE-2023-4966) to breach the systems of large organizations, steal data, and encrypt files.
Latest Hacking News
ICBC Ransomware Attack – China’s Largest Bank Forced To Use USBs
As ransomware attacks continue wreaking havoc, the latest victim turned out to be the largest Chinese bank. The ICBC Bank admitted suffering a ransomware attack, following which, the bank switched to using USB sticks to
Ars Technica
Teens with “digital bazookas” are winning the ransomware war, researcher laments
LockBit victims, among the world's most powerful firms, can't be bothered to patch, it seems.
CyberNews
ICBC allegedly paid ransom after hack
ICBC allegedly plaid the ransom to attackers.
Security Affairs
Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024
Experts warn of an alarming rise in ransomware operations targeting the energy sector, including nuclear facilities and related research entities.
The Record
NY governor wants new cybersecurity rules for hospitals after multiple attacks
Gov. Kathy Hochul says the proposed regulations "set forth a nation-leading blueprint" for protecting hospital networks.
The Record
CISA, FBI warn that Royal ransomware gang may rebrand as ‘BlackSuit’
The leading cybersecurity agencies in the U.S. released startling new data on the Royal ransomware gang on Monday, confirming previous reports that the gang may be preparing for a rebrand.
Security Affairs
LockBit ransomware gang leaked data stolen from Boeing
The LockBit ransomware group published data allegedly stolen from the aerospace giant Boeing in a recent attack.
SecurityWeek
Ransomware Group Leaks Files Allegedly Stolen From Boeing
The LockBit ransomware group has leaked gigabytes of files allegedly stolen from the systems of aerospace giant Boeing.
CyberSecurity Dive
Weeks after Boeing attack, ransomware group leaks allegedly stolen files
The company’s data was leaked two weeks after the prolific Russia-affiliated group, LockBit, claimed responsibility for the attack.
SecurityWeek
Yellen Says Ransomware Attack on China's Biggest Bank Minimally Disrupted Treasury Market Trades
A ransomware attack that forced China’s biggest bank to take some systems offline only minimally disrupted the U.S. Treasury market.
The Record
Boeing investigating leaked data after LockBit allegedly publishes stolen info
Airplane maker Boeing said it is investigating data leaked by a prominent Russia-based ransomware gang that was allegedly stolen from the company.
The Record
Ransomware attack on Ohio city impacts multiple services
Huber Heights, Ohio, said several divisions in the city government — but not Public Safety Services — were affected by the incident.
The Record
Crooks leverage Google quiz messages as part of bitcoin scam
Scammers have discovered a way to create a new quiz in Google Forms, use a victim’s email address to respond to it, and then exploit the feature that releases the score of the quiz to send malicious emails, Cisco Talos said.
The Record
Canadian banking tech giant Moneris says it prevented ransomware attack
The joint venture of the Royal Bank of Canada and Bank of Montreal said its cybersecurity team “prevented access to critical data and no ransom request was made.”
Bleeping Computer
LockBit ransomware leaks gigabytes of Boeing data
The LockBit ransomware gang published data stolen from Boeing, one of the largest aerospace companies that services commercial airplanes and defense systems.
DarkReading
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank
Meanwhile, CISA joins the call to patch CVE-2023-4966 immediately amid reports of mass-exploit activity; at least 5,000 orgs remain exposed.
CyberSecurity Dive
Chinese banking giant’s US arm hit by ransomware attack
The hack reportedly disrupted the trading of U.S. Treasuries. The Industrial and Commercial Bank of China Financial Services said it is investigating the attack and progressing recovery efforts.
CyberNews
McLaren Health Care breach exposes medical data of 2.3M+ individuals
McLaren Health Care breach exposed millions of individuals' sensitive medical data.
Infosecurity News
ICBC and Allen & Overy Hit By Ransomware
Multinationals believed to have been targeted by LockBit
The Record
Clearing the informational fog in Israel and Gaza
The Click Here podcast team reports on wartime technological improvisations: An activist unexpectedly leads an effort to identify the missing and the dead. And an English teacher finds a way to connect mobile phones as infrastructure collapses.
CyberNews
Allen & Overy law firm breached, LockBit takes credit
Top global law firm Allen & Overy (A&O) said some of its systems have been impacted due to a “data incident” claimed by the LockBit ransomware group.
Bleeping Computer
Kyocera AVX says ransomware attack impacted 39,000 individuals
Kyocera AVX Components Corporation (KAVX) is sending notices of a data breach exposing personal information of 39,111 individuals following a ransomware attack.
The Record
Industrial and Commercial Bank of China dealing with LockBit ransomware attack
The ransomware attack on China's largest bank impacted trading on the U.S. Treasury market.
CyberSecurity Dive
CitrixBleed sparks race to patch, hunt for malicious activity
CISA urged organizations to patch, mitigate and report any positive findings as Citrix NetScaler ADC and NetScaler Gateway users remain exposed to session hijack.
Bleeping Computer
The Week in Ransomware - November 3rd 2023 - Hive's Back
Over the past couple of months, ransomware attacks have been escalating as new operations launch, old ones return, and existing operations continue to target the enterprise.
CSO
Boeing systems hit in reported Lockbit cyberattack
Boeing has confirmed that an "incident" has occurred, after reports surfaced that the Lockbit ransomware group has claimed to have exfiltrated sensitive data from the aerospace giant.
Bleeping Computer
Boeing confirms cyberattack amid LockBit ransomware claims
Aerospace giant Boeing is investigating a cyberattack that impacted its parts and distribution business after the LockBit ransomware gang claimed that they breached the company's network and stole data.
SecurityWeek
Boeing Confirms Distribution Business Hit by Cyberattack
Boeing has confirmed a cyberattack after a ransomware group claimed to have breached the company’s systems.
CyberSecurity Dive
Boeing confirms cyberattack, global services disrupted
The aerospace and defense company declined to describe the nature of the attack but said flight safety is not affected.
Cyber Security News
Boeing Admits Cyberattack; Lockbit Claims Zero-Day Exploit Was Used to Gain Access
Boeing, the aerospace industry leader, has recently reported a cyberattack on its systems. The attack primarily targeted the company's parts and distribution business.
The Record
Boeing says cyber incident affects parts and distribution business
"We are aware of a cyber incident impacting elements of our parts and distribution business," a spokesperson told Recorded Future News. "This issue does not affect flight safety.”
The Record
California community college Río Hondo dealing with cybersecurity incident
The LockBit ransomware gang added the school to its list of victims, giving officials until November 20 to pay an undisclosed ransom.
The Record
Major Mexican airport confirms experts are working to address cyberattack
The Querétaro Intercontinental Airport — about three hours from Mexico City — posted on social media that it was responding to an unspecified incident.
Cyber Security News
Boeing Breached by LockBit Ransomware Gang? Investigation Inprogress
Boeing, a major player in the aerospace industry, says it is "assessing" claims made by the LockBit ransomware group that it has taken a "tremendous amount" of confidential information from the company.
SecurityWeek
Boeing Investigating Ransomware Attack Claims
The LockBit ransomware gang claims to have stolen large amounts of data from aerospace giant Boeing, which is investigating
CyberSecurity Dive
Boeing assessing ransomware group’s claim of ‘sensitive’ data theft
A prolific Russia-affiliated group threatened to leak data if the aerospace company doesn't make contact by Nov. 2.
Infosecurity News
Boeing Investigates LockBit Ransomware Breach Claims
Group alleges it stole large volume of sensitive data
Bleeping Computer
Ransomware isn’t going away – the problem is only getting worse
Ransomware incidents continue to grow at an alarming pace, targeting the enterprise and governments worldwide. Learn more from Specops Software on how ransomware gangs gain initial access to networks and how to protect against attacks.
Bleeping Computer
September was a record month for ransomware attacks in 2023
Ransomware activity in September reached unprecedented levels following a relative lull in August that was still way above regular standards for summer months.
The Record
New York health network restores services after crippling cyberattack
Westchester Medical Center Health Network was forced to divert ambulances from three medical facilities throughout the week and faced backlash from community members for not fully explaining the situation.
The Record
Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities
Hackers are using a leaked toolkit used to create do-it-yourself versions of the popular LockBit ransomware, making it easy for even amateur cybercriminals to target common vulnerabilities.
The Record
Iran-backed hackers dwelled for 8 months in Mideast government’s system, report says
Cybersecurity firm Symantec attributed the campaign to a group it calls Crambus but others refer to as APT34, OilRig or MuddyWater.
DarkReading
Watch Out: Attackers Are Hiding Malware in 'Browser Updates'
Updating your browser when prompted is a good practice, just make sure the notification comes from the vendor themselves.
The Record
TV advertising sales giant affected by ransomware attack
Ampersand — co-owned by Comcast Corporation, Charter Communications and Cox Communications — confirmed it had dealt with a ransomware incident but declined to say when the attack occurred or whether a ransom would be paid.
Infosecurity News
Ransomware Targets Unpatched WS_FTP Servers
The threat actors attempted to escalate privileges using the open-source GodPotato tool
Bleeping Computer
The Week in Ransomware - October 13th 2023 - Increasing Attacks
Ransomware gangs continue to pummel the enterprise, with attacks causing disruption in business operations and resulting in data breaches if a ransom is not paid.
The Hacker News
Ransomware attacks doubled year on year. Are organizations equipped to handle the evolution of Ransomware in 2023?
Ransomware attacks have evolved in Q3-2023, employing new techniques to bypass defenses. Discover the strategies ransomware groups have been adopting.
The Hacker News
FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure
The FBI and CISA issue advisory on AvosLocker ransomware gang. They use open-source tools, leave minimal traces.
The Record
CDW investigating ransomware gang claims of data theft
The multibillion-dollar technology services firm CDW said it is investigating claims made by a ransomware gang that data was stolen during a cyberattack.
Bleeping Computer
Ransomware attacks now target unpatched WS_FTP servers
Internet-exposed WS_FTP servers unpatched against a maximum severity vulnerability are now targeted in ransomware attacks.
Bleeping Computer
HelloKitty ransomware source code leaked on hacking forum
A threat actor has leaked the complete source code for the first version of the HelloKitty ransomware on a Russian-speaking hacking forum, claiming to be developing a new, more powerful encryptor.
Infosecurity News
Record Numbers of Ransomware Victims Named on Leak Sites
A new Secureworks report finds that 2023 is on course to be the biggest year on record for victim naming on ‘name and shame’ sites
The Record
Microsoft: Human-operated ransomware attacks tripled over past year
Human-operated attacks typically involve the active abuse of remote monitoring and management tools. Microsoft said its data could point to a shift in how the cybercrime underground works.
The Record
Wisconsin county dealing with ransomware attack on public health department
A county in Wisconsin is responding to a ransomware attack that targeted its public health department and forced officials to take some systems offline.
The Record
UK passport database to be used to identify suspects from CCTV footage
The United Kingdom's crime and policing minister, Chris Philp, says the government is putting technology in place to take advantage of existing legal authorities to access the passport database.
DarkReading
FBI: Crippling 'Dual Ransomware Attacks' on the Rise
Once they compromise an victim with an initial ransomware attack, threat actors are ready to deploy a secondary attack with a different strain, which could leave even more damage.
Infosecurity News
FBI Warns of Dual Ransomware Attacks and Data Destruction Trends
Hackers are deploying different ransomware variants, including AvosLocker and Hive, among others
Cyber Security News
New Ransomware Trend - Threat Actors Deploy Two Ransomware on Victims' Networks
The FBI alerts on rising ransomware trends and urges organizations to follow mitigation recommendations for minimizing ransomware risks and consequences.
The Record
Virginia school district open despite LockBit ransomware attack
Fauquier County Public Schools in Virginia is facing a ransomware attack from the notorious Russian group Lockbit.
The Hacker News
FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies
FBI Alert: Dual ransomware attacks are surging, targeting U.S. businesses with multiple variants.
SecurityWeek
FBI Warns Organizations of Dual Ransomware, Wiper Attacks
The FBI warns organizations of cyberattacks that employ multiple ransomware families or deploy dormant data wipers.
The Record
FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers
An FBI industry alert obtained by Recorded Future News says organizations can expect continued foreign hacking attempts due to factors such as increased U.S. exports of liquefied natural gas, ongoing Western pressure on Russia’s energy supply and China’s reliance on oil imports.
The Record
Ransomware gangs destroying data, using multiple strains during attacks: FBI
A new FBI white paper warns the gangs are increasingly using multiple ransomware strains in the same attacks and using destructive tools beyond encryption or theft.
Bleeping Computer
FBI: Dual ransomware attack victims now get hit within 48 hours
The FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victims' networks to encrypt systems in under two days.
DarkReading
Researchers Uncover RaaS Affiliate Distributing Multiple Ransomware Strains
Ransomware-as-a-service affiliate ShadowSyndicate is unusual for the size of its malicious infrastructure and the fact that it's distributing seven different ransomware strains.
The Hacker News
ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families
Cyber experts uncover a new threat: ShadowSyndicate. Explore their connections to ransomware and the latest findings from cybersecurity experts.
Bleeping Computer
SickKids impacted by BORN Ontario data breach that hit 3.4 million
The Hospital for Sick Children, more commonly known as SickKids, is among healthcare providers that were impacted by the recent breach at BORN Ontario. The top Canadian pediatric hospital disclosed that as a part of its operations, it shares personal health information with BORN Ontario "related to pregnancy, birth and newborn care."
DarkReading
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs
The newly emerged ransomware actively targets both Windows and Linux systems with a double-extortion approach.
Infosecurity News
New Ransomware Victims Surge by 47% with Gangs Targeting Small Busines
The Trend Micro report observed that small organizations are being increasingly targeted by ransomware gangs, including LockBit and BlackCat
The Record
Cyber insurance claims spiked in first half of 2023 as ransomware attacks surged: report
A cyber insurance firm reported a significant jump in the number of claims during the first half of the year, adding that damages caused by attacks has also increased.
Cyber Security News
LockBit Using Remote Monitoring Tools to Infect Employees with Ransomware
This Russia-linked criminal group has adopted an increasingly sophisticated modus operandi, deploying Remote Monitoring and Management (RMM) tools to infiltrate target networks and discreetly execute ransomware attacks.
Cyber Security News
LockBit Demands 3% of Victim Company Revenue as Ransom
In recent developments within the notorious LockBit ransomware group, discussions among its affiliates are stirring up potential changes in their ransom payment policies.
DarkReading
LockBit Is Using RMMs to Spread Its Ransomware
The LockBit group is using native IT management software to live off the land, planting and then spreading itself before deploying its ransomware.
Cyber Security News
Threat and Vulnerability Roundup For The Week Of 10th to September 16th
This week's Threat and Vulnerability Roundup from Cyber Writes brings you the most recent cybersecurity news.
Bleeping Computer
The Week in Ransomware - September 15th 2023 - Russian Roulette
This week's big news is the extortion attacks on the Caesars and MGM Las Vegas casino chains, with one having already paid the ransom and the other still facing operational disruptions.
SecurityWeek
Extradited Russian Hacker Behind 'NLBrute' Malware Pleads Guilty
Russian hacker Dariy Pankov has pleaded guilty to computer fraud and now faces a maximum penalty of five years in federal prison.
SecurityWeek
LockBit Affiliate Deploys New 3AM Ransomware in Recent Attack
A LockBit affiliate has deployed the new 3AM ransomware family on a victim’s network, after LockBit’s execution was blocked.
Infosecurity News
Wake-Up Call as 3AM Ransomware Variant Is Discovered
Symantec says it was used in a failed LockBit attack
The Record
Upstate New York nonprofit hospitals still facing issues after LockBit ransomware attack
Carthage Area Hospital and Claxton-Hepburn Medical Center, which serve an area with more than 200,000 people,
The Record
Mozilla, CISA urge users to patch Firefox security flaw
Mozilla released an advisory this week warning users of a vulnerability affecting its popular web browser and email client.
The Record
Iranian state hackers targeted satellite, defense organizations worldwide
Hackers linked to Iran’s government targeted thousands of organizations in the satellite, defense, and pharmaceutical industries as part of an espionage campaign, according to new research.
DarkReading
When LockBit Ransomware Fails, Attackers Deploy Brand-New '3AM'
Nothing good happens after 2 a.m., they say, especially when hackers have two kinds of ransomware at their disposal.
Infosecurity News
MGM Criticized for Repeated Security Failures
The malware researchers' collective Vx-underground claimed that ALPHV/BlackCat was behind the attack against the casino giant
Bleeping Computer
Hackers use new 3AM ransomware to save failed LockBit attack
A new ransomware strain called 3AM has been uncovered after a threat actor used it in an attack that failed to deploy LockBit ransomware on a target network.
The Hacker News
Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family
A new ransomware, 3AM, has emerged! It's written in Rust and aims to encrypt files while deleting Volume Shadow copies.
The Record
Royal Dutch Football Association confirms it paid ransom for hacked employee data
The association didn’t say how large the ransom was, but it confirmed that the prolific LockBit ransomware gang was indeed behind the attack.
Ars Technica
Ransomware crooks exploit unpatched 0-day in Cisco security appliances
With no patch available yet, users must enable workarounds. The best: enforce MFA.
Bleeping Computer
Cisco warns of VPN zero-day exploited by ransomware gangs
Cisco is warning of a zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks.
SecurityWeek
US, UK Sanction More Members of Trickbot Russian Cybercrime Group
The US and UK have announced sanctions against 11 more alleged members of the Russian cybercrime group Trickbot.
The Record
Alleged LockBit attack shuts down city networks in Seville
An alleged cyberattack from the LockBit ransomware gang disrupted systems in Seville — Spain's fourth-largest city.
The Hacker News
New BLISTER Malware Update Fuelling Stealthy Network Infiltration
New BLISTER update spotted! It's now part of SocGholish attacks, spreading an open-source C2 framework called Mythic.
SecurityWeek
Ransomware Attack on Fencing Systems Maker Zaun Impacts UK Military Data
British mesh fencing systems maker Zaun discloses LockBit ransomware attack potentially impacting data related to UK military
Infosecurity News
Sensitive Data about UK Military Sites Potentially Leaked by LockBit
Zaun, the UK’s only manufacturer of fencing systems, saw its IT systems being compromised in early August
CSO
Russia-linked attackers hit UK Ministry of Defence, leak stolen data
Report claims the LockBit ransomware group has published vast amounts of stolen information on the dark web.
Cyber Security News
Threat and Vulnerability Roundup for the week of August 27th to September 2nd
The latest attack techniques, significant weaknesses, and exploits have all been highlighted. We also provide the most latest software upgrades available to keep your devices secure.
Cyber Security News
Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs
Cisco ASA SSL VPN Appliances is a type of network security device that allows remote users to access a private network over the internet securely.
Bleeping Computer
Hacking campaign bruteforces Cisco VPNs to breach networks
Hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in credential stuffing and brute-force attacks that take advantage of lapses in security defenses, such as not enforcing multi-factor authentication (MFA).
Cyber Security News
Top 3 Malware Loaders of 2023 that Fueling 80% of Cyber Attacks
Cybersecurity Analysts at ReliaQuest have recently uncovered a multitude of malware loaders that were observed to be the most active this year in 2023.
The Record
Montreal electricity organization latest victim in LockBit ransomware spree
The LockBit ransomware gang took credit for an attack on the Commission des services electriques de Montréal (CSEM) — a 100-year-old municipal organization that manages electrical infrastructure in the city of Montreal.
Infosecurity News
LockBit 3.0 Ransomware Variants Surge Post Builder Leak
Kaspersky explained that LockBit 3.0, also known as LockBit Black, first emerged in June 2022
Infosecurity News
Four in Five Cyber-Attacks Powered by Just Three Malware Loaders
ReliaQuest found that 80% of cyber intrusion campaigns used either QakBot, SocGholish or Raspberry Robin
The Record
Japan’s cybersecurity agency breached by suspected Chinese hackers: report
Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) has not publicly attributed the incident, but a report in the Financial Times cites government and private sector sources.
The Record
Pay our ransom instead of a GDPR fine, cybercrime gang tells its targets
A group that operates through a data leak blog called Ransomed tells its alleged victims that shelling out an extortion payment is smarter than facing a government fine for a data breach.
Bleeping Computer
Spain warns of LockBit Locker ransomware phishing attacks
The National Police of Spain is warning of an ongoing 'LockBit Locker' ransomware campaign targeting architecture companies in the country through phishing emails.
SecurityWeek
3 Malware Loaders Detected in 80% of Attacks: Security Firm
QakBot, SocGholish, and Raspberry Robin are the three most popular malware loaders, accounting for 80% of the observed incidents.
SecurityWeek
Ohio History Organization Says Personal Information Stolen in Ransomware Attack
Personal information stolen in ransomware attack at Ohio History Connection posted online after organization refuses to pay ransom.
The Hacker News
LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants
The leak of LockBit 3.0 ransomware builder has led to the emergence of various new cyber threats: Bl00dy, Buhti, and NATIONAL HAZARD AGENCY.
CyberSecurity Dive
Ransoming Linux and ESXi systems is getting easier
Threat actors are using memory-safe languages to release payloads for Windows, Linux and ESXi simultaneously, SentinelOne researchers warn.
The Record
Ransomware ecosystem targeting individuals, small firms remains robust
Ransomware attacks on major companies and large government organizations have dominated the headlines in 2023 but researchers from several companies are warning that smaller-scale attacks on individuals and small businesses are causing significant harm and damage too.
DarkReading
Ransomware Reaches New Heights
It's not going anywhere: Easy-to-exploit bugs like MOVEit, leaks of stolen data, and rapid-fire escalation are keeping ransomware attacks as painful as ever.
Infosecurity News
Artificial Intelligence and USBs Drive 8% Rise in Cyber-Attacks
The Check Point report also highlights an evolution of ransomware tactics
SecurityWeek
Cybersecurity Companies Report Surge in Ransomware Attacks
Cybersecurity companies have released a dozen ransomware reports in recent weeks and most of them show a surge in attacks.
Infosecurity News
Continued MOVEit Exploitation Drives Record Ransomware Attacks
NCC Group researchers observed 502 ransomware attacks in July 2023, with a large proportion made up of Clop’s continued exploitation of MOVEit
CyberSecurity Dive
MOVEit attack spree makes Clop this summer’s most-prolific ransomware group
The financially-motivated threat actor was responsible for one-third of all ransomware attacks in July, according to NCC Group and Flashpoint.
Bleeping Computer
The Week in Ransomware - August 18th 2023 - LockBit on Thin Ice
While there was quite a bit of ransomware news this week, the highlighted story was the release of Jon DiMaggio's third article in the Ransomware Diaries series, with the focus of this article on the LockBit ransomware operation.
The Record
Siemens Healthineers responds to alleged data theft by LockBit ransomware gang
Varian — a radiation oncology treatments and software maker acquired by Siemens Healthineers two years ago — is listed on the ransomware gang's site.
The Record
Ransomware gang threatens Raleigh Housing Authority months after devastating attack
A ransomware gang has started posting sensitive personal information connected to a devastating attack on the Raleigh Housing Authority (RHA) that disrupted the organization for weeks in May.
SecurityWeek
Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands
Rapid7 says criminal ransomware gangs could easily be able to purchase and use bevy of zero-day exploits for vulnerable enterprise software.
Infosecurity News
Ransomware Surges With 1500 Confirmed Victims This Year
A Rapid7 report finds there have been at least 1500 ransomware victims in the first half of 2023
The Record
Chinese hackers accused of targeting Southeast Asian gambling sector
Hackers based in China are targeting the gambling sector across Southeast Asia in a campaign that researchers say is closely related to data collection and surveillance operations identified earlier this year.
The Record
Monti ransomware targets legal and gov’t entities with new Linux-based variant
The Monti hacker gang has resumed its operations after a two-month break, this time claiming to target legal and government entities with a fresh Linux-based ransomware variant.
Bleeping Computer
Back to school security against ransomware attacks on K-12 and colleges
As we get back to school, K-12 and colleges are increasingly at risk from ransomware and data theft attacks. Learn more from Specops Software on the steps IT teams at education institutes can take to protect their care orgs from disruption and stolen data.
The Record
California city investigating data theft after ransomware group’s claims
The California city of El Cerrito is investigating the potential theft of data after a ransomware group added the city’s government to its list of victims on Wednesday.
Security Affairs
LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems
The LockBit ransomware group threatens to leak medical data of cancer patients stolen from Varian Medical Systems. The LockBit ransomware group claims to have hacked the healthcare company Varian Medical Systems and threatens to leak the medical data of cancer patients. Varian Medical Systems, Inc. designs, manufactures, sells, and services medical devices and software products […]
DarkReading
Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits
Threat actors such as the operators of the Cl0p ransomware family increasingly exploit unknown and day-one vulnerabilities in their attacks.
Bleeping Computer
The Week in Ransomware - August 4th 2023 - Targeting VMware ESXi
Ransomware gangs continue to prioritize targeting VMware ESXi servers, with almost every active ransomware gang creating custom Linux encryptors for this purpose.
Bleeping Computer
New PaperCut critical bug exposes unpatched servers to RCE attacks
PaperCut recently fixed a critical security vulnerability in its NG/MF print management software that allows unauthenticated attackers to gain remote code execution on unpatched Windows servers.
CSO
Ransomware victim numbers surge as attackers target zero-day vulnerabilities
Ransomware groups are also prioritizing the exfiltration of files, which has become the primary source of extortion.
Infosecurity News
Cyber-Attacks Targeting Government Agencies Increase 40%
BlackBerry found that public services now rank as the second most targeted industry by threat actors
Infosecurity News
Manufacturing Sector Reeling From Financial Costs of Ransomware
Analysis by Comparitech found that manufacturers have lost $46.2bn from ransomware attacks in downtime alone since 2018
The Record
Russia-linked cybercriminals target school for children with learning difficulties
The LockBit ransomware group, potentially the world’s most prolific cybercrime organization, is attempting to extort a school for children with special educational needs.
SecurityWeek
Ransomware Attacks on Industrial Organizations Doubled in Past Year: Report
The number of ransomware attacks targeting industrial organizations and infrastructure has doubled since the second quarter of 2022
.jpg)
DarkReading
Abyss Locker Ransomware Looks to Drown VMware's ESXi Servers
The 4-month-old ransomware gang is now actively targeting VMware's virtual environments with a second variant of its custom malware.
Security Affairs
Now Abyss Locker also targets VMware ESXi servers
A Linux variant of the Abyss Locker designed to target VMware ESXi servers appeared in the threat landscape, experts warn. The operators behind the Abyss Locker developed a Linux variant that targets VMware ESXi servers expanding their potential targets. VMware ESXi servers are privileged targets of ransomware groups and are often part of enterprises’ infrastructures. […]
Bleeping Computer
Linux version of Abyss Locker ransomware targets VMware ESXi servers
The Abyss Locker operation is the latest to develop a Linux encryptor to target VMware's ESXi virtual machines platform in attacks on the enterprise.
SecurityWeek
Nubeva’s Ransomware Key Interception and Decryption Technology Validated in Third-Party Lab
By intercepting ransomware keys, any successful encryption can be rapidly decrypted without paying a ransom.
The Record
Yamaha confirms cyberattack after multiple ransomware gangs claim attacks
Yamaha’s Canadian music division confirmed that it recently dealt with a cyberattack after two different ransomware groups claimed to have attacked the company.
Infosecurity News
Clop Drives Record Ransomware Activity in June
Scores of victims hit by MOVEit campaign
DarkReading
Mallox Ransomware Group Activity Shifts Into High Gear
Malicious activity targeting vulnerable SQL servers has surged 174% compared to 2022, Palo Alto's Unit 42 says.
Infosecurity News
Russian Charged with Tech Smuggling and Money Laundering
Man accused of aiding the Kremlin with dual-use tech
The Record
Wisconsin county dealing with ‘catastrophic software failure’; California city declares ransomware emergency
Ransomware continues to plague regional governments in the U.S., with a Wisconsin county announcing a “catastrophic software failure” following an alleged LockBit ransomware attack, and a California city declaring a state of emergency over a cyber incident that began last week.
CSO
Ransomware attacks cost financial organizations US$32.3 billion in downtime since 2018
Research predicts a spike in ransomware attacks against financial service organizations in 2023.
Infosecurity News
Financial Industry Faces Soaring Ransomware Threat
Banks and financial service providers have emerged as attractive targets for the most prominent ransomware groups
Bleeping Computer
Ransomware payments on record-breaking trajectory for 2023
Data from the first half of the year indicates that ransomware activity is on track to break previous records, seeing a rise in the number of payments, both big and small.
SecurityWeek
Former Security Engineer Arrested for $9 Million Crypto Exchange Hack
Former security engineer Shakeeb Ahmed has been arrested on charges related to the defrauding of decentralized crypto exchange Crema Finance.
Cyber Security News
Play Ransomware Attacking Private and Public Organizations Across Industries
This alarming pace of ransomware is significantly concerning the thousands of private and public organizations around the world across several industries.
Cyber Security News
Russian Hacker Group Attacked Largest Japanese Port
Japan’s largest port NAGOYA was attacked by pro-Russian hackers, disrupting the loading of Toyota parts by ransomware attack.
CSO
Japan’s Nagoya port resumes operations after ransomware attack
The port was not operational from Tuesday morning to Thursday afternoon. LockBit 3.0, a pro-Russia ransomware group, made a ransom demand in exchange for the system’s recovery.
DarkReading
Ransomware Halts Operations at Japan's Port of Nagoya
LockBit 3.0 claims responsibility for the cyberattack that shuttered the largest port in Japan, according to authorities.
Infosecurity News
Nagoya Port Faces Disruption After Ransomware Attack
Container import and export operations via trailer transportation have been temporarily halted
SecurityWeek
Japan's Nagoya Port Suspends Cargo Operations Following Ransomware Attack
Japan’s Port of Nagoya this week suspended cargo loading and unloading operations following a ransomware attack.
The Record
Major Japanese port suspends operation following ransomware attack
A cybercrime group believed to be operating out of Russia hit the largest and busiest trading port in Japan with a ransomware attack.
Infosecurity News
TSMC Targeted by LockBit via Supplier Breach
The giant chip manufacturer’s supplier, Kinmax, admits to an attack against its internal specific testing environment
CSO
Hit with $70M ransom demand, TSMC pins LockBit hack on breached supplier
The chipmaker said it isn’t directly hacked by LockBit but has been exposed due to an intrusion into Kinmax’s systems.
Security Affairs
Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. WordPress sites using the Ultimate Member plugin are under attack LockBit gang demands a $70 million […]
Security Affairs
LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC
The LockBit ransomware gang claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC). The LockBit ransomware group this week claimed to have hacked the Taiwan Semiconductor Manufacturing Company (TSMC) and $70 million ransom. TSMC is the world’s biggest contract manufacturer of chips for tech giants, including Apple and Qualcomm Inc. As reported by BleepingComputer, on Wednesday, […]
Bleeping Computer
The Week in Ransomware - June 30th 2023 - Mistaken Identity
A case of mistaken identity and further MOVEit Transfer data breaches continue dominated the ransomware news cycle this week.
DarkReading
Chip Giant TSMC Blames $70M LockBit Breach on IT Hardware Supplier
The group has given one of Apple's biggest semiconductor suppliers until Aug. 6 to pay $70 million or risk having its data and "points of entry" to its network publicly leaked.
Ars Technica
TSMC says some of its data was swept up in a hack on a hardware supplier
The pernicious LockBit ransomware syndicate claims responsibility and demands $70 million.
Bleeping Computer
TSMC denies LockBit hack as ransomware gang demands $70 million
Chipmaking giant TSMC (Taiwan Semiconductor Manufacturing Company) denied being hacked after the LockBit ransomware gang demanded $70 million not to release stolen data.
Infosecurity News
LockBit Claims TSMC Hack, Demands $70m Ransom
If confirmed, it could be the fourth-largest ransom demand of all time
SecurityWeek
TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant
LockBit ransomware group claims TSMC hack and is asking for a $70 million ransom, but the chip giant says only a supplier was breached.
The Record
Semiconductor giant says IT supplier was attacked; LockBit makes related claims
TSMC, considered the world’s most valuable semiconductor company, said there was an incident at IT supplier Kinmax. The LockBit cybercrime gang is claiming an attack against TSMC.
CSO
New ransomware group starts to wreak havoc
The 8Base ransomware group is now among the top two performing ransomware groups within the past month, marginally behind the infamous Lockbit ransomware group.
Bleeping Computer
Linux version of Akira ransomware targets VMware ESXi servers
The Akira ransomware operation uses a Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide.
The Hacker News
8Base Ransomware Spikes in Activity, Threatens U.S. and Brazilian Businesses
A new ransomware threat called 8Base has emerged from the shadows with a "massive spike in activity."
ZDNet
Ransomware and phishing attacks continue to plague businesses in Singapore
In Singapore last year, the number of phishing attempts more than doubled, while ransomware incidents continued to impact small and midsize businesses.
DarkReading
LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems
Under construction: The world's leading ransomware gang is workshopping ransomware for less obvious systems beyond Windows environments. Experts weigh in on how worried we should be.
DarkReading
Fresh Ransomware Gangs Emerge As Market Leaders Decline
The ransomware landscape is energized with the emergence of smaller groups and new tactics, while established gangs like LockBit see fewer victims.
Bleeping Computer
Ransomware is only getting faster: Six steps to a stronger defense
Ransomware encryption speed is crucial because it reduces the time available for an organization to react to a security breach. Included are six crucial steps for protecting your organization from the ever-increasing speed of ransomware attacks.
Security Affairs
Security Affairs newsletter Round 424 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Law enforcement shutdown a long-standing DDoS-for-hire service A Russian national charged for committing LockBit Ransomware attacks […]