In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “BlackCat“), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we’ll explore some of the clues left behind by show more ...
Researchers laid bare the secrets of the WhisperGate wiper that crippled Ukrainian organizations recently. While a group claimed that hackers exploited stolen credentials, another one stated it posed as a ransomware. Like a ransomware, it fully overwrites the MBR with a ransom note. CISA has recommended organizations to implement MFA and secure cloud services for accessing remote systems.
Previous investors including Google Ventures, Decibel, and Greylock Partners also participated. With these funds, Censys will continue to accelerate its R&D, engineering, product and sales operations.
On the recent incident, researcher Junade Ali said: “When someone would try to connect to an IP address in North Korea, the internet would literally be unable to route their data into the country.”
Konni RAT has been active since at least 2014 and is constantly evolving and expanding its attack surface. This North Korean threat group operates under the umbrella of Kimsuky APT.
The CRTC’s Chief Compliance and Enforcement Officer today announced penalties of $300,000 to four Canadians for their involvement in the Dark Web marketplace Canadian HeadQuarters.
Ransomware gangs contact staff or customers whose data was exfiltrated in attacks to get them to persuade the victim to pay up, threatening them with the release of their personal information.
Security firm Cleafy analyzed three new variants of BRATA, finding that the trojan is now capable of performing a factory reset to restrict victims from finding unauthorized wire transfers from their devices.
The FBI has formally linked the Diavol ransomware family to the TrickBot Group, aka Wizard Spider, the developers of malware in the notorious TrickBot banking trojan. The FBI noted that the ransomware group demands between $10,000 and $500,000 in ransom after attacks. Organizations are urged to follow the recommendations provided in the advisory.
Ivanti, Cyber Security Works and Cyware announced a report which identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26% increase over the previous year.
After remaining available for more than two weeks, a malicious two-factor authentication (2FA) application has been removed from Google Play — but not before it was downloaded more than 10,000 times.
Threat actors who are using the ransomware named LockBit 2.0 have posted a message on their Tor-based leak website claiming to have stolen files from the Ministry of Justice’s systems.
An Israeli citizen who operated DeepDotWeb (DDW), a news site and review site for dark sites, has received a sentence of 97 months in prison for money laundering and was ordered to forfeit $8,414,173.
Ransomware-related payments by organizations reached nearly $600 million in the first half of 2021, compared to $416 million during the same time in 2020, according to the Treasury.
The various malware families identified as being delivered in attacks leveraging XLL files include Dridex, IcedID, BazaLoader, Agent Tesla, Raccoon Stealer, Formbook, and Bitrat.
StellarParticle is a campaign tracked by CrowdStrike as related to the SUNSPOT implant from the SolarWinds intrusion in December 2020 and associated with COZY BEAR (aka APT29, “The Dukes”).
The security flaw allowed a hacker to gain access to personal data belonging to around 500,000 individuals who had purchased tickets to ride on Swiss Federal Railways (SFR).
The round was led by Elsewhere Partners. In conjunction with the funding, John Thornton and Nick Stoffregen of Elsewhere Partners will also join the Board alongside Idera Inc. CEO Randy Jacops.
QNAP force-updated customer's NAS devices with firmware containing the latest security updates to protect against the DeadBolt ransomware, which has already encrypted over 3,600 devices.
Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.
Weaveworks, the GitOps company, announces the acquisition of Magalix, an innovator in cloud native security. With this acquisition, Weaveworks is raising the bar on secure DevOps.
The security defect was reported to Xerox in September 2019. In January 2020, it had confirmed impact on at least one series of printer models, but said nothing else of the bug for two more years.
Silk can take on this role because security researchers are increasingly interested in "physical unclonable functions" (PUFs) – physical objects whose properties are impossible to replicate.
In its statement, the company said the incident impacted only non-critical systems, which had no significant impact on its operations. AdvIntel "Andariel" platform detected the attack on January 18.
The $49 million Series E funding round of HackerOne was led by GP Bullhound and received participation from Benchmark, Dragoneer Investment Group, NEA, and Valor Equity Partners.
Black Kite released its annual Third-Party Breach Report, which examines the impact of third-party cyber breaches in 2021. Ransomware was the most common attack method behind third-party breaches.
North Korean hacking group Lazarus has added the Windows Update client to its list of living-off-the-land binaries (LoLBins) and is now actively using it to execute malicious code on Windows systems.
The White House, EPA, and CISA are rolling out a 100-day plan to improve the cybersecurity of the country's water systems, which faced a variety of attacks over the last year.
The CISA has added 17 new flaws in the Known Exploited Vulnerabilities catalog, nine of which have a remediation date of February 1, and four of them have a remediation date of July 18. The newly added flaws exist in multiple products, including Struts 1, Serv-U, Airflow, and Nagios XI. An exploitable flaw is a weak link and may endanger the firm's security, patch it now!
The National Cyber Security Centre (NCSC) has warned organizations in the UK to prepare for Russian state-sponsored cyberattacks amid ongoing geopolitical tensions in Ukraine.
Threat analysts have observed a new campaign named ‘OiVaVoii’, targeting company executives and managers with malicious OAuth apps and custom phishing lures sent from hijacked Office 365 accounts.
A threat actor has used an exploit to steal nearly $80 million from Qubit Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations..
Innovators to the RaaS model focused on lowering barriers to entry (attracting new affiliates to carry out lots of attacks), and creating efficiencies on monetization to get paid better.
Finland's National Cyber Security Centre (NCSC-FI) warns of an ongoing phishing campaign attempting to hijack Facebook accounts by impersonating victims' friends in Facebook Messenger chats.
The FBI this week issued a private industry notification to warn organizations about the malicious activities conducted by an Iranian cyber company named Emennet Pasargad.
Fetch Softworks Fetch FTP Client version 5.8 suffers from a remote CPU consumption denial of service vulnerability.
Red Hat Security Advisory 2022-0317-03 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for portable Linux serves as a replacement for Red Hat build of OpenJDK 8 and includes security and bug fixes as show more ...
Red Hat Security Advisory 2022-0321-03 - The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 for Windows serves as a replacement for the Red Hat build of OpenJDK 8 and includes security and bug fixes, and show more ...
Ubuntu Security Notice 5064-2 - USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides the corresponding updates for Ubuntu 16.04 ESM. Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5255-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Red Hat Security Advisory 2022-0304-02 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
Red Hat Security Advisory 2022-0305-02 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
Red Hat Security Advisory 2022-0306-02 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
Red Hat Security Advisory 2022-0308-10 - The OpenShift Container Storage solution provides persistent storage service for OpenShift Containers and OpenShift Infrastructure services.
Red Hat Security Advisory 2022-0312-02 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
Red Hat Security Advisory 2022-0310-04 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR5.
Red Hat Security Advisory 2022-0318-06 - An update is now available for Red Hat Openshift distributed tracing 2.1.
Red Hat Security Advisory 2022-0307-03 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
Ubuntu Security Notice 5254-1 - It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
Microsoft this week revealed that it had fended off a record number of distributed denial-of-service (DDoS) attacks aimed at its customers in 2021, three of which surpassed 2.4 terabit per second (Tbps). One of the DDoS attacks took place in November, targeting an unnamed Azure customer in Asia and lasted a total of 15 minutes. It hit a peak throughput of 3.47 Tbps and a packet rate of 340
Taiwanese company QNAP has warned customers to secure network-attached storage (NAS) appliances and routers against a new ransomware variant called DeadBolt. "DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users' data for Bitcoin ransom," the company said. "QNAP urges all QNAP NAS users to […] immediately update QTS to the latest
2021 was a year peppered by cyberattacks, with numerous data breaches happening. Not only that, but ransomware has also become a prominent player in the hackers' world. Now, more than ever, it's important for enterprises to step up cybersecurity measures. They can do this through several pieces of technology, such as an open-source security platform like Wazuh. Wazuh is a free and open source
The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land (LotL) techniques leveraged by the APT group to further its objectives. The Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is the moniker assigned to the North
A cyberespionage group with ties to North Korea has resurfaced with a stealthier variant of its remote access trojan called Konni to attack political institutions located in Russia and South Korea. "The authors are constantly making code improvements," Malwarebytes researcher Roberto Santos said. "Their efforts are aimed at breaking the typical flow recorded by sandboxes and making detection
Microsoft has disclosed details of a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices on a victim's network to further propagate spam emails and widen the infection pool. The tech giant said the attacks manifested through accounts that were not secured using multi-factor authentication (MFA), thereby making it possible for the adversary to take
Andorra Telecom, the tiny microstate's only internet service provider, says that a barrage of distributed denial-of-service (DDoS) attacks impacted the country's internet and 4G service. Read more in my article on the Hot for Security blog.
