The Last Watchdog

DECEMBER 2, 2021

As we’ve seen with major attacks like Kaseya and Colonial Pipeline, cybercriminals have continued to innovate, developing new tools and tactics to encrypt and exfiltrate data. In fact, Gartner forecasts that global spending on information security and risk management services will reach $150.4 billion this year.

Ransomware 262

Ransomware Technology Cybersecurity Backups 262

Joseph Steinberg

OCTOBER 21, 2022

Today, October 21, marks the first ever organized Global Encryption Day, dedicated to spreading awareness of the importance of utilizing encryption to protect sensitive information, both when it is in transit (e.g., online chat messages going over the Internet between you and your significant other) and when it is at rest (e.g.,

Encryption 130

Encryption Government Artificial Intelligence Surveillance 130

Security Affairs

FEBRUARY 1, 2021

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. pic.twitter.com/GYJOddEPxl — Filippo Valsorda (@FiloSottile) January 29, 2021. pic.twitter.com/LYC9PsURqn — Filippo Valsorda (@FiloSottile) January 29, 2021.

Encryption 144

Encryption Engineering Hacking Software 144

Security Affairs

JULY 29, 2021

ransomware is now able to encrypt Windows domains by using Active Directory group policies. ransomware that encrypts Windows domains by using Active Directory group policies. " @demonslay335 @VK_Intel pic.twitter.com/fYxFbVQ6gX — MalwareHunterTeam (@malwrhunterteam) July 17, 2021. A new variant of the LockBit 2.0

Encryption 145

Encryption Ransomware Malware Hacking 145

Security Affairs

JUNE 4, 2021

Threat actors are actively scanning the Internet for VMware vCenter servers affected by a critical remote code execution (RCE) vulnerability tracked as CVE-2021-21985. The CVE-2021-21985 flaw is caused by the lack of input validation in the Virtual SAN ( vSAN ) Health Check plug-in, which is enabled by default in the vCenter Server.

Internet 144

Internet Internet Ransomware Encryption 144

Security Affairs

MARCH 10, 2025

@chicagotribune @ABC7Chicago pic.twitter.com/bwRCHqCS9o — Dominic Alvieri (@AlvieriD) March 10, 2025 RansomHouse is a data extortion group that has been active since Dec 2021. Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. Victims include AMD and Keralty.

Hacking 120

Hacking Healthcare Backups Ransomware 120

Security Affairs

JULY 20, 2021

Experts warn of a 16-year-old vulnerability (CVE-2021-3438) in an HP, Xerox, and Samsung printers driver that an attacker could exploit to gain admin rights on systems. The vulnerability, tracked as CVE-2021-3438 , is a buffer overflow that resides in the SSPORT.SYS driver which is used by some printer models. Pierluigi Paganini.

Encryption 134

Encryption Accountability Software Hacking 134

Security Affairs

JUNE 20, 2024

A China-linked cyber espionage group has compromised telecom operators in an Asian country since at least 2021. The Symantec Threat Hunter Team reported that an alleged China-linked APT group has infiltrated several telecom operators in a single, unnamed, Asian country at least since 2021.

DNS 139

DNS Malware Media Encryption 139

Security Affairs

AUGUST 24, 2021

The OpenSSL Project patched a high-severity vulnerability, tracked as CVE-2021-3711 , that can allow an attacker to change an application’s behavior or cause the app to crash. The vulnerability ties the decryption of SM2 encrypted data, the changes depend on the targeted application and data it maintains (i.e. and 1.0.2za.

Encryption 127

Encryption Hacking Information Security 127

Security Affairs

DECEMBER 15, 2021

Microsoft December 2021 Patch Tuesday addresses 67 vulnerabilities, including an actively exploited Windows Installer vulnerability. One of the vulnerabilities fixed by Microsoft, tracked as CVE-2021-43890 , is under active exploitation. Yes No EoP CVE-2021-43883 Windows Installer Elevation of Privilege Vulnerability Important 7.1

IoT 127

IoT Mobile Media Encryption 127

SecureList

MAY 12, 2021

To ensure that their ability to restore encrypted files would never be questioned, they cultivated an online presence, wrote press releases and generally made sure their name would be known to all potential victims. For a more detailed overview we chose two of the most noteworthy Big Game Hunting ransomware in 2021. Technical details.

Ransomware 145

Ransomware Encryption Malware Cybercrime 145

Security Affairs

SEPTEMBER 22, 2021

CVE-2021-40847 flaw in Netgear SOHO routers could be exploited by a remote attacker to execute arbitrary code as root. Security experts from consulting firm GRIMM have discovered a vulnerability in Small Offices/Home Offices (SOHO) Netgear routers that could be exploited by a remote attacker to execute arbitrary code as root.

DNS 143

DNS Firmware VPN Risk 143

Security Affairs

APRIL 13, 2025

RansomHouse is a data extortion group that has been active since Dec 2021. Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. Cell C has also shared fraud prevention resources, including guidance on registering with SAFPS for extra protection. Victims include AMD and Keralty.

Data breaches 132

Data breaches Unstructured Data Identity Theft Healthcare 132

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST.

Passwords 140

Passwords Authentication Architecture Risk 140

Krebs on Security

OCTOBER 31, 2021

. “Such code copying is a significant source of real-world security exploits.” ” Rust has released a security advisory for this security weakness, which is being tracked as CVE-2021-42574 and CVE-2021-42694. ” Image: XKCD.com/2347/.

Software 364

Software Information Security Encryption Government 364

Security Affairs

FEBRUARY 7, 2023

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to decrypt locked files without paying a ransom. ” continues the report.

Encryption 98

Encryption Ransomware Cybercrime Engineering 98

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. The malware changes the extension of the encrypted files to ‘.royal’.

Encryption 98

Encryption Ransomware Malware Healthcare 98

Security Affairs

NOVEMBER 19, 2024

Ptitsyn reportedly sold the ransomware on darknet forums under aliases like “derxan” and “zimmermanx,” enabling other criminals to encrypt data and demand ransom. Affiliates paid fees to administrators like Ptitsyn for decryption keys, with payments routed via unique cryptocurrency wallets from 2021–2024.

Cybercrime 119

Cybercrime Ransomware Healthcare Education 119

The Last Watchdog

MAY 19, 2022

As every computer security professional knows, if anything is on the Internet, it’s subject to increasingly sophisticated attacks. According to the IBM Data Breach Report 2021 , data breaches in the United States reached $4.24 percent of CMS users worry about the security of their CMS—while 46.4 What can you do about it?

Data breaches 262

Data breaches Encryption Mobile Technology 262

Security Affairs

MARCH 13, 2025

“Medusa is a ransomware-as-a-service (RaaS) variant first identified in June 2021. Medusa operators leverage legitimate remote access tools like AnyDesk, Atera, and Splashtop, alongside RDP and PsExec, to move laterally and locate files for exfiltration and encryption. ” reads the joint advisory.

Ransomware 74

Ransomware Encryption Cryptocurrency Insurance 74

Security Affairs

JANUARY 11, 2022

AvosLocker is the latest ransomware that implemented the capability to encrypt Linux systems including VMware ESXi servers. AvosLocker expands its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers, Bleeping computed reported. ” reported BleepingComputer. . Pierluigi Paganini.

Ransomware 141

Ransomware Encryption Advertising Malware 141

Security Affairs

MARCH 24, 2021

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents. pic.twitter.com/POYlPYGjsz — MalwareTech (@MalwareTechBlog) March 21, 2021. It does indeed encrypt files.

Ransomware 145

Ransomware Encryption VPN Malware 145

Security Affairs

MAY 16, 2021

The chipmaker AMD published guidance for two new attacks against its SEV ( Secure Encrypted Virtualization ) protection technology. The second vulnerability, tracked as CVE-2021-26311 , resides in the AMD SEV/SEV-ES feature. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Encryption 141

Encryption Technology Hacking Information Security 141

Security Affairs

JUNE 5, 2021

Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. The company reported the security breach to the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI). . Pierluigi Paganini.

Ransomware 145

Ransomware Malware Encryption Financial Services 145

Krebs on Security

SEPTEMBER 15, 2021

A phone call placed to the media contact number listed on an August 2021 TTEC earnings release produced a message saying it was a non-working number. TTEC has not responded to requests for comment. Update, 6:20 p.m. ET: TTEC confirmed a ransomware attack. See the update at the end of this piece for their statement].

Ransomware 356

Ransomware Banking Cryptocurrency Media 356

Krebs on Security

MARCH 1, 2022

27, a new Twitter account “ Contileaks ” posted links to an archive of chat messages taken from Conti’s private communications infrastructure, dating from January 29, 2021 to the present day. Plus, he somehow encrypted the config, i.e. he had an encoder and a private key, plus uploaded it all to the admin panel.

Ransomware 303

Ransomware Healthcare Cybercrime Government 303

The Last Watchdog

MARCH 21, 2022

As just one measure, the number of data breaches in the first nine months of 2021 exceeded all those in 2020, a new record. You almost certainly need a chief information security officer (CISO). The solution is data encryption, which uses mathematical algorithms to scramble data, replacing plaintext with ciphertext.

Encryption 214

Encryption Data privacy Cloud Migration Risk 214

Security Affairs

DECEMBER 31, 2021

Below is the list of flaws discovered by the researchers: CVE-2021-20173 : Post Authentication Command Injection via SOAP Interface. CVE-2021-20174 : Default HTTP Communication (Web Interface). CVE-2021-20175 : Default HTTP Communication (SOAP Interface). CVE-2021-23147 : Insufficient UART Protection Mechanisms.

Firmware 144

Firmware Encryption Passwords Authentication 144

Security Affairs

NOVEMBER 1, 2021

The HelloKitty ransomware group, like other ransomware gangs, implements a double extortion model, stealing sensitive documents from victims before encrypting them. CVE-2021-20016 , CVE-2021-20021 , CVE-2021-20022 , CVE-2021-2002 ) or using compromised credentials. ” continues the alert. .

DDOS 145

DDOS Ransomware Cybercrime Encryption 145

Security Affairs

JUNE 29, 2021

The REvil ransomware operators added a Linux encryptor to their arsenal to encrypt Vmware ESXi virtual machines. The REvil ransomware operators are now using a Linux encryptor to encrypts Vmware ESXi virtual machines which are widely adopted by enterprises. Then the REvil ransomware will encrypt the files. 2ubuntu1~14.04.4)

Ransomware 144

Ransomware Encryption Malware Hacking 144

Security Affairs

DECEMBER 14, 2021

Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell vulnerability ( CVE-2021-44228 ) to deliver the new Khonsari ransomware on Windows machines. NOT MODIFY OR DELETE THIS FILE OR ANY ENCRYPTED FILES. you wish to decrypt , call (225) 287-1309 or email karenkhonsari@gmail.com.If

Ransomware 145

Ransomware Encryption Engineering Malware 145

Security Affairs

JANUARY 30, 2021

The availability of the master decryption key allows the victims to recover their encrypted files for free. Fonix Ransomware Master RSA Key (Spub.key & Spriv.key) and Sample Decryptor : #Fonix #ransomware #XINOF #FonixCrypter #close_project #hack #Malware #raas #ransomware_as_a_service [link] — fnx (@fnx67482837) January 29, 2021.

Ransomware 144

Ransomware Encryption Malware Cybercrime 144

Security Affairs

JULY 15, 2021

Targeting VMware ESXi systems, threat actors could encrypt as many virtual machines as possible with a significant impact on the victims. Researchers from MalwareHunterTeam spotted multiple Linux ELF64 versions of the HelloKitty ransomware designed to target VMware ESXi servers and encrypt virtual machines hosted on them.

Ransomware 145

Ransomware Encryption Malware Hacking 145

Security Affairs

NOVEMBER 13, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

VPN 127

VPN Government Malware Manufacturing 127

Security Affairs

JULY 7, 2022

The attacks against Healthcare and Public Health (HPH) Sector organizations started in May 2021 and government experts observed multiple cases that involved the use of the Maui ransomware. This ransomware uses a combination of Advanced Encryption Standard (AES), RSA, and XOR encryption to encrypt the files on the infected systems.

Healthcare 142

Healthcare Ransomware Encryption Government 142

Security Affairs

DECEMBER 30, 2021

The AvosLocker ransomware operators released a free decryptor after they accidentally encrypted the system of US Government entity. The AvosLocker ransomware operation provided a free decryptor after they encrypted the systems of a US government agency. pancak3lullz) December 29, 2021. pic.twitter.com/zFg7Idj9Zs — ???????

Ransomware 134

Ransomware Government Encryption Malware 134

Security Affairs

AUGUST 5, 2021

Lile other ransomware operations, BlackMatter also set up its leak sitewhere it will publish data exfiltrated from the victims before encrypting their system. So it is BlackMatter: [link] And then the similarities to DarkSide ( [link] ) not surprising… — MalwareHunterTeam (@malwrhunterteam) August 5, 2021.

Ransomware 145

Ransomware Encryption Healthcare Cybercrime 145