Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. The malware changes the extension of the encrypted files to ‘.royal’.

Encryption 94

Encryption Ransomware Malware Healthcare 94

SecureList

MAY 8, 2024

Ransomware landscape: rise in targeted groups and attacks Kaspersky collected data on targeted ransomware groups and their attacks from multiple relevant public sources, for the years 2022 and 2023, filtered and validated it. In the graph below, you can see the ransomware families that were most active in 2023.

Ransomware 114

Ransomware Encryption Small Business Cybersecurity 114

SecureList

MAY 11, 2023

Although early 2023 saw a slight decline in the number of ransomware attacks, they were more sophisticated and better targeted. Finally, other groups like Clop ramped up their activities over the course of last year, reaching their peak in early 2023 as they claimed to have hacked 130 organizations using a single zero-day vulnerability.

Ransomware 120

Ransomware Malware Architecture Telecommunications 120

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption 86

Encryption Phishing Accountability Authentication 86

Krebs on Security

JANUARY 30, 2024

stole at least $800,000 from at least five victims between August 2022 and March 2023. Among those was the encrypted messaging app Signal , which said the breach could have let attackers re-register the phone number on another device for about 1,900 users. A graphic depicting how 0ktapus leveraged one victim to attack another.

Social Engineering 326

Social Engineering Mobile Cybercrime Passwords 326

Thales Cloud Protection & Licensing

NOVEMBER 13, 2023

Defending Financial Services Against Fraud in a Shifting Cyber Landscape sparsh Tue, 11/14/2023 - 05:05 As we approach International Fraud Awareness Week during 12-18 November 2023, taking stock of the evolving threat landscape and the vulnerabilities that financial services organizations face is crucial. billion annually.

Financial Services 105

Financial Services Encryption Cybercrime Threat Reports 105

Security Affairs

APRIL 17, 2024

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server.

Ransomware 128

Ransomware Encryption Malware Accountability 128

Security Affairs

MARCH 6, 2024

Researchers warn that the cybercrime groups GhostSec and Stormous have joined forces in a new ransomware campaign. The GhostSec hacking activity surged in the past year and the cybercrime gang was spotted using a new GhostLocker 2.0 is written in Go, it was announced in November 2023. The GhostLocker 2.0 GhostLocker 2.0

Ransomware 110

Ransomware Encryption Cybercrime Hacking 110

Security Affairs

APRIL 29, 2023

xyz pic.twitter.com/VLhISark8Y — Goldwave (@OGoldwave) March 13, 2023 The variant employed in the campaign supports a more sophisticated encryption method of byte remapping and a monthly rotation of the C2 server. #ViperSoftX is back, doesn't look like much has changed. c2 arrowlchat[.]com ” concludes the report.

Encryption 82

Encryption Malware Cryptocurrency Software 82

Krebs on Security

FEBRUARY 20, 2024

Kondratyev is also charged (PDF) with three criminal counts arising from his alleged use of the Sodinokibi (aka “ REvil “) ransomware variant to encrypt data, exfiltrate victim information, and extort a ransom payment from a corporate victim based in Alameda County, California. In May 2023, U.S. Black Ransomware.

Ransomware 282

Ransomware Cybercrime Encryption Insurance 282

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 99

Ransomware Encryption Antivirus VPN 99

SecureWorld News

OCTOBER 31, 2022

Persistent ransomware threats, increasing risk to critical infrastructure, state-sponsored activity, more bad actors, and new, disruptive technologies are the five cyber threat narratives noted in the National Cyber Threat Assessment 2023-2024 recently released by the Canadian Centre for Cyber Security. Ransomware.

Cyber threats 78

Cyber threats Consumer Services Technology Cybercrime 78

CyberSecurity Insiders

APRIL 7, 2023

Here are the latest threats and advisories for the week of April 7, 2023. Rorschach Ransomware: One of the Fastest and Most Sophisticated Strains Yet Cybersecurity researchers have found a new ransomware strain called Rorschach that is extraordinarily sophisticated and faster at encrypting data than any other documented strain.

Encryption 52

Encryption Ransomware Marketing Cybercrime 52

SecureList

OCTOBER 17, 2023

This is our latest installment, focusing on activities that we observed during Q3 2023. The most remarkable findings In early 2023, we discovered an ongoing attack targeting government entities in the APAC region by compromising a specific type of a secure USB drive, which provides hardware encryption.

Government 108

Government Malware VPN Manufacturing 108

Security Affairs

FEBRUARY 12, 2024

The experts exploited the vulnerability to reconstruct encryption keys and developed a decryptor that allows victims of the Rhysida ransomware to recover their encrypted data for free. “This study examines Rhysida ransomware, which caused significant damage in the second half of 2023, and proposes a decryption method.

Ransomware 110

Ransomware Encryption VPN Manufacturing 110

SecureWorld News

MARCH 9, 2023

The 2023 Annual Threat Assessment of the U.S. North Korea's cyber program poses a sophisticated and agile espionage, cybercrime, and attack threat. Intelligence Community was released yesterday, March 8th, providing the status of worldwide threats to the national security of the United States. and allied networks and data.

Technology 70

Technology Cybercrime Ransomware Government 70

SecureList

NOVEMBER 22, 2022

A look back on the year 2022 and what to expect in 2023. This report assesses how accurately we predicted the developments in the financial threats landscape in 2022 and ponder at what to expect in 2023. These are attractive aspects that cybercrime groups will be unable to resist. Analysis of forecasts for 2022.

Cryptocurrency 91

Cryptocurrency Mobile Ransomware Banking 91

SecureList

JUNE 7, 2023

IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Quarterly figures According to Kaspersky Security Network, in Q1 2023: Kaspersky solutions blocked 865,071,227 attacks launched from online resources across the globe.

Mobile 65

Mobile Ransomware Malware Adware 65

SecureList

JULY 27, 2023

This is our latest installment, focusing on activities that we observed during Q2 2023. The group’s latest activities, from September 2022 until March 2023, involve a new set of custom loaders and its private post-exploitation tool “Ninja,” used to help it remain undetected.

Malware 87

Malware Government Phishing Social Engineering 87

Security Affairs

JUNE 13, 2023

million Zacks Investment Research users was leaked on a cybercrime forum. A database containing personal information of 8,929,503 Zacks Investment Research users emerged on a popular hacking forum on June 10, 2023. The availability of the database in the cybercrime ecosystem poses a severe risk for the company users.

Data breaches 80

Data breaches Passwords Cybercrime Encryption 80

CyberSecurity Insiders

MARCH 3, 2023

To avoid these attacks, it is best to use protective security measures and keep data secure with encryption. Third is the news related to cybercrime and might interest the male folks! Fourth, is the news of a Public Transport System of State of Washington being encrypted by a file encrypting malware on February 14th of this year.

Cybersecurity 127

Cybersecurity Encryption Ransomware Password Management 127

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. The experts observed a massive spike in activity associated with this threat actor between May and June 2023. Generation of target list of extensions and folders to encrypt.

Ransomware 118

Ransomware Encryption Backups Manufacturing 118

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Data breaches 77

Data breaches Cybercrime Firewall Artificial Intelligence 77

SecureWorld News

FEBRUARY 28, 2024

LockBit is accused of extorting hundreds of companies and organizations globally by encrypting their data and demanding massive ransoms. By co-opting the ransomware group's own communication channels, police aimed to sow doubts in the cybercrime community reliant on LockBit's tools and services. Nonetheless.

Cybercrime 84

Cybercrime Ransomware Backups Encryption 84

Security Affairs

MAY 15, 2023

Cisco Talos researchers recently discovered a new ransomware operation called RA Group that has been active since at least April 22, 2023. A sample of the ransomware analyzed by Talos is written in C++ and was compiled on April 23, 2023. The ransomware supports intermittent encryption to speed up the encryption process.

Ransomware 79

Ransomware Encryption Cybercrime Insurance 79

Security Affairs

SEPTEMBER 1, 2023

The Key Group ransomware gang has been active since at least January 2023. EclecticIQ researchers reported that since June 29, 2023, the ransomware group is likely using the NjRAT RAT to remotely access victim devices. “Key Group ransomware uses a base64 encoded static key N0dQM0I1JCM= to encrypt victims’ data. .

Ransomware 107

Ransomware Encryption Backups Malware 107

Security Affairs

MAY 12, 2023

Recently, VIPRE Security Group published their Email Security in 2023 report , where they shared insights on the development of email-based threats and how they can impact organizations. What Can We Expect in 2023? This can be done using encryption. It’s not likely to stop there. 1 There will be more remote work-based attacks.

Phishing 84

Phishing Social Engineering Small Business B2B 84

SecureList

AUGUST 30, 2023

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. We had observed few victims compromised using Gopuram, but the number of infections increased in March 2023 — a spike that was directly related to the 3CX supply chain attack.

Malware 76

Malware Spyware Cryptocurrency Government 76

Security Affairs

MAY 12, 2024

Ohio Lottery data breach impacted over 538,000 individuals Notorius threat actor IntelBroker claims the hack of the Europol A cyberattack hit the US healthcare giant Ascension Google fixes fifth actively exploited Chrome zero-day this year Russia-linked APT28 targets government Polish institutions Citrix warns customers to update PuTTY version installed (..)

Data breaches 75

Data breaches VPN Hacking Banking 75

Security Affairs

JANUARY 23, 2024

In early January, independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor. The ransomware employs encryption based on a ChaCha keystream, which is utilized to perform XOR operations on 64-byte-long chunks of the file.

Hacking 109

Hacking Encryption Ransomware Insurance 109

Security Affairs

MAY 2, 2024

“Ransomware is malicious software designed to encrypt data on victim computers, allowing bad actors the ability to demand a ransom payment in exchange for the decryption key.” victims, and we are disrupting the broader cybercrime ecosystem.” ” reads the press release published by DoJ. million in U.S.

Ransomware 83

Ransomware Cryptocurrency Cybercrime Encryption 83

Security Affairs

JANUARY 1, 2024

In October 2023, a developer known as PRISMA first uncovered an exploit that allows the generation of persistent Google cookies through token manipulation. The encrypted tokens are decrypted using an encryption key stored in Chrome’s Local State within the UserData directory, similar to the encryption used for storing passwords.”

Malware 125

Malware Penetration Testing Passwords Encryption 125

Krebs on Security

SEPTEMBER 30, 2023

According to a September 20, 2023 joint advisory from the FBI and the U.S. Within this timeframe, Snatch threat actors exploited the victim’s network moving laterally across the victim’s network with RDP for the largest possible deployment of ransomware and searching for files and folders for data exfiltration followed by file encryption.”

Ransomware 224

Ransomware Accountability Cybercrime Backups 224

Security Affairs

APRIL 30, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime 84

Cybercrime Malware Hacking Accountability 84

Malwarebytes

SEPTEMBER 19, 2023

In March of 2023, we reported how the German Regional Police and the Ukrainian National Police, with support from Europol, the Dutch Police, and the United States Federal Bureau of Investigations (FBI), apprehended two suspects and seized computer equipment. Stop malicious encryption.

Ransomware 117

Ransomware Backups Cryptocurrency Cybercrime 117

Security Affairs

FEBRUARY 18, 2024

CISA: hackers breached a state government organization Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs US Gov dismantled the Moobot botnet controlled by Russia-linked APT28 A cyberattack halted operations at Varta production plants North Korea-linked actors breached the emails of a Presidential Office member Nation-state (..)

Cybercrime 90

Cybercrime Ransomware Malware Data breaches 90

Security Affairs

AUGUST 6, 2023

Rapid7 found a bypass for the recently patched actively exploited Ivanti EPMM bug Russian APT29 conducts phishing attacks through Microsoft Teams Hackers already installed web shells on 581 Citrix servers in CVE-2023-3519 attacks Zero-day in Salesforce email services exploited in targeted Facebook phishing campaign Burger King forgets to put a password (..)

Malware 72

Malware Cybercrime Cryptocurrency Social Engineering 72