Security Affairs

JANUARY 25, 2024

The 2023 RedSense report covers long-term observations we have made regarding intel trends and interconnectivity. These observations were made by analyzing numerous 2023 threat findings and discoveries, and include references to case studies that were reported on by RedSense throughout the year.

Ransomware 97

Ransomware Cybercrime Malware Data breaches 97

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” continues the report.

Government 104

Government Surveillance Cybercrime Ransomware 104

Security Affairs

FEBRUARY 27, 2023

Data allegedly stolen from the American gaming giant Activision in December security breach were leaked on a cybercrime forum. A threat actor leaked on the Breached hacking forum the data allegedly stolen from the gaming giant Activision in December 2022. Activision was breached December 4th, 2022. ” states the post. .

Hacking 80

Hacking Cybercrime Social Engineering Data breaches 80

Security Affairs

MAY 12, 2024

In December 2023, Elliptic and Corvus Insurance published a joint research that revealed the group accumulated at least $107 million in Bitcoin ransom payments since early 2022. It has been used to attack more than 329 organizations globally and has grown to become the fourth-most active strain of ransomware by number of victims in 2022-2023.”

Ransomware 106

Ransomware Hacking Healthcare Retail 106

Security Affairs

APRIL 11, 2023

Microsoft has addressed a zero-day vulnerability, tracked as CVE-2023-28252 , in the Windows Common Log File System (CLFS), which is actively exploited in ransomware attacks. Microsoft fixed the issue with the release of Patch Tuesday security updates for April 2023. ” reads the analysis published by Kaspersky. .”

Cybercrime 87

Cybercrime Ransomware Education Media 87

Security Affairs

NOVEMBER 2, 2023

Rapid7 researchers warn of the suspected exploitation of a recently disclosed critical security flaw (CVE-2023-46604) in the Apache ActiveMQ. Cybersecurity researchers at Rapid7 are warning of the suspected exploitation of the recently disclosed critical vulnerability CVE-2023-46604 in the Apache ActiveMQ. before 5.18.3

Ransomware 113

Ransomware Cybercrime Software Encryption 113

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. The availability of the source in the cybercrime ecosystem can allow threat actors to develop their own version of the Hello Kitty ransomware.

Cybercrime 111

Cybercrime Ransomware DDOS Encryption 111

Security Affairs

MAY 20, 2023

The group was spotted deploying the Clop ransomware in opportunistic attacks in April 2023. — Microsoft Threat Intelligence (@MsftSecIntel) May 18, 2023 The Clop ransomware is just the newest strain the cybercrime gang has used to attacks in the wild.

Cybercrime 82

Cybercrime Ransomware Security Intelligence Hacking 82

Security Affairs

AUGUST 15, 2023

Researchers discovered credentials associated with cybercrime forums on roughly 120,000 computers infected with information stealers. Threat intelligence firm Hudson Rock has discovered credentials associated with cybercrime forums on roughly 120,000 computers infected with various information stealer malware.

Cybercrime 65

Cybercrime Passwords Data breaches Malware 65

Security Affairs

FEBRUARY 13, 2024

Maintainers behind the Ransomfeed platform have released Q3 Report 2023 including activities of 185 criminal groups operating worldwide. This report offers an exhaustive account of ransomware threats in the third quarter of 2023, spotlighting activities monitored by the OSINT Ransomfeed platform.

Ransomware 98

Ransomware Data collection Hacking Cybersecurity 98

Security Affairs

MARCH 13, 2024

Threat actors behind the ransomware attacks that hit Stanford University in 2023 gained access to 27,000 people. Stanford University confirmed that threat actors behind the September 2023 ransomware attack had access to 27,000 people. 27, 2023. . Stanford was breached last year by Clop Ransomware.

Ransomware 102

Ransomware Data breaches Passwords Government 102

Security Affairs

JANUARY 1, 2024

These are the Top 2023 Security Affairs cybersecurity stories … enjoy it. LOCKBIT RANSOMWARE GANG DEMANDED AN 80 MILLION RANSOM TO CDW The Lockbit ransomware gang claims to have hacked the technology services giant CDW and threatens to leak the stolen data.

Cybersecurity 101

Cybersecurity Spyware Data breaches Passwords 101

Security Affairs

OCTOBER 4, 2023

The DRM Report Q2 2023 report provides a detailed insight into the ransomware threat landscape during the period between May and August 2023. Ransomware, a menace that has evolved into a formidable adversary, takes center stage in our examination of the cyber threat landscape during the second quarter of 2023.

Ransomware 100

Ransomware Data collection Cyber threats Hacking 100

Security Affairs

JANUARY 19, 2024

Ransomware groups claimed that they successfully targeted 4191 victims in 2023, Cybernews researchers report. of attacks in 2023), while summer was the most active for ransomware attacks (30.4%). The top 10 groups, based on the number of victims, collectively account for 59% of the total victims in 2023.

Ransomware 113

Ransomware Manufacturing Retail Insurance 113

Security Affairs

JUNE 25, 2023

citizen, who was involved in the attack on Twitter in 2020, was sentenced to five years in prison for cybercrime offenses. Joseph James O’Connor, aka PlugwalkJoe (24), the hacker who was involved in the attacks on Twitter in 2020, was sentenced to five years in prison for cybercrime offenses.

Cybercrime 81

Cybercrime Cryptocurrency Accountability Media 81

Security Affairs

SEPTEMBER 11, 2023

The loader was first observed by the security firm July 2023, the researchers noticed that the threat employs a number of evasion techniques such as the use of syscalls. The malware is not sophisticated, however, unlike other loaders, it has a modular structure that allows supporting code injection and execution.

Cybercrime 125

Cybercrime Malware Hacking Information Security 125

Security Affairs

JANUARY 20, 2024

Conor Brian Fitzpatrick, the admin of the BreachForums hacking forum, has been sentenced to 20 years supervised release. Conor Brian Fitzpatrick , the admin of the BreachForums hacking forum, was sentenced to 20 years of supervised release. In March 2023, U.S. Fitzpatrick was released on a $300,000 bond signed by his parents.

Hacking 95

Hacking Cybercrime Government Software 95

Security Affairs

DECEMBER 26, 2023

The Rhysida ransomware group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. pic.twitter.com/6uHMDcNhTC — Dominic Alvieri (@AlvieriD) December 26, 2023 The group published images of stolen documents as proof of the hack. The Rhysida ransomware group has been active since May 2023.

Hacking 116

Hacking Ransomware Manufacturing Healthcare 116

Security Affairs

NOVEMBER 25, 2023

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. The advisory is part of the ongoing #StopRansomware effort, disseminating information about tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with ransomware groups.

Ransomware 112

Ransomware Hacking Engineering Manufacturing 112

Security Affairs

JANUARY 30, 2024

The company is working to restore the impacted systems and is investigating the incident with the help of leading cybersecurity firms, The Cactus ransomware operation has been active since March 2023, despite the threat actors use a double-extortion model, their data leak site has yet to be discovered.

Ransomware 120

Ransomware Hacking Data breaches Digital transformation 120

Security Affairs

AUGUST 8, 2023

Microsoft Patch Tuesday security updates for August 2023 addressed 74 vulnerabilities, including two actively exploited flaws. Microsoft has released an Office Defense in Depth update ( ADV230003 ) to address a patch bypass of the actively exploited RCE vulnerability CVE-2023-36884. reads the post.

Phishing 85

Phishing Cybercrime Hacking Government 85

Security Affairs

NOVEMBER 29, 2023

Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. On Thursday, October 19, Okta advised customers of a security incident.

Social Engineering 99

Social Engineering Authentication Engineering Accountability 99

Security Affairs

NOVEMBER 23, 2023

AutoZone disclosed a data breach resulting from the hack of their MOVEit Transfer installation. The car parts giant is notifying 184,995 individuals that the massive MOVEit hacking campaign compromised their personal information. ” reads the Notice Letter published by the Main Attorney General. million Genworth 2.5

Data breaches 102

Data breaches Hacking Retail Identity Theft 102

Security Affairs

JULY 16, 2023

The owner of the BreachForums Conor Brian Fitzpatrick, aka Pompompurin, pleads guilty to hacking charges. BreachForums functioned as a cybercrime marketplace, enabling its members to engage in the solicitation, sale, purchase, and exchange of illicitly obtained or compromised data, along with various contraband items.

Hacking 79

Hacking Cybercrime Information Security 79

SecureList

MAY 11, 2023

Although early 2023 saw a slight decline in the number of ransomware attacks, they were more sophisticated and better targeted. Conti was the most notorious of these and enjoyed the most attention since their archives were leaked online and analyzed by many security researchers. In 2022, Kaspersky solutions detected over 74.2M

Ransomware 120

Ransomware Malware Architecture Telecommunications 120

Security Affairs

NOVEMBER 29, 2023

The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London and added it to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023. Data from the Royal Family!

Ransomware 105

Ransomware Hacking Manufacturing Healthcare 105

Security Affairs

JULY 12, 2023

The issue, tracked as CVE-2023-36884 , was exploited by nation-state actors and cybercriminals to gain remote code execution via malicious Office documents. The threat actors were observed exploiting the flaw CVE-2023-36884 using lures related to the Ukrainian World Congress. ” reads the post.

Phishing 83

Phishing Cybercrime Hacking Government 83

Security Affairs

APRIL 24, 2023

Print management software provider PaperCut confirmed ongoing active exploitation of CVE-2023-27350 vulnerability. On April 19th, Print management software provider PaperCut confirmed that it is aware of the active exploitation of the CVE-2023-27350 vulnerability. ” The CVE-2023-27350 (CVSS score – 9.8)

Cybercrime 70

Cybercrime Software Education Ransomware 70

Security Affairs

MAY 15, 2023

DRM Dashboard Ransomware Monitor released the first quarterly report for the year 2023 about the activities of ransomware groups globally. DRM Dashboard Ransomware Monitor, an independent platform of cybersecurity monitoring, is pleased to release the quarterly the DRM-Report for the first quarter of 2023.

Ransomware 73

Ransomware Cybercrime Cybersecurity Hacking 73

Security Affairs

SEPTEMBER 26, 2023

Sony launched an investigation into an alleged data breach after the RansomedVC group claimed the hack of the company. Sony announced it is investigating allegations of a data breach after the RansomedVC extortion group claimed to have hacked the company and added the company to its Tor leak site. “We

Hacking 104

Hacking Data breaches Ransomware Scams 104

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN 100

VPN Cybercrime Ransomware Hacking 100

Security Affairs

JULY 18, 2023

Threat actors are actively exploiting a critical flaw, tracked as CVE-2023-28121, in the WooCommerce Payments WordPress plugin. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2023-28121 (CVSS score: 9.8), in the WooCommerce Payments WordPress plugin. through 5.6.1

Hacking 82

Hacking Authentication Cybercrime Information Security 82

Krebs on Security

NOVEMBER 16, 2023

In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calling in bomb threats.

Cybercrime 218

Cybercrime Hacking Data breaches Banking 218

Security Affairs

MARCH 23, 2024

An operation conducted by the Federal Criminal Police Office in Germany (BKA) and the Frankfurt cybercrime combating unit (ZIT) led to the seizure of the infrastructure of the darknet marketplace Nemesis Market in Germany and Lithuania. Crimemarket was a prominent platform for trading illegal drugs, narcotics, and cybercrime services.

Marketing 92

Marketing Cybercrime DDOS Internet 92

Security Affairs

NOVEMBER 17, 2023

Toyota Financial Services discloses unauthorized activity on systems after the Medusa ransomware gang claimed to have hacked the company. Medusa Toyota has set the deadline for November 26 and has published a sample of the stolen data as proof of the hack.

Financial Services 115

Financial Services Hacking Ransomware Data breaches 115

Security Affairs

SEPTEMBER 10, 2023

Recently the Rhysida ransomware group made the headlines because it announced the hack of Prospect Medical Holdings and the theft of sensitive information from the organization. Rhysida Ransomware group added three more US hospitals to the list of victims on its Tor leak site after the PROSPECT MEDICAL attack.

Hacking 119

Hacking Ransomware Healthcare Cyber Attacks 119

Krebs on Security

JANUARY 24, 2023

The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.” “Thanks to you, we are now developing in the field of information security and anonymity! But that action did not name any defendants.

Cybercrime 227

Cybercrime Advertising IoT Malware 227