Bleeping Computer
Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks.
The Cyber Express
Microsoft patched a zero-day vulnerability exploited by attackers to distribute QakBot and other malware payloads on susceptible Windows systems. Identified
CSO
CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting.
Bleeping Computer
Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
SecurityWeek
The US government warns of Black Basta ransomware attacks targeting critical infrastructure organizations.
Infosecurity News
Affiliates of prolific Black Basta ransomware group have breached over 500 global organizations
Security Affairs
Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024, FBI and CISA reported.
Bleeping Computer
CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024.
The Record
The FBI, CISA and Department of Health and Human Services (HHS) alerted healthcare organizations to the group's activities. A separate report said Black Basta was behind the attack on Ascension healthcare system.
The Record
Dmitry Yuryevich Khoroshev, a 31-year-old Russian national, ran the LockBit ransomware gang under the alias LockbitSupp, said authorities from the U.S., U.K. and Australia.
The DFIR Report
Key Takeaways In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was … Read More
Infosecurity News
Cyber threat intelligence provider Cyble found that DragonForce was using a ransomware binary based on LockBit Black’s builder
Cyber Security News
Web Vulnerability Assessment and Penetration Testing (Web VAPT) is aimed at identifying vulnerabilities in web apps.
The Hacker News
Akira Ransomware group has already extorted roughly $42 million from over 250 victims globally. They are now targeting both Windows and Linux systems.
CSO
The disruption has impacted more than 150 plasma centers in the US, with possible effects on European operations.
SC Magazine
despite a pause in the rise of ransomware, organizations are failing to take the steps necessary to adequately defend themselves against the increase in attacks to come.
The Record
The group’s large number of attacks shortly after emerging has led experts to believe it is made up of experienced ransomware actors.
The Hacker News
Hackers are exploiting a critical vulnerability in Atlassian servers to gain admin access and deploy a Linux variant of Cerber ransomware.
CSO
Research highlights heightened threat actor interests in SAP systems, targeting poorly patched organizations.
SecurityWeek
The personal information of 500,000 people was compromised in a data breach at Group Health Cooperative of South Central Wisconsin.
Bleeping Computer
Non-profit healthcare service provider Group Health Cooperative of South Central Wisconsin (GHC-SCW) has disclosed that a ransomware gang breached its network in January and stole documents containing the personal and medical information of over 500,000 individuals.
The Record
A previously unknown ransomware gang has been attacking Russian businesses with malware based on the leaked source code from the Conti hacking group.
DarkReading
Nearly three months after Operation Cronos, it's clear the gang is not bouncing back from the innovative law-enforcement action. RaaS operators are on notice, and businesses should pay attention.
Trend Micro
Our new article provides key highlights and takeaways from Operation Cronos' disruption of LockBit's operations, as well as telemetry details on how LockBit actors operated post-disruption.
The DFIR Report
Key Takeaways We provide a range of services, one of which is our Threat Feed, specializing in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, … Read More
DarkReading
CVE-2024-48788, like many other recent Fortinet flaws, will likely be an attractive target, especially for nation-state backed actors.
CyberNews
BlackBasta claimed Duvel and Boulevard Brewing Company as its latest victims.
CyberNews
The Health Service Executive (HSE) in Ireland accidentally exposed the private information of an estimated one million citizens in December 2021, a researcher has shared.
CyberNews
Tax-free luxury travel retail chain Duty Free Americas is one of a dozen new ransomware victims claimed by the BlackBasta group on their dark leak page.
The Record
The agency responsible for monitoring financial sanctions in Britain has never detected an illicit payment to an entity embargoed under the country’s counter-ransomware regime, according to information obtained by Recorded Future News.
SC Magazine
A supply chain attack was stopped before LockBit ransomware was launched, researchers say.
Bleeping Computer
The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption.
Security Affairs
New threat actors have started exploiting ConnectWise ScreenConnect vulnerabilities, including the Black Basta and Bl00dy ransomware gangs.
Bleeping Computer
The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability.
SecurityWeek
The Black Basta and Bl00dy ransomware gangs have started exploiting two vulnerabilities in ConnectWise ScreenConnect.
Trend Micro
This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry.
SecurityWeek
The LockBit ransomware operators launched a new leak site and restored some infrastructure following the law enforcement takedown.
Infosecurity News
Law enforcement agencies involved in Operation Cronos have announced they have been in contact with the LockBit kingpin aka LockbitSupp
Cyber Security News
Over the past few years, LockBit, a ransomware-as-a-service (RaaS) operation, has been linked to multiple security incidents affecting organi
The Cyber Express
ThreeAM ransomware group has struck again, this time targeting Abcor in Australia and MTM Robotics in the United States. The
The Record
Researchers said that “attacks against both servers and client machines are currently underway” as attackers attempt to exploit the critical vulnerability.
The Hacker News
U.S. State Department has set rewards of up to $15 million for information leading to the identification and arrest of LockBit ransomware group member
The Record
Nearly two years after its creation, a task force meant to streamline federal efforts to combat ransomware hopes to further cement how the government handles key aspects of such attacks and do a better job trumpeting its contributions to the broader fight.
Trend Micro
This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.
SecurityWeek
The ransomware threat will continue to grow and expand. It is the quintessential business plan for cybercriminals.
CSO
LockBit websites displayed a takeover message by authorities, teasing full operation disclosure.
The Record
LockBit — the most prolific ransomware group in the world — had its website seized Monday as part of an international law enforcement operation that involved the U.K.’s National Crime Agency, the FBI, Europol and several international police agencies.
SC Magazine
The world’s most prolific ransomware group has been dismantled by a large international law enforcement taskforce.
The Record
International law enforcement officials said they believe they completely destroyed the prolific LockBit ransomware group, while collecting large amounts of information about its cybercrime ecosystem.
The Hacker News
A critical vulnerability (CVE-2020-3259) in Cisco ASA and FTD software has been added to CISA's KEV catalog.
Bleeping Computer
The U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders.
The Hacker News
Bumblebee, QakBot, Zloader, & PikaBot are back, sneakier than ever. Don't trust those shady emails or downloads.
Bleeping Computer
The Bumblebee malware has returned after a four-month vacation, targeting thousands of organizations in the United States in phishing campaigns.
DataBreaches
February 7, 2024 TLP:CLEAR Report: 202402071200 Executive Summary Akira ransomware is a relatively new ransomware gang that has demonstrated aggressive and...
The Cyber Express
Garon Products Inc. finds itself ensnared in the web of cybercrime as it becomes the latest target of the ThreeAM
The Cyber Express
The BlackSuit ransomware attack has claimed a new victim: the Campaign for Tobacco-Free Kids, an American non-profit organization dedicated to
CyberNews
The Hyundai Motor Corporation’s European division has reportedly been the victim of a January ransomware attack carried out by the Russian-linked Black Basta ransom gang.
Bleeping Computer
Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data.
Bleeping Computer
The U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang.
The Cyber Express
The BlackSuit ransomware group has struck again, adding two new victims to its ever-growing list of targets. This time, the
Infosecurity News
The US said the two Egyptian nationals provided cybersecurity training and support to ISIS leadership and supporters, as well as helping enable the group to use cryptocurrency
The Hacker News
Faust, the untargeted ransomware variant, highlights the need for comprehensive protection.
Bleeping Computer
Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison.
Security Affairs
The Russian national malware developer Vladimir Dunaev was sentenced to more than 5 years in prison for his role in the TrickBot operation.
Infosecurity News
Ukraine’s security services said that the hacker targeted government websites and provided intelligence to Russia to carry out missile strikes
SecurityWeek
Vladimir Dunaev sentenced to 5 years in prison after admitting to participating in the development and distribution of the TrickBot malware.
The Hacker News
Russian national Vladimir Dunaev sentenced to 5 years and 4 months for TrickBot malware involvement.
Bleeping Computer
Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide.
Infosecurity News
Southern Water confirmed a data breach had occurred after the Black Basta ransomware group purportedly published personal information held by the firm
Cyber Security News
Security analysts at Intrinsic recently discovered ThreeAM (aka 3 AM, ThreeAMtime) ransomware which has been actively attacking small and medium companies.
Security Affairs
The Black Basta ransomware gang claimed to have hacked the UK water utility Southern Water, a major player in the UK water industry.
Bleeping Computer
Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang.
The Cyber Express
The Akira ransomware group has recently targeted DENHAM the Jeanmaker, a renowned denim brand established in Amsterdam in 2008. The
The Hacker News
2023 witnessed a shocking 55.5% increase in ransomware victims! Over 4,368 cases reported globally. Stay ahead in the cybersecurity game.
Security Affairs
Researchers and the Dutch Police released a decryptor for the Tortilla variant of the Babuk ransomware after the arrest of its operator.
The Record
The “RE#TURGENCE” campaign is targeting victims in the E.U., U.S. and Latin America by going after Microsoft SQL, researchers with Securonix found.
DarkReading
The buyer could use the code to restart the up to now all-but defunct Zeppelin ransomware-as-a-service operation.
The Cyber Express
The Monti ransomware group has recently claimed responsibility for a cyberattack on Diablo Valley Oncology, adding the healthcare provider to
Security Affairs
A team of researchers released a suite of tools that could help victims to decrypt data encrypted with by the Black Basta ransomware.
SecurityWeek
A vulnerability in Black Basta ransomware’s encryption algorithm allows researchers to create a free decryptor.
Infosecurity News
Researchers at SRLabs have revealed a new suite of decryption tools for Black Basta ransomware
The Record
The printing and business services giant said its XBS division "experienced a security incident." A cybercrime gang called INC said it was responsible.
Bleeping Computer
In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks.
Cyber Security News
Top 10 Hacks of 2023. Malware. Phishing. Denial of Service (DoS). Distributed Denial of Service (DDoS). Man-in-the-Middle (MitM).
SecurityWeek
The Akira ransomware group has taken credit for the recent attack that impacted Nissan Australia and New Zealand.
The Hacker News
Ransomware groups are stepping up their game with remote encryption attacks. Just one vulnerable device can compromise an entire network.
DarkReading
Dark Web chatter indicates that Scattered Spider worked with the FBI to take down the BlackCat/ALPHV operation.
DarkReading
Microsoft and several others have reported seeing the noxious malware surfacing again in a campaign targeting the hospitality industry.
The Cyber Express
FBI Takes Down BlackCat/Alphv Ransomware! The U.S. Department of Justice (DOJ) recently announced a major breakthrough in cybersecurity efforts with
The Hacker News
Russian cybercriminal Mikhail Pavlovich Matveev, indicted by the U.S., led ransomware attacks worldwide, showing a disregard for ethics.
Bleeping Computer
The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer.
CyberNews
The Memorial Sloan Kettering Cancer Center (MSKCC) in New York City has been claimed by the Meow ransom gang.
The Cyber Express
The notorious Akira ransomware group has claimed two more victims, adding them to its list of Akira ransomware attacks. The
The Hacker News
Founder of Bitzlato cryptocurrency exchange pleads guilty to running an unlicensed money-transmitting business that aided money launderers
Bleeping Computer
Russian national Anatoly Legkodymov pleaded guilty to operating the Bitzlato cryptocurrency exchange that helped ransomware gangs and other cybercriminals launder over $700 million.
CyberNews
Roblox's accounting firm Tipalti said it's investigating ransomware claims.
CyberNews
The Royal ransomware gang rebrands and lays claim to an early November cyberattack still disrupting the Henry County School system in Central Georgia.
SecurityWeek
Vladimir Dunaev pleads guilty to his involvement in the development and deployment of the notorious TrickBot malware.
Infosecurity News
40-year-old was extradited from South Korea
The DFIR Report
In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and … Read More
Loading more articles....