Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. The malware changes the extension of the encrypted files to ‘.royal’.

Encryption 98

Encryption Ransomware Malware Healthcare 98

Security Affairs

APRIL 17, 2024

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server.

Ransomware 137

Ransomware Encryption Malware Accountability 137

Security Affairs

APRIL 29, 2023

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. c2 arrowlchat[.]com c2 arrowlchat[.]com

Encryption 94

Encryption Malware Cryptocurrency Software 94

Malwarebytes

FEBRUARY 6, 2024

Released today, the Malwarebytes State of Malware 2024 report takes a deep dive into the latest developments in the world of cybercrime. We have seen news of ChatGPT leaking user’s information and law enforcement asking for backdoors in encryption routines. This is changing.

Malware 76

Malware Passwords Identity Theft Banking 76

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus 108

Antivirus Malware DNS Cryptocurrency 108

Identity IQ

DECEMBER 20, 2023

2023: A Year of Record-Breaking Data Breaches IdentityIQ This past year has been an eye-opening year in the realm of digital security. Here, we review the largest data breaches of 2023, analyze the trends, and review proactive measures to navigate the future of security. But the numbers alone tell only part of the story.

Data breaches 72

Data breaches Identity Theft Cybercrime Social Engineering 72

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 113

Ransomware Encryption Antivirus VPN 113

SecureList

NOVEMBER 22, 2022

A look back on the year 2022 and what to expect in 2023. This report assesses how accurately we predicted the developments in the financial threats landscape in 2022 and ponder at what to expect in 2023. These are attractive aspects that cybercrime groups will be unable to resist. Analysis of forecasts for 2022.

Cryptocurrency 96

Cryptocurrency Mobile Ransomware Banking 96

SecureWorld News

FEBRUARY 15, 2024

A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. The malware has been active since 2023, specifically targeting victims in Vietnam and Thailand.

Social Engineering 77

Social Engineering Mobile Authentication Engineering 77

Security Affairs

MAY 12, 2024

Ohio Lottery data breach impacted over 538,000 individuals Notorius threat actor IntelBroker claims the hack of the Europol A cyberattack hit the US healthcare giant Ascension Google fixes fifth actively exploited Chrome zero-day this year Russia-linked APT28 targets government Polish institutions Citrix warns customers to update PuTTY version installed (..)

Data breaches 88

Data breaches VPN Hacking Banking 88

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. The experts observed a massive spike in activity associated with this threat actor between May and June 2023. Generation of target list of extensions and folders to encrypt.

Ransomware 129

Ransomware Encryption Backups Manufacturing 129

SecureList

AUGUST 30, 2023

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. We had observed few victims compromised using Gopuram, but the number of infections increased in March 2023 — a spike that was directly related to the 3CX supply chain attack.

Malware 80

Malware Spyware Cryptocurrency Government 80

Krebs on Security

FEBRUARY 20, 2024

LockBit operated as a ransomware-as-a-service group, wherein the ransomware gang takes care of everything from the bulletproof hosting and domains to the development and maintenance of the malware. In May 2023, U.S. With the indictments of Sungatov and Kondratyev, a total of five LockBit affiliates now have been officially charged.

Ransomware 282

Ransomware Cybercrime Encryption Insurance 282

Security Affairs

MARCH 3, 2024

The recent sample of Linux variants of BIFROSE employes RC4 encryption to encrypt the collected victim data. The researchers observed the malware trying to contact a Taiwan-based public DNS resolver with the IP address 168.95.1[.]1. com by using the public DNS resolver at 168.95[.]1.1. ” concludes the report.

DNS 125

DNS Malware Encryption Hacking 125

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 87

Malware Cybercrime Cryptocurrency Social Engineering 87

Security Affairs

APRIL 30, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime 95

Cybercrime Malware Hacking Accountability 95

CyberSecurity Insiders

MARCH 3, 2023

To avoid these attacks, it is best to use protective security measures and keep data secure with encryption. Third is the news related to cybercrime and might interest the male folks! Fourth, is the news of a Public Transport System of State of Washington being encrypted by a file encrypting malware on February 14th of this year.

Cybersecurity 127

Cybersecurity Encryption Ransomware Password Management 127

Security Affairs

FEBRUARY 18, 2024

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders U.S.

Cybercrime 105

Cybercrime Ransomware Malware Data breaches 105

SecureWorld News

MARCH 9, 2023

The 2023 Annual Threat Assessment of the U.S. North Korea's cyber program poses a sophisticated and agile espionage, cybercrime, and attack threat. Intelligence Community was released yesterday, March 8th, providing the status of worldwide threats to the national security of the United States. and allied networks and data.

Technology 74

Technology Cybercrime Ransomware Government 74

Security Affairs

DECEMBER 17, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 87

Data breaches Cybercrime Firewall Artificial Intelligence 87

Security Affairs

SEPTEMBER 1, 2023

The Key Group ransomware gang has been active since at least January 2023. EclecticIQ researchers reported that since June 29, 2023, the ransomware group is likely using the NjRAT RAT to remotely access victim devices. “Key Group ransomware uses a base64 encoded static key N0dQM0I1JCM= to encrypt victims’ data. .

Ransomware 116

Ransomware Encryption Backups Malware 116

Security Affairs

MAY 15, 2023

Cisco Talos researchers recently discovered a new ransomware operation called RA Group that has been active since at least April 22, 2023. A sample of the ransomware analyzed by Talos is written in C++ and was compiled on April 23, 2023. The ransomware supports intermittent encryption to speed up the encryption process.

Ransomware 93

Ransomware Encryption Cybercrime Insurance 93

SecureWorld News

FEBRUARY 28, 2024

LockBit is accused of extorting hundreds of companies and organizations globally by encrypting their data and demanding massive ransoms. By co-opting the ransomware group's own communication channels, police aimed to sow doubts in the cybercrime community reliant on LockBit's tools and services. Nonetheless.

Cybercrime 88

Cybercrime Ransomware Backups Encryption 88

Security Affairs

JANUARY 23, 2024

In early January, independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor. The ransomware employs encryption based on a ChaCha keystream, which is utilized to perform XOR operations on 64-byte-long chunks of the file.

Hacking 124

Hacking Encryption Ransomware Insurance 124

Security Affairs

JULY 2, 2023

Illicit Telegram Communities Dismantling of an encrypted network sends shockwaves through organised crime groups across Europe TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant Malware Trojanized Super Mario Game Installer Spreads SupremeBot Malware Initial research exposing JOKERSPY Who is 8BASE?

Cybercrime 94

Cybercrime Hacking Ransomware Malware 94

Security Affairs

APRIL 9, 2024

The campaign is notable for its utilization of the BatCloak malware obfuscation engine and ScrubCrypt to distribute the malware through obfuscated batch scripts. BatCloak is a fully undetectable (FUD) malware obfuscation engine used by threat actors to stealthily deliver their malware since September 2022.

Engineering 101

Engineering Phishing Malware Hacking 101

Malwarebytes

SEPTEMBER 19, 2023

In March of 2023, we reported how the German Regional Police and the Ukrainian National Police, with support from Europol, the Dutch Police, and the United States Federal Bureau of Investigations (FBI), apprehended two suspects and seized computer equipment. Stop malicious encryption. Detect intrusions. Don’t get attacked twice.

Ransomware 117

Ransomware Backups Cryptocurrency Cybercrime 117

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 98

Data breaches Malware Mobile Spyware 98

Security Affairs

JUNE 6, 2024

appeared in the threat landscape in May 2023. The malware targets multiple platforms, including Windows, Linux, macOS, ESXi, and Android. Knight ransomware-as-a-service operation shut down in February 2024, and the malware’s source code was likely sold to the threat actor who relaunched the RansomHub operation.

Ransomware 84

Ransomware Malware Healthcare Encryption 84

Krebs on Security

SEPTEMBER 30, 2023

According to a September 20, 2023 joint advisory from the FBI and the U.S. Within this timeframe, Snatch threat actors exploited the victim’s network moving laterally across the victim’s network with RDP for the largest possible deployment of ransomware and searching for files and folders for data exfiltration followed by file encryption.”

Ransomware 224

Ransomware Accountability Cybercrime Backups 224

Security Affairs

JANUARY 30, 2024

The company is working to restore the impacted systems and is investigating the incident with the help of leading cybersecurity firms, The Cactus ransomware operation has been active since March 2023, despite the threat actors use a double-extortion model, their data leak site has yet to be discovered.

Ransomware 130

Ransomware Hacking Data breaches Digital transformation 130

Security Affairs

JULY 1, 2023

In June 2023, the malware analyst rivitna published a sample of the ransomware that is compiled for Linux. “During the run, the ransomware generates a symmetric encryption key using CryptGenRandom() , which is the random number generator implemented by Windows CryptoAPI. . Files are encrypted by Chacha 2008 ( D.

Ransomware 98

Ransomware Encryption Malware Hacking 98

Security Affairs

JULY 8, 2023

Ransomware Redefined: RedEnergy Stealer-as-a-Ransomware attacks MAR-10445155-1.v1 v1 Truebot Activity Infects U.S. Ransomware Redefined: RedEnergy Stealer-as-a-Ransomware attacks MAR-10445155-1.v1 v1 Truebot Activity Infects U.S.

Firewall 93

Firewall Ransomware Password Management Malware 93

Security Affairs

JANUARY 1, 2024

Visma confirmed they were affected by the Kaseya cyber attack that allowed the REvil ransomware to encrypt their customers’ systems. The Cactus ransomware operation has been active since March 2023, despite the threat actors use a double-extortion model, their data leak site has yet to be discovered.

Retail 129

Retail Ransomware Encryption Hacking 129

Security Affairs

SEPTEMBER 23, 2023

In May 2023, a ransomware attack hit the IT systems at the City of Dallas , Texas. CBS News Texas obtained an image the ransomware note dropped by the malware on the infected systems. Between April 7, 2023, and May 4, 2023, Royal performed data exfiltration and ransomware delivery preparation activities.

Ransomware 112

Ransomware Surveillance Healthcare Accountability 112

Security Affairs

MAY 14, 2023

ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million ransom Dragon Breath APT uses double-dip DLL sideloading strategy International Press Cybercrime San Bernardino County pays $1.1-million

Data breaches 95

Data breaches DDOS Artificial Intelligence Ransomware 95

SecureList

APRIL 11, 2023

In February 2023, Kaspersky technologies detected a number of attempts to execute similar elevation-of-privilege exploits on Microsoft Windows servers belonging to small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions. PuzzleMaker , MysterySnail APT cases).

Ransomware 131

Ransomware Malware Engineering Technology 131