Security Affairs
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
The Blackbasta extortion group claimed responsibility for the attack that in April severely impacted the operations of Synlab Italia.
The Cyber Express
TRUE Solicitors LLP, a prominent law firm based in the UK specializing in personal injury claims and employment law, has
The Hacker News
Q1 2024 had 22% less ransomware attacks than Q4 2023. Why is that and is it a trend that will continue?
CyberNews
BlackBasta claimed Duvel and Boulevard Brewing Company as its latest victims.
CyberNews
Tax-free luxury travel retail chain Duty Free Americas is one of a dozen new ransomware victims claimed by the BlackBasta group on their dark leak page.
CyberNews
The LockBit ransom gang is back up since global police allege it decimated the group’s infrastructure and claimed the Ernest Health hospital network as its latest victim.
DarkReading
The now-disrupted LockBit gang outpaced its competitors in volume in 2023, as ransom amounts spiked 20% year-over-year.
Infosecurity News
Arctic Wolf found that the median ransomware demand was $600,000 in 2023, a 20% rise on the previous year
CyberScoop
The ransomware variant LockBit is responsible for 25% of ransomware incidents affecting industrial systems tracked by cybersecurity firm Dragos.
Security Affairs
The Cactus ransomware gang claims the theft of 1.5TB of data from the Energy management and industrial automation firm Schneider Electric.
The Cyber Express
The BlackBasta ransomware group strikes again, targeting Leonard's Syrups, a cherished family-owned beverage company in Michigan renowned for its rich
Cyber Security News
A new backdoor written in Rust has been discovered to be targeting macOS users which has several interesting features.
Security Affairs
Bitdefender Researchers linked a new macOS backdoor, named RustDoor, to the Black Basta and Alphv/BlackCat ransomware operations.
DarkReading
MacOS data exfiltration malware poses as an update for Visual Studio code editor.
PCMag
The macOS Trojan apparently communicates to servers associated with the hacking activities of ransomware gangs, according to Bitdefender.
Bleeping Computer
A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.
HACKRead
The backdoor impersonates a Visual Studio update, distributed as FAT binaries with Mach-O files for Intel x86_64 and ARM architectures.
Bleeping Computer
Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs.
Security Affairs
Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack
Security Affairs
The 2023 RedSense report covers long-term observations we have made regarding intel trends and interconnectivity.
The Cyber Express
The BlackBasta ransomware group has claimed two new victims, Southern Water and Asahi Glass Co., adding them to their dark
Bleeping Computer
Mortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked.
Security Affairs
Researchers and the Dutch Police released a decryptor for the Tortilla variant of the Babuk ransomware after the arrest of its operator.
The Cyber Express
The BlackBasta ransomware group has expanded its dark web portfolio by adding three new victims to its list of cyberattacks.
Security Affairs
The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden.
The Cyber Express
The infamous BlackBasta ransomware group has claimed a cyberattack on American Alarm and Communications, a prominent provider of security and communication
Infosecurity News
Notorious ransomware collective ALPHV/BlackCat may have been disrupted by law enforcement
SecurityWeek
The leak website of the notorious BlackCat/Alphv ransomware group has been offline for days and law enforcement is reportedly behind the takedown.
CyberSecurity Dive
A rise in social engineering and generative AI pose increased risks as phishing attacks and ransomware gain speed and grow more sophisticated.
Bleeping Computer
Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical.
Bleeping Computer
This was a bad week for ransomware, with the Trigona ransomware suffering a data breach and law enforcement disrupting the RagnarLocker ransomware operation.
Infosecurity News
With Operation Duck Hunt, the FBI took control of the botnet, allowed victims to uninstall the malware loader and seized $8.6m in cryptocurrency
Infosecurity News
ReliaQuest found that 80% of cyber intrusion campaigns used either QakBot, SocGholish or Raspberry Robin
SecurityWeek
QakBot, SocGholish, and Raspberry Robin are the three most popular malware loaders, accounting for 80% of the observed incidents.
Infosecurity News
Halcyon said that Cloudzy has been playing a pivotal role in facilitating cyber-criminal activities
Cyber Security News
Researchers at Cloudzy, an Iranian VPS hosting provider with 15+ data centers all around the globe had been reselling their server space.
The Hacker News
Obscure Iranian company Cloudzy is being used by cybercrime groups and nation-state crews as a command-and-control provider.
SecurityWeek
Researchers unmask an Iranian-run company providing command-and-control services to hacking groups, including state-sponsored APT actors.
The Record
An Iranian technology company is providing infrastructure services to ransomware gangs and an array of nation-state hackers, researchers have found.
Bleeping Computer
Data from the first half of the year indicates that ransomware activity is on track to break previous records, seeing a rise in the number of payments, both big and small.
The Record
Ransomware gangs have operated at a near-record profit in the first six months of the year, extorting more than $449 million from victims, according to blockchain research firm Chainalysis.
Infosecurity News
The firm said the attack occurred last Thursday and prompted it to activate its security protocols
Bleeping Computer
Ransomware gangs continue to hammer local governments in attacks, taking down IT systems and disrupting city's online services.
Bleeping Computer
German automotive and arms manufacturer Rheinmetall AG confirms that it suffered a BlackBasta ransomware attack that impacted its civilian business.
DataBreaches
Ransomware groups often promise to keep everything confidential if their victim pays them. They can’t do that if their chats are not secure and someone...
Infosecurity News
USS says 470,000 may be affected
Security Affairs
The leak of the source code of the Babuk ransomware allowed 9 ransomware gangs to create their own ransomware targeting VMware ESXi systems. SentinelLabs researchers have identified 10 ransomware families using VMware ESXi lockers based on the source code of the Babuk ransomware that was leaked in 2021. The experts pointed out that these ransomware […]
Bleeping Computer
Industrial cybersecurity company Dragos today disclosed what it describes as a "cybersecurity event" after a known cybercrime gang attempted to breach its defenses and infiltrate the internal network to encrypt devices.
Security Affairs
Researchers warn of a new ransomware family called CACTUS that exploits known vulnerabilities in VPN appliances to gain initial access to victims’ networks. Researchers from cybersecurity firm Kroll have analyzed on a new ransomware family called CACTUS that has been spotted exploiting known flaws in VPN appliances to achieve initial access to targeted networks. The […]
Bleeping Computer
A new ransomware operation called Cactus has been exploiting vulnerabilities in VPN appliances for initial access to networks of "large commercial entities."
Bleeping Computer
Veeam backup servers are being targeted by at least one group of threat actors known to work with multiple high-profile ransomware gangs.
Bleeping Computer
It has been a very quiet week for ransomware news, with only a few reports released and not much info about cyberattacks. An item of interest was Microsoft linking the recent PaperCut server attacks on the Clop and LockBit ransomware operation.
Bleeping Computer
London-based professional outsourcing giant Capita has published an update on the cyber-incident that impacted it at the start of the month, now admitting that hackers exfiltrated data from its systems.
Bleeping Computer
March 2023 was the most prolific month recorded by cybersecurity analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022.
Bleeping Computer
Ex-Conti ransomware members have teamed up with the FIN7 threat actors to distribute a new malware family named 'Domino' in attacks on corporate networks.
Bleeping Computer
QBot malware is now distributed in phishing campaigns utilizing PDFs and Windows Script Files (WSF) to infect Windows devices.
Security Affairs
Microsoft announced it has taken legal action to disrupt the illegal use of copies of the post-exploitation tool Cobalt Strike by cybercriminals. Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named ‘Beacon’ on the victim machine. The Beacon includes a wealth of functionality for the attacker, including, but […]
The Hacker News
LockBit ransomware has emerged as the most active and successful cybercrime organization globally.
Infosecurity News
The campaign leveraged the exploitation of a flaw in IBM's Aspera Faspex file-sharing software
Security Affairs
The recently discovered Windows ransomware IceFire now also targets Linux enterprise networks in multiple sectors. SentinelLabs researchers discovered new Linux versions of the recently discovered IceFire ransomware that was employed in attacks against several media and entertainment organizations worldwide. The ransomware initially targeted only Windows-based systems, with a focus on technology companies. IceFire was first detected in […]
Bleeping Computer
The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks. Here's how to block malicious OneNote phishing attachments from infecting Windows.
Bleeping Computer
This week was highlighted by a massive BlackBasta ransomware attack targeting DISH Network and taking down numerous subsidiaries, including SlingTV and Boost Mobile.
Infosecurity News
Recorded Future analyzed how threat actors have been exploiting VMware ESXi vulnerabilities over the past three years
CyberSecurity Dive
Recorded Future analysis underscores a growing ransomware threat confronting organizations using VMware ESXi.
Bleeping Computer
Microsoft revealed today that its security teams are tracking more than 100 threat actors deploying ransomware during attacks.
The Record
Ransomware experts lauded the DOJ's takedown of Hive but questioned how effective it will be without corresponding arrests.
Bleeping Computer
Ransomware gangs extorted from victims about $456.8 million throughout 2022, a drop of roughly 40% from the record-breaking $765 million recorded in the previous two years.
The Record
Scammers scamming scammers, including sometimes the scammers who have scammed them, is “an entire sub-economy” on darknet marketplaces
Bleeping Computer
This week's big news was the Colombia health system being severely disrupted by a ransomware attack on Keralty, one of the country's largest healthcare providers.
Security Affairs
Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. Security researchers at Sentinel Labs shared details about Black Basta‘s TTPs and assess it is highly likely the ransomware operation has ties with FIN7. The experts analyzed tools used by the ransomware gang in attacks, some of […]
ThreatPost
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
CyberScoop
Ransomware cases increased 47 percent amid a rise in attacks involving new strains of malware from the LockBit cybercrime syndicate.
Bleeping Computer
The U.S. State Department announced a $10 million reward today for information on five high-ranking Conti ransomware members, including showing the face of one of the members for the first time.
The Hacker News
Conti ransomware gang has shut down its infrastructure in favor of migrating its criminal activities to smaller cybercrime groups.
DataBreaches
Conti ransomware actors have created a national emergency in Costa Rica, where the government declared a state of emergency. Multiple government agencies have...