Security Affairs
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Blackbasta gang Synlab Italia attack
The Blackbasta extortion group claimed responsibility for the attack that in April severely impacted the operations of Synlab Italia.
The Cyber Express
Ransomware Group BlackBasta Targets TRUE Solicitors
TRUE Solicitors LLP, a prominent law firm based in the UK specializing in personal injury claims and employment law, has
The Hacker News
The Drop in Ransomware Attacks in 2024 and What it Means
Q1 2024 had 22% less ransomware attacks than Q4 2023. Why is that and is it a trend that will continue?
CyberNews
Duvel and Boulevard Brewing attackers post passports
BlackBasta claimed Duvel and Boulevard Brewing Company as its latest victims.
CyberNews
Duty Free Americas claimed by Black Basta ransom group
Tax-free luxury travel retail chain Duty Free Americas is one of a dozen new ransomware victims claimed by the BlackBasta group on their dark leak page.
CyberNews
LockBit back online, already targeting hospitals with ransomware
The LockBit ransom gang is back up since global police allege it decimated the group’s infrastructure and claimed the Ernest Health hospital network as its latest victim.
DarkReading
Median Ransomware Demands Grow to $600K a Pop
The now-disrupted LockBit gang outpaced its competitors in volume in 2023, as ransom amounts spiked 20% year-over-year.
Infosecurity News
Initial Ransomware Demands Jump 20% to $600,000 in 2023
Arctic Wolf found that the median ransomware demand was $600,000 in 2023, a 20% rise on the previous year
CyberScoop
Report: Manufacturing bears the brunt of industrial ransomware
The ransomware variant LockBit is responsible for 25% of ransomware incidents affecting industrial systems tracked by cybersecurity firm Dragos.
Security Affairs
Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric
The Cactus ransomware gang claims the theft of 1.5TB of data from the Energy management and industrial automation firm Schneider Electric.
The Cyber Express
BlackBasta Targets Leonard’s Syrups in Latest Ransomware Attack
The BlackBasta ransomware group strikes again, targeting Leonard's Syrups, a cherished family-owned beverage company in Michigan renowned for its rich
Cyber Security News
New Malware Mimic as Visual Studio Update to Attack macOS users
A new backdoor written in Rust has been discovered to be targeting macOS users which has several interesting features.
Security Affairs
macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations
Bitdefender Researchers linked a new macOS backdoor, named RustDoor, to the Black Basta and Alphv/BlackCat ransomware operations.
DarkReading
MacOS Targeted by New Backdoor Linked to ALPHV Ransomware
MacOS data exfiltration malware poses as an update for Visual Studio code editor.
PCMag
New MacOS Malware Might Be Linked to Ransomware Groups
The macOS Trojan apparently communicates to servers associated with the hacking activities of ransomware gangs, according to Bitdefender.
Bleeping Computer
New RustDoor macOS malware impersonates Visual Studio update
A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.
HACKRead
New Rust-Based macOS Backdoor Steals Files, Linked to Ransomware Groups
The backdoor impersonates a Visual Studio update, distributed as FAT binaries with Mach-O files for Intel x86_64 and ARM architectures.
Bleeping Computer
Ransomware payments reached record $1.1 billion in 2023
Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs.
Security Affairs
Cactus ransomware gang claims the Schneider Electric hack
Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack
Security Affairs
Yearly Intel Trend Review: The 2023 RedSense report
The 2023 RedSense report covers long-term observations we have made regarding intel trends and interconnectivity.
The Cyber Express
BlackBasta Ransomware Expands Victim List: Southern Water and Asahi Glass Co. Hit
The BlackBasta ransomware group has claimed two new victims, Southern Water and Asahi Glass Co., adding them to their dark
Bleeping Computer
The Week in Ransomware - January 12th 2024 - Targeting homeowners' data
Mortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked.
Security Affairs
Decryptor for Tortilla variant of Babuk ransomware released
Researchers and the Dutch Police released a decryptor for the Tortilla variant of the Babuk ransomware after the arrest of its operator.
The Cyber Express
BlackBasta Ransomware Rampage Continues: NALS, Graebener, Among Latest Victims
The BlackBasta ransomware group has expanded its dark web portfolio by adding three new victims to its list of cyberattacks.
Security Affairs
Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop
The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden.
The Cyber Express
BlackBasta Ransomware Targets American Alarm, Claims Breach of Sensitive Corporate Data
The infamous BlackBasta ransomware group has claimed a cyberattack on American Alarm and Communications, a prominent provider of security and communication
Infosecurity News
ALPHV/BlackCat Site Downed After Suspected Police Action
Notorious ransomware collective ALPHV/BlackCat may have been disrupted by law enforcement
SecurityWeek
Law Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website
The leak website of the notorious BlackCat/Alphv ransomware group has been offline for days and law enforcement is reportedly behind the takedown.
CyberSecurity Dive
Retailers brace for cyberthreat feast ahead of Thanksgiving shopping weekend
A rise in social engineering and generative AI pose increased risks as phishing attacks and ransomware gain speed and grow more sophisticated.
Bleeping Computer
Veeam warns of critical bugs in Veeam ONE monitoring platform
Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical.
Bleeping Computer
The Week in Ransomware - October 20th 2023 - Fighting Back
This was a bad week for ransomware, with the Trigona ransomware suffering a data breach and law enforcement disrupting the RagnarLocker ransomware operation.
Infosecurity News
FBI-Led Operation Duck Hunt Shuts Down QakBot Malware
With Operation Duck Hunt, the FBI took control of the botnet, allowed victims to uninstall the malware loader and seized $8.6m in cryptocurrency
Infosecurity News
Four in Five Cyber-Attacks Powered by Just Three Malware Loaders
ReliaQuest found that 80% of cyber intrusion campaigns used either QakBot, SocGholish or Raspberry Robin
SecurityWeek
3 Malware Loaders Detected in 80% of Attacks: Security Firm
QakBot, SocGholish, and Raspberry Robin are the three most popular malware loaders, accounting for 80% of the observed incidents.
Infosecurity News
Cloud Firm Under Scrutiny For Suspected Support of APT Operations
Halcyon said that Cloudzy has been playing a pivotal role in facilitating cyber-criminal activities
Cyber Security News
Cloud Hosting Provider Accused for Providing Infrastructure to 17 State-sponsored Hackers
Researchers at Cloudzy, an Iranian VPS hosting provider with 15+ data centers all around the globe had been reselling their server space.
The Hacker News
Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers
Obscure Iranian company Cloudzy is being used by cybercrime groups and nation-state crews as a command-and-control provider.
SecurityWeek
Iran-Run ISP 'Cloudzy' Caught Supporting Nation-State APTs, Cybercrime Hacking Groups
Researchers unmask an Iranian-run company providing command-and-control services to hacking groups, including state-sponsored APT actors.
The Record
Iranian cloud company accused of hosting cybercriminals, nation-state hackers
An Iranian technology company is providing infrastructure services to ransomware gangs and an array of nation-state hackers, researchers have found.
Bleeping Computer
Ransomware payments on record-breaking trajectory for 2023
Data from the first half of the year indicates that ransomware activity is on track to break previous records, seeing a rise in the number of payments, both big and small.
The Record
Ransomware gangs have extorted $449 million this year: Chainalysis
Ransomware gangs have operated at a near-record profit in the first six months of the year, extorting more than $449 million from victims, according to blockchain research firm Chainalysis.
Infosecurity News
Spanish Bank Globalcaja Hit By Ransomware Attack
The firm said the attack occurred last Thursday and prompted it to activate its security protocols
Bleeping Computer
The Week in Ransomware - May 26th 2023 - Cities Under Attack
Ransomware gangs continue to hammer local governments in attacks, taking down IT systems and disrupting city's online services.
Bleeping Computer
Arms maker Rheinmetall confirms BlackBasta ransomware attack
German automotive and arms manufacturer Rheinmetall AG confirms that it suffered a BlackBasta ransomware attack that impacted its civilian business.
DataBreaches
OH: Buckley King law firm hit by BlackBasta
Ransomware groups often promise to keep everything confidential if their victim pays them. They can’t do that if their chats are not secure and someone...
Infosecurity News
UK Pension Scheme: Members Should Assume Capita Data Theft
USS says 470,000 may be affected
Security Affairs
Leaked source code of Babuk ransomware used by 10 different ransomware families targeting VMware ESXi
The leak of the source code of the Babuk ransomware allowed 9 ransomware gangs to create their own ransomware targeting VMware ESXi systems. SentinelLabs researchers have identified 10 ransomware families using VMware ESXi lockers based on the source code of the Babuk ransomware that was leaked in 2021. The experts pointed out that these ransomware […]
Bleeping Computer
Cybersecurity firm Dragos discloses cybersecurity incident, extortion attempt
Industrial cybersecurity company Dragos today disclosed what it describes as a "cybersecurity event" after a known cybercrime gang attempted to breach its defenses and infiltrate the internal network to encrypt devices.
Security Affairs
New CACTUS ransomware appeared in the threat landscape
Researchers warn of a new ransomware family called CACTUS that exploits known vulnerabilities in VPN appliances to gain initial access to victims’ networks. Researchers from cybersecurity firm Kroll have analyzed on a new ransomware family called CACTUS that has been spotted exploiting known flaws in VPN appliances to achieve initial access to targeted networks. The […]
Bleeping Computer
New Cactus ransomware encrypts itself to evade antivirus
A new ransomware operation called Cactus has been exploiting vulnerabilities in VPN appliances for initial access to networks of "large commercial entities."
Bleeping Computer
Hackers target vulnerable Veeam backup servers exposed online
Veeam backup servers are being targeted by at least one group of threat actors known to work with multiple high-profile ransomware gangs.
Bleeping Computer
The Week in Ransomware - April 28th 2023 - Clop at it again
It has been a very quiet week for ransomware news, with only a few reports released and not much info about cyberattacks. An item of interest was Microsoft linking the recent PaperCut server attacks on the Clop and LockBit ransomware operation.
Bleeping Computer
Capita confirms hackers stole data in recent cyberattack
London-based professional outsourcing giant Capita has published an update on the cyber-incident that impacted it at the start of the month, now admitting that hackers exfiltrated data from its systems.
Bleeping Computer
March 2023 broke ransomware attack records with 459 incidents
March 2023 was the most prolific month recorded by cybersecurity analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022.
Bleeping Computer
Ex-Conti members and FIN7 devs team up to push new Domino malware
Ex-Conti ransomware members have teamed up with the FIN7 threat actors to distribute a new malware family named 'Domino' in attacks on corporate networks.
Bleeping Computer
New QBot email attacks use PDF and WSF combo to install malware
QBot malware is now distributed in phishing campaigns utilizing PDFs and Windows Script Files (WSF) to infect Windows devices.
Security Affairs
Microsoft aims at stopping cybercriminals from using cracked copies of Cobalt Strike
Microsoft announced it has taken legal action to disrupt the illegal use of copies of the post-exploitation tool Cobalt Strike by cybercriminals. Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named ‘Beacon’ on the victim machine. The Beacon includes a wealth of functionality for the attacker, including, but […]
The Hacker News
The Prolificacy of LockBit Ransomware
LockBit ransomware has emerged as the most active and successful cybercrime organization globally.
Infosecurity News
IceFire Ransomware Targets Linux Enterprise Networks
The campaign leveraged the exploitation of a flaw in IBM's Aspera Faspex file-sharing software
Security Affairs
Recently discovered IceFire Ransomware now also targets Linux systems
The recently discovered Windows ransomware IceFire now also targets Linux enterprise networks in multiple sectors. SentinelLabs researchers discovered new Linux versions of the recently discovered IceFire ransomware that was employed in attacks against several media and entertainment organizations worldwide. The ransomware initially targeted only Windows-based systems, with a focus on technology companies. IceFire was first detected in […]
Bleeping Computer
How to prevent Microsoft OneNote files from infecting Windows with malware
The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks. Here's how to block malicious OneNote phishing attachments from infecting Windows.
Bleeping Computer
The Week in Ransomware - March 3rd 2023 - Wide impact attacks
This week was highlighted by a massive BlackBasta ransomware attack targeting DISH Network and taking down numerous subsidiaries, including SlingTV and Boost Mobile.
Infosecurity News
Threat Analysis: VMware ESXi Attacks Soared in 2022
Recorded Future analyzed how threat actors have been exploiting VMware ESXi vulnerabilities over the past three years
CyberSecurity Dive
VMware ransomware was on the rise leading up to ESXiArgs spree, research finds
Recorded Future analysis underscores a growing ransomware threat confronting organizations using VMware ESXi.
Bleeping Computer
Microsoft: Over 100 threat actors deploy ransomware in attacks
Microsoft revealed today that its security teams are tracking more than 100 threat actors deploying ransomware during attacks.
The Record
Ransomware experts laud Hive takedown but question impact without arrests
Ransomware experts lauded the DOJ's takedown of Hive but questioned how effective it will be without corresponding arrests.
Bleeping Computer
Ransomware profits drop 40% in 2022 as victims refuse to pay
Ransomware gangs extorted from victims about $456.8 million throughout 2022, a drop of roughly 40% from the record-breaking $765 million recorded in the previous two years.
The Record
On hacking forums, even the scammers aren’t safe
Scammers scamming scammers, including sometimes the scammers who have scammed them, is “an entire sub-economy” on darknet marketplaces
Bleeping Computer
The Week in Ransomware - December 2nd 2022 - Disrupting Health Care
This week's big news was the Colombia health system being severely disrupted by a ransomware attack on Keralty, one of the country's largest healthcare providers.
Security Affairs
Experts link the Black Basta ransomware operation to FIN7 cybercrime gang
Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. Security researchers at Sentinel Labs shared details about Black Basta‘s TTPs and assess it is highly likely the ransomware operation has ties with FIN7. The experts analyzed tools used by the ransomware gang in attacks, some of […]
ThreatPost
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
CyberScoop
Ransomware attacks jump as new malware strains proliferate, research finds
Ransomware cases increased 47 percent amid a rise in attacks involving new strains of malware from the LockBit cybercrime syndicate.
Bleeping Computer
US govt will pay you $10 million for info on Conti ransomware members
The U.S. State Department announced a $10 million reward today for information on five high-ranking Conti ransomware members, including showing the face of one of the members for the first time.
The Hacker News
Conti Ransomware Operation Shut Down After Splitting into Smaller Groups
Conti ransomware gang has shut down its infrastructure in favor of migrating its criminal activities to smaller cybercrime groups.
DataBreaches
Conti abandons all pretense at professionalism, issues increasingly strident threats as Costa Rica struggles
Conti ransomware actors have created a national emergency in Costa Rica, where the government declared a state of emergency. Multiple government agencies have...