CSO
FBI warns Black Basta ransomware impacted over 500 organizations worldwide
CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting.
Ars Technica
Black Basta ransomware group is imperiling critical infrastructure, groups warn
Threat group has targeted 500 organizations. One is currently struggling to cope.
SecurityWeek
Black Basta Ransomware Hit Over 500 Organizations
The US government warns of Black Basta ransomware attacks targeting critical infrastructure organizations.
The Cyber Express
Medusa Ransomware Claims UK-based Defense Solutions Provider Chemring Group as Victim
The Medusa ransomware group has demanded $3.5 million from the Chemring Group on their leak site, along with a looming
Security Affairs
MITRE attributes the recent attack to China-linked UNC5221
MITRE published more details on the recent security breach, including a timeline of the attack and attribution evidence.
SecurityWeek
MITRE Hack: China-Linked Group Breached Systems in December 2023
MITRE has shared more details on the recent hack, including the new malware and a timeline of the attacker’s activities.
CSO
Citrix quietly fixes a new critical vulnerability similar to Citrix Bleed
Much similar to Citrix-Bleed, the information disclosure bug was identified within NetScaler devices configured as gateway or virtual servers.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
The weekly news summary keeps you up to date with what’s happening in cybersecurity, including developments, vulnerabilities, breaches, threats, and defensive strategies. Knowing about new cyber risks and attack vectors helps you put up safeguards and preventive measures as soon as possible to protect your systems. Remaining constantly aware gives you a holistic view of […]
.webp)
Cyber Security News
Beware! Threat Actors Selling RDP Access on Hacker Forums
Cybersecurity communities are on high alert as threat actors have begun selling RDP access on various underground hacker forums.
SC Magazine
Change Healthcare incident caused by compromised Citrix credentialsa
UnitedHealth Group’s CEO Andrew Witty set to testify before Congress tomorrow – security pros say there’s more to the story and it will take several more months of investigation before we know the full kill chain.
The DFIR Report
From IcedID to Dagon Locker Ransomware in 29 Days - The DFIR Report
Key Takeaways In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was … Read More
The Cyber Express
St-Jerome Company Targeted in Alleged Ransomware Attack by Everest Group
The infamous Everest ransomware group has struck again, this time targeting Les Miroirs St-Antoine Inc., a longstanding company based in
Cyber Security News
Megazord Ransomware Attacking Healthcare And Government Entities
Hackers primarily use ransomware to gain financially from their victims, by blackmailing them for payments to recover their encrypted files
Bleeping Computer
CoralRaider attacks use CDN cache to push info-stealer malware
A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan.
DarkReading
MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs
The irony is lost on few, as a Chinese threat actor used eight MITRE techniques to breach MITRE itself — including exploiting the Ivanti bugs that attackers have been swarming on for months.
Security Affairs
Akira ransomware received $42M in ransom payments from over 250 victims
Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments.
The Cyber Express
Akira Ransomware Group Amasses $42 Million from Over 250 Global Attacks, FBI Warns
The Akira ransomware group has been identified as the culprit behind a series of cyberattacks targeting businesses and critical infrastructure
SecurityWeek
Akira Ransomware Made Over $42 Million in One Year: Agencies
Akira ransomware has hit over 250 organizations worldwide and received over $42 million in ransom payments.
Infosecurity News
Akira Ransomware Group Rakes in $42m, 250 Organizations Impacted
A joint advisory from Europol and US and Dutch government agencies estimated that Akira made around $42m in ransomware proceeds from March 2023 to January 2024
The Hacker News
Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers
Akira Ransomware group has already extorted roughly $42 million from over 250 victims globally. They are now targeting both Windows and Linux systems.
SC Magazine
Active adversary report: Ransomware hit a ceiling, but security teams at risk for more pain
despite a pause in the rise of ransomware, organizations are failing to take the steps necessary to adequately defend themselves against the increase in attacks to come.
Bleeping Computer
Dark Web Monitoring: What's the Value?
Cybersecurity firms commonly sell "dark web monitoring" packages, with firms having slighly different features. Learn from Flare about the different dark web monitoring packages and the value they bring to your organization.
SC Magazine
Brute-force attacks surge worldwide, warns Cisco Talos
While a longstanding method, the scale and systematic execution of the attacks signify an escalation, security pros said.
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive.
Bleeping Computer
Palo Alto Networks zero-day exploited since March to backdoor firewalls
Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials.
Bleeping Computer
Chrome Enterprise gets Premium security but you have to pay for it
Google has announced a new version of its browser for organizations, Chrome Enterprise Premium, which comes with extended security controls for a monthly fee per user.
Cyber Security News
Chrome Enterprise Premium With New AI Security Features
Google has unveiled a significant upgrade to its enterprise browsing capabilities with the launch of Chrome Enterprise Premium.
Infosecurity News
RDP Abuse Present in 90% of Ransomware Breaches
Sophos reveals “unprecedented” levels of RDP compromise in ransomware attacks in 2023
SecurityWeek
Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor
Major Linux distributions have been impacted by a supply chain attack involving backdoored versions of the XZ Utils data compression library.
The Hacker News
Detecting Windows-based Malware Through Better Visibility
Traditional defense tactics don't always apply to cyber warfare. With EventSentry, bolster your network's defense with prevention, detection, and ongo
The DFIR Report
From OneNote to RansomNote: An Ice Cold Intrusion - The DFIR Report
Key Takeaways We provide a range of services, one of which is our Threat Feed, specializing in monitoring Command and Control frameworks like Cobalt Strike, Metasploit, Sliver, Viper, Mythic, Havoc, … Read More
Cyber Security News
Wireshark 4.2.4 Released : What’s New!
Wireshark remains the go-to choice for both professionals and enthusiasts due to its unmatched capabilities in packet capturing and analysis.
The Hacker News
E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials
Moldovan national gets 3+ years in US prison for running E-Root Marketplace, a massive platform selling stolen login details.
SecurityWeek
Moldovan Operator of Credential Marketplace Sentenced to US Prison
Sandu Diaconu has been sentenced to 42 months in prison for operating a marketplace for compromised credentials.
Bleeping Computer
Admin of major stolen account marketplace gets 42 months in prison
Moldovan national Sandu Boris Diaconu has been sentenced to 42 months in prison for operating E-Root, a major online marketplace that sold access to hacked computers worldwide.
The Cyber Express
Dark Web Intrusion: Indonesian Energy Giant Targeted in Cyber Attack
A dark web actor is reportedly selling access to an Indonesian energy company, believed to be the same threat actor
The Cyber Express
BianLian Ransomware Strikes Lindsay Municipal Hospital: Another US Institution Under Attack
The Lindsay Municipal Hospital cyberattack has been claimed by the BianLian ransomware group. This nefarious organization, known for its disruptive
HACKRead
Cisco Fixes High-Severity Code Execution and VPN Hijacking Flaws
Network equipment giant Cisco has addressed security flaws impacting its Secure Client enterprise VPN application and endpoint security solutions.
HACKRead
Xplain Hack Aftermath: Play Ransomware Leaks Sensitive Swiss Government Data
In June 2023, Xplain, a Swiss IT services provider, fell victim to a cyberattack claimed by the Play ransomware group.
Infosecurity News
Ransomware Attackers Leak Sensitive Swiss Government Documents, Login
Sensitive data from Switzerland government departments were leaked by the Play ransomware group after an attack on Xplain, including classified documents and log in credentials
Cyber Security News
CISA & FBI Releases TTPs & IOCs Used by Phobos Ransomware Group
The FBI, CISA, and MS-ISAC are urging critical infrastructure organizations to be vigilant against Phobos ransomware.
Cyber Security News
Best AWS Network Access Security Solutions - 2024
Best AWS Network Access Security : 1. Perimeter 81 2. Amazon Web Services (AWS) Security 3. Palo Alto Networks 4. Fortinet 5. CheckPoint.
The Hacker News
Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure
U.S. agencies warn of Phobos ransomware attacks targeting vital sectors. Millions in ransom already paid.
Security Affairs
US cyber and law enforcement agencies warn of Phobos ransomware attacks
CISA, the FBI, and MS-ISAC issued a joint CSA to warn of attacks involving Phobos ransomware variants observed as recently as February 2024
SecurityWeek
Critical Infrastructure Organizations Warned of Phobos Ransomware Attacks
US government agencies warn of Backmydata, Devos, Eight, Elking, and Faust ransomware attacks connected to Phobos.
DarkReading
FBI, CISA Release IoCs for Phobos Ransomware
Threat actors using the malware have infected systems within government, healthcare, and other critical infrastructure organizations since at least 2019.
The Cyber Wire
Joint cybersecurity advisory on Phobos ransomware.
Comprehensive guide on mitigating Phobos ransomware threats, issued by the FBI, CISA, and MS-ISAC. This advisory unpacks the tactics, techniques, and procedures (TTPs) of the Phobos ransomware, operating under a Ransomware-as-a-Service (RaaS) model, targeting critical infrastructures since May 2019. Learn about effective strategies to secure RDP ports, remediate vulnerabilities, and implement EDR solutions to safeguard against this evolving cyber threat.
Cyber Security News
Hackers Poison SEO Results To Deploy Gootloader Malware And Steal RDP Access
Hackers poison the SEO results to manipulate search engine rankings by misdirecting users to malicious sites.
.webp)
Cyber Security News
Authorities Dismantled SugarLocker Ransomware Group
Authorities have successfully dismantled a ransomware group known as SugarLocker, which has been responsible for a series of global
The DFIR Report
SEO Poisoning to Domain Control: The Gootloader Saga Continues - The DFIR Report
Key Takeaways More information about Gootloader can be found in the following reports: The DFIR Report, GootloaderSites, Mandiant, Red Canary, & Kroll. An audio version of this report can be … Read More
The Record
Russia arrests three alleged SugarLocker ransomware members
The arrest announcement coincides with an international operation against the ransomware gang Lockbit, suggesting the move could be an attempt at PR by the Russian government.
The Cyber Express
The Cat-and-Mouse Game: ALPHV Ransomware vs. FBI – A Cybersecurity Saga Unfolds
In an unusual turn of events within the waters of the dark web, the Federal Bureau of Investigation (FBI) found
The Cyber Express
Major Australian Women Fashion Store Hit by Cyberattack, Customer Data at Risk
A group identifying themselves as RansomedVC has emerged on the dark web, claiming to possess access to an Australian women's
DarkReading
Islamic Nonprofit Infiltrated for 3 Years With Silent Backdoor
Saudi Arabia charity was under surveillance with the modified reverse proxy tool, researchers discovered.
SecurityWeek
Seeing is Believing… and Securing
Marsh says by adopting its recommended controls, 14% of its customers enjoyed lower cyber insurance premiums in the past year.
SecurityWeek
Ransomware Attack Knocks 100 Romanian Hospitals Offline
Romanian hospitals turn to pen and paper after ransomware attack on centralized healthcare management system.
The Cyber Express
$35 Billion Chinese Real Estate Giant Hacked, RDP Access Sold for $10,000
A hacker, cloaked in anonymity, asserted that they had illicitly obtained Remote Desktop Protocol (RDP) access to a prominent Chinese
Security Affairs
US offers $10M reward for info on Hive ransomware group leaders
US Gov offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware group
Cyber Security News
LockBit Ransomware Group Demands $11 Million From Government to Unlock Files
A devastating ransomware attack by Lockbit recently targeted the charming city of Calvià in Majorca, Spain, which is well-known for its tourism appeal.
The DFIR Report
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - The DFIR Report
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On … Read More
The Hacker News
Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption
Kasseika, the latest ransomware kid on the block, is using a sneaky trick called BYOVD to disarm your defenses before encrypting your files! It even
The Cyber Express
BianLian Ransomware Group Strikes Again, Targeting Three U.S. Companies
The BianLian ransomware group has claimed three new victims, adding them to their dark web portal. The targeted organizations include
Bleeping Computer
Researchers link 3AM ransomware to Conti, Royal cybercrime gangs
Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang.
Security Affairs
CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chrome and Citrix flaws to Known Exploited Vulnerabilities catalog
Trend Micro
Ivanti Zero-Day: Protect Your Network from This Threat
The overlooked vulnerability with real impacts
Security Affairs
Citrix warns admins to immediately patch NetScaler for actively exploited zero-days
Citrix fixed two actively exploited zero-day vulnerabilities impacting Netscaler ADC and Gateway appliances
CSO
Citrix NetScaler devices face active zero-day exploitations
A few older versions of NetScaler ADC and NetScaler Gateway have bugs allowing RCE and DoS attacks.
Bleeping Computer
Citrix warns of new Netscaler zero-days exploited in attacks
Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities.
The Cyber Express
Republic Shipping Targeted in BianLian Ransomware Cyberattack
Republic Shipping Consolidators, a prominent logistics company, finds itself entangled in the web of a cyberattack orchestrated by the notorious
SecurityWeek
Cloud Server Abuse Leads to Huge Spike in Botnet Scanning
Netscout sees over one million IPs conducting reconnaissance scanning on the web due to increase in use of cheap or free cloud servers.
Ars Technica
Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks
Organizations using Ivanti Connect Secure should take action at once.
DarkReading
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security
A second, easy-to-exploit critical security vulnerability in Microsoft's first 2024 Patch Tuesday allows RCE within Hyper-Virtualization.
The Hacker News
Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface
Explore how Zero Trust Security can minimize your attack surface and safeguard against sophisticated attacks.
Security Affairs
The source code of Zeppelin Ransomware sold on a hacking forum
A threat actor announced the sale of the source code and a cracked version of the Zeppelin ransomware builder for $500.
Cyber Security News
Active Directory Kill Chain Attack & Defense - A Complete Guide & Tools
Here we are elaborating the tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance
Cyber Security News
Top 10 Notorious Ransomware Gangs of 2023
Top 10 Notorious Ransomware Gangs of 2023. LockBit. Alphv/Black. Cat. Clop. Royal. Black Byte. Black Basta. Ragnar Locker. Vice Society.
The Cyber Express
Unveiling Zeppelin2 Ransomware: A New Threat Emerges on Dark Web
In a recent development on an underground forum, a user is actively promoting the sale of Zeppelin2 ransomware, offering both
The Cyber Express
BianLian Ransomware Hits MOOver.com: Claims to Breach 1.1 TB Data
The notorious BianLian ransomware group has targeted MOOver, claiming to have gained access to a staggering 1.1 terabytes of the
Cyber Security News
Kimsuky Group Using Weaponized LNK File to Deploy AppleSeed Malware
Hackers use weaponized LNK files to exploit vulnerabilities in Windows operating systems. These files often contain malicious code.
Cyber Security News
Iranian Hackers Developed a New Backdoor to Hack Windows
Peach Sandstorm, an Iranian Hackers group, targets diverse sectors globally, and this group is linked to APT33, Elfin, Refined Kitten.
Bleeping Computer
Microsoft: Hackers target defense firms with new FalseFont malware
Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide.
The Cyber Express
Singapore’s ASA Holidays Hit by Alleged BianLian Cyberattack
The notorious BianLian ransomware group has expanded its list of victims, adding the name of Air Sino-Euro Associates (ASA Holidays).
Cyber Security News
Play Ransomware Infected Over 300 Organizations Worldwide : FBI Warns
The Play ransomware group, also going by the name Playcrypt, has been affecting several kinds of enterprises as well as vital infrastructure.
Infosecurity News
US and Australia Warn of Play Ransomware Threat
A joint advisory by US and Australian government agencies urges organizations to protect themselves against Play group’s tactics
SecurityWeek
Governments Issue Warning After Play Ransomware Hits Hundreds of Organizations
US and Australian government agencies warn organizations of the Play ransomware group’s double-extortion tactics.
Cyber Security News
Ransomware Gangs Are Collaborating To Attack Financial Services Firms
The Cyber-Extortion Trinity—the BianLian, White Rabbit, and Mario ransomware gangs—was observed by researchers working together to launch a joint extortion campaign against publicly traded financial services companies.
Infosecurity News
ALPHV Second Most Prominent Ransomware Strain Before Reported Downtime
The group was second behind only LockBit in attacks targeting North America and Europe between January 2022 and October 2023
Infosecurity News
Insurer’s UK Honeypots Attacked 17 Million Times Per Day
RDP is singled out as insurer Coalition records 17 million cyber-attacks per day in the UK in 2023
The Cyber Express
Medusa Ransomware Allegedly Strikes America’s Fastest-Growing Pharmacy Chain BioMatrix
Infamous Medusa ransomware group has allegedly targeted and breached the data of a Florida, US based national specialty pharmacy chain
Bleeping Computer
Rhadamanthys Stealer malware evolves with more powerful features
The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion.
Cyber Security News
New Dark Web Market OLVX Advertising Variety of Hacking Tools
Cybersecurity researchers at Zerofox recently discovered OLVX (olvx[.]cc) found to be advertising a wide variety of hacking tools for illicit activities.
Security Affairs
French authorities arrested a Russian national for his role in the Hive ransomware operation
French police arrested a Russian national who is suspected of laundering money resulting from the criminal activity of the Hive ransomware gang.
Cyber Security News
Beware of Malicious 7ZIP on the Microsoft App Store that Delivers Malware
Hackers target 7ZIP due to its widespread use and popularity, making it a lucrative vector for spreading malware.
The Hacker News
Researchers Unveal GuLoader Malware's Latest Anti-Analysis Techniques
Threat hunters have discovered new tactics used by the GuLoader malware to evade analysis.
The Cyber Express
Indian Aerospace Targeted: Suspected Cyberattack, Data Sale Claims Surface on the Dark Web
In a recent turn of events, the dark web has once again become a hub of speculation, with alleged unauthorized
The Record
Microsoft warns of Cactus ransomware actors using malvertising to infect victims
Hackers are using malware distributed through online advertisements to infect victims with Cactus ransomware, according to new research.
Security Affairs
Malvertising attacks rely on DanaBot to spread CACTUS Ransomware
Microsoft warns of ongoing malvertising attacks using the DanaBot malware to deploy the CACTUS ransomware....
The Hacker News
Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware
Microsoft Warns of New CACTUS Ransomware Threat. Malvertising used to deploy DanaBot as initial access. Learn more about this evolving cyber threat.
Bleeping Computer
Cactus ransomware exploiting Qlik Sense flaws to breach networks
Cactus ransomware has been exploiting critical vulnerabilities in the Qlik Sense data analytics solution to get initial access on corporate networks.
CyberNews
Hacktivism and its impacts on mental health
Hacktivism and its lesser-known impacts on mental health
Loading more articles....