Our researchers analyzed the HermeticRansom malware also known as Elections GoRansom. By and large, this is a fairly simple cryptor. What is interesting in this case is the purpose for which attackers are using it. HermeticRansom goals HermeticRansom attacked computers at the same time as another malware known as show more ...
A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. The chat logs offer a fascinating glimpse show more ...
A Proofpoint report reveals that attackers were more active in 2021, with findings uncovering that 78% of organizations saw email-based ransomware attacks in 2021, while 77% faced BEC attacks.
Lapsus$ said that Nvidia hacked it back. The group supposedly left one of its virtual machines enrolled in Nvidia's mobile device management program, which gave Nvidia a backdoor into its systems.
Fortinet’s intel from the H2 2021 reveals an increase in the automation and speed of attacks demonstrating more advanced persistent cybercrime strategies that are more destructive and unpredictable.
A Ukrainian security researcher has leaked over 60,000 internal messages belonging to the Conti ransomware operation after the gang sided with Russia over the invasion of Ukraine.
In an 8-K form filed with the Securities and Exchange Commission, professional services and insurance giant AON has disclosed that they suffered a cyberattack on February 25th, 2022.
The two federal agencies issued this warning in the form of a joint cybersecurity advisory published over the weekend following the unwarranted Russian invasion of Ukraine.
The CISA, working with Symantec, has found an extremely sophisticated attack tool that can invisibly create backdoors, has been plausibly linked to Chinese actors, and may have been in use since 2013.
The Microsoft Threat Intelligence Center (MSTIC) discovered that entities in Ukraine were targeted with a previously undetected malware, dubbed FoxBlade, several hours before Russia’s invasion.
A new report by Sophos shed light on two simultaneous ransomware attacks against a healthcare provider organization by different threat groups, pointing to the need for vulnerability management.
Anonymous, along with other hacktivist groups is carrying out different types of cyberattacks against the Russian government, media, businesses, and financial institutions.
The U.S. CISA expanded its Known Exploited Vulnerabilities Catalog to include a recently disclosed zero-day flaw in the Zimbra email platform citing evidence of active exploitation in the wild.
The vulnerability affects all versions from 12.10 to 14.6.4, all versions starting from 14.7 to 14.7.3, and all versions starting from 14.8 to 14.8.1, according to a security advisory from GitLab.
The attack against Group Managed Service Accounts (gMSA) can allow attackers to dump Key Distribution Service (KDS) root key attributes and generate the password for all the associated gMSAs offline.
"Unfortunately, due to the Russian regime's war crimes and human rights violations in Ukraine, we will no longer be providing services to users registered in Russia," the company said in its emails.
Satellite communications giant Viasat said a cyberattack was causing network outages impacting internet service for fixed broadband customers in Ukraine and elsewhere on its European KA-SAT network.
"Allies also recognise that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as an armed attack," the official told Reuters.
A crowdsourced community of hackers endorsed by Kyiv officials has claimed responsibility for the outage. The Ukraine IT Army said that it had taken just five minutes to render the site inaccessible.
In comparison to organizations, consumers are less secure, have fewer resources, and sometimes miss having a reliable antivirus solution.
Security researcher Wladimir Palant discovered a “trivial” bug in the Skype-for-Chrome extension that allowed websites to ascertain information about user accounts that should typically be off-limits.
After months of inactivity, operators behind the TrickBot malware botnet appear to went offline with their server infrastructure. Its TTPs were becoming highly detectable. Going by experts, the decline in the volume of the Trickbot campaigns is accompanied by the fact that its operators are working with Emotet show more ...
A large-scale campaign involving over 200 phishing and scam sites has tricked users into giving their personal data to fake investments schemes impersonating genuine brands.
Cisco Talos recently discovered multiple vulnerabilities in the Lansweeper IT asset management solution that could allow an attacker to inject JavaScript or SQL code on the targeted device.
While legitimate concerns grow about the Russian-Ukrainian conflict sparking a far-reaching cyberwarfare activity around the globe, small-time crooks are also ramping up their efforts amid the crisis.
European police forces are claiming another win after busting a suspected cybercrime gang that used the dark web to distribute counterfeit ID documents for migrant smugglers.
This archive contains all of the 159 exploits added to Packet Storm in February, 2022.
This Metasploit modules exploits CVE-2020-26950, a use-after-free exploit in Firefox. The MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This exploit uses a somewhat novel technique of spraying ArgumentsData structures in order to construct show more ...
Red Hat Security Advisory 2022-0687-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-0655-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.23. Issues addressed include a memory exhaustion vulnerability.
Red Hat Security Advisory 2022-0708-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, denial of service, and spoofing vulnerabilities.
Ubuntu Security Notice 5309-1 - It was discovered that virglrenderer incorrectly handled memory. An attacker inside a guest could use this issue to cause virglrenderer to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that virglrenderer incorrectly initialized memory. An attacker inside a guest could possibly use this issue to obtain sensitive host information.
Rufus version 3.17.1846 suffers from a dll hijacking vulnerability for both the executable and portable executable versions.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities Catalog to include a recently disclosed zero-day flaw in the Zimbra email platform citing evidence of active exploitation in the wild. Tracked as CVE-2022-24682 (CVSS score: 6.1), the issue concerns a cross-site scripting (XSS) vulnerability in the Calendar feature in Zimbra
Microsoft on Monday disclosed that it detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure hours before Russia launched its first missile strikes last week. The intrusions involved the use of a never-before-seen malware package dubbed FoxBlade, according to the tech giant's Threat Intelligence Center (MSTIC), noting that it added new
A previously undocumented espionage tool has been deployed against selected governments and other critical infrastructure targets as part of a long-running espionage campaign orchestrated by China-linked threat actors since at least 2013. Broadcom's Symantec Threat Hunter team characterized the backdoor, named Daxin, as a technologically advanced malware, allowing the attackers to carry out a
It is predicted that 3.5 million jobs will be unfilled in the field of cybersecurity by the end of this year. Several of these jobs pay very well, and in most cases, you don't even need a college degree to get hired. The most important thing is to have the skills and certifications. The All-In-One 2022 Super-Sized Ethical Hacking Bundle helps you gain both, with 18 courses covering all aspects
Days after the Conti ransomware group broadcasted a pro-Russian message pledging its allegiance to Vladimir Putin's ongoing invasion of Ukraine, a disgruntled member of the cartel has leaked the syndicate's internal chats. The file dump, published by malware research group VX-Underground, is said to contain 13 months of chat logs between affiliates and administrators of the Russia-affiliated
Even as the TrickBot infrastructure closed shop, the operators of the malware are continuing to refine and retool their arsenal to carry out attacks that culminated in the deployment of Conti ransomware. IBM Security X-Force, which discovered the revamped version of the criminal gang's AnchorDNS backdoor, dubbed the new, upgraded variant AnchorMail. AnchorMail "uses an email-based [
A new data wiper malware has been observed deployed against an unnamed Ukrainian government network, a day after destructive cyber attacks struck multiple entities in the country preceding the start of Russia's military invasion. Slovak cybersecurity firm ESET dubbed the new malware "IsaacWiper," which it said was detected on February 24 in an organization that was not affected by HermeticWiper
