Lohrman on Security

DECEMBER 23, 2022

After a year full of data breaches, ransomware attacks and real-world cyber impacts stemming from Russia’s invasion of Ukraine, what’s next? Here’s part 1 of your annual roundup of security industry forecasts for 2023 and beyond.

Data breaches 333

Data breaches Ransomware 333

Security Affairs

DECEMBER 8, 2024

Anna Jaques Hospital revealed thatthe ransomware attack it suffered last year has exposed sensitive health data for over 316,000 patients. On December 25, 2023, a ransomware attack hit the Anna Jaques Hospital. The hospital revealed that the security breach exposed sensitive health data for over 316,000 patients.

Data breaches 119

Data breaches Insurance Healthcare Ransomware 119

Security Affairs

DECEMBER 4, 2024

BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack. British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack. reads the CSA.

Ransomware 128

Ransomware Telecommunications Healthcare Insurance 128

Security Affairs

MAY 3, 2025

The Rhysida Ransomware gang claims the hack of the Government of Peru, the gang breached Gob.pe, the Single Digital Platform of the Peruvian State. The Rhysida ransomware gang claims responsibility for hacking the Government of Peru, breaching Gob.pe, which is the country’s official digital platform.

Government 128

Government Hacking Ransomware Healthcare 128

Krebs on Security

FEBRUARY 14, 2023

Redmond flags CVE-2023-23376 as an “Important” elevation of privilege vulnerability in the Windows Common Log File System Driver , which is present in Windows 10 and 11 systems, as well as many server versions of Windows. This is likely being chained with a remote code execution bug to spread malware or ransomware.

Internet 61

Internet Internet Cyber threats Malware 61

Security Affairs

OCTOBER 17, 2024

Russia-linked threat actor RomCom targeted Ukrainian government agencies and Polish entities in cyber attacks since late 2023. In the past, RomCom launched ransomware attacks and cyber espionage campaigns, however, it is ramping up attacks focused on data exfiltration from Ukrainian targets.

Government 124

Government Malware Cyber Attacks Ransomware 124

Security Affairs

MARCH 8, 2025

The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim’s network. Cybersecurity researchers at S-RM team discovered a novel attack technique used by the Akira ransomware gang. Realizing EDR was active, they pivoted by scanning the network for vulnerable devices.

Ransomware 132

Ransomware IoT Encryption Passwords 132

Schneier on Security

MARCH 29, 2024

You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but.

Ransomware 332

Ransomware 332

Krebs on Security

MAY 9, 2023

First up in May’s zero-day flaws is CVE-2023-29336 , which is an “elevation of privilege” weakness in Windows which has a low attack complexity, requires low privileges, and no user interaction. ” Adam Barnett , lead software engineer at Rapid7 , said CVE-2023-24932 deserves a considerably higher threat score.

Malware 296

Malware Software Internet Internet 296

Security Affairs

NOVEMBER 21, 2024

Mexico is investigating a ransomware attack targeting its legal affairs office, as confirmed by the president amidst growing cybersecurity concerns. Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. Knight, also known as Cyclops 2.0,

Government 144

Government Hacking Ransomware Insurance 144

SecureWorld News

NOVEMBER 14, 2024

Ransomware attacks on healthcare organizations have sharply increased in 2024, as shown by recent research from Safety Detectives. Compared to 2023, healthcare providers are facing a higher frequency of ransomware incidents, impacting their ability to deliver essential services and protect sensitive patient data.

Healthcare 119

Healthcare Ransomware Identity Theft Data breaches 119

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. In May 2023, the US Justice Department charged Russian national Mikhail Pavlovich Matveev for his alleged role in multiple ransomware attacks. ” reported RIA Novosti.

Ransomware 120

Ransomware Healthcare Hacking Malware 120

Krebs on Security

JUNE 13, 2023

” Top of the list on that front is CVE-2023-29357 , which is a “critical” bug in Microsoft SharePoint Server that can be exploited by an unauthenticated attacker on the same network. This SharePoint flaw earned a CVSS rating of 9.8 is the most dangerous).

Social Engineering 272

Social Engineering System Administration Authentication Internet 272

Krebs on Security

DECEMBER 4, 2024

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “ Wazawaka ,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest.

Cybercrime 251

Cybercrime Ransomware Cryptocurrency Government 251

Security Affairs

DECEMBER 26, 2024

A ransomware attack on Pittsburgh Regional Transit (PRT) was the root cause of the agency’s service disruptions. On December 23, 2024, Pittsburgh Regional Transit (PRT) announced it was actively responding to a ransomware attack that was first detected on Thursday, December 19.

Ransomware 124

Ransomware Cyber Attacks Hacking Cybersecurity 124

Security Affairs

FEBRUARY 1, 2025

Indian multinational technology company Tata Technologies suspended some IT services following a ransomware attack. Indian multinational Tata Technologies , a Tata Motors subsidiary, suspended some IT services following a ransomware attack. A few days later, the ransomware gang Hive leaked the alleged stolen files on its Tor leak site.

Technology 119

Technology Ransomware Engineering Manufacturing 119

Security Affairs

JUNE 6, 2025

A joint advisory from the US and Australian authorities states that Play ransomware has hit approximately 900 organizations over the past three years. In December 2023, CISA, the FBI, and ACSC warned of Play ransomware’s operation that hit 300 victims by October 2023. ” reads the advisory. de or @web[.]de

Ransomware 97

Ransomware Encryption Antivirus Malware 97

Malwarebytes

DECEMBER 2, 2024

The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world.

Ransomware 132

Ransomware Backups Small Business Hacking 132

Security Affairs

NOVEMBER 9, 2024

A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR) was also recently exploited to deploy Frag ransomware. In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 134

Backups Ransomware VPN Accountability 134

Security Affairs

MAY 13, 2025

A 45-year-old foreign man has been arrested in Moldova for allegedly participating in ransomware attacks on Dutch companies in 2021. He is internationally wanted for multiple cybercrime, including ransomware attacks, blackmail, and money laundering, targeting Dutch companies. million euros.”

Ransomware 109

Ransomware Cybercrime Malware Banking 109

Krebs on Security

JULY 11, 2023

They include CVE-2023-32049 , which is a hole in Windows SmartScreen that lets malware bypass security warning prompts; and CVE-2023-35311 allows attackers to bypass security features in Microsoft Outlook. CVE-2023-36874 is an elevation of privilege bug in the Windows Error Reporting Service.

Software 254

Software Malware Antivirus Ransomware 254

ZoneAlarm

DECEMBER 9, 2024

Ransomware attacks continue to disrupt industries worldwide, with healthcare remaining a high-profile target due to the sensitivity and critical nature of its data. Anna Jaques Hospital experienced a ransomware attack in late 2023, exposing confidential information of over 310,000 patients.

Ransomware 88

Ransomware Healthcare Cybersecurity 88

Security Affairs

MAY 4, 2025

A 36-year-old Yemeni man behind Black Kingdom ransomware is indicted in the U.S. authorities have indicted Rami Khaled Ahmed (aka Black Kingdom, of Sanaa, Yemen), a 36-year-old Yemeni national, suspected of being the administrator of the Black Kingdom ransomware operation. for 1,500 attacks on Microsoft Exchange servers.

Ransomware 116

Ransomware Encryption VPN Malware 116

Krebs on Security

FEBRUARY 20, 2024

authorities have seized the darknet websites run by LockBit , a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. In May 2023, U.S. First surfacing in September 2019, the gang is estimated to have made hundreds of millions of U.S.

Ransomware 331

Ransomware Cybercrime Encryption Insurance 331

Security Affairs

MARCH 24, 2025

The Cloak ransomware group claims responsibility for a cyberattack on the Virginia Attorney Generals Office that occurred in February. The ransomware group Cloak has claimed responsibility for a February cyberattack on the Virginia Attorney General Office. ” reads a report published by Halcyon.

Ransomware 105

Ransomware Hacking Social Engineering Healthcare 105

Krebs on Security

MARCH 5, 2024

healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. BlackCat is known as a “ransomware-as-service” collective, meaning they rely on freelancers or affiliates to infect new networks with their ransomware. There are indications that U.S.

Healthcare 354

Healthcare Ransomware Scams Insurance 354

Krebs on Security

SEPTEMBER 18, 2023

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The 8Base ransomware group’s victim shaming website on the darknet.

Ransomware 321

Ransomware Accountability Encryption Internet 321

Krebs on Security

NOVEMBER 14, 2024

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator , the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Mr. Shefel did not respond to requests for comment in advance of that December 2023 profile.

Advertising 275

Advertising Retail Cryptocurrency Cybercrime 275

Security Affairs

DECEMBER 21, 2024

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks, pleading guilty to fraud charges in June. Romanian national Daniel Christian Hulea, 30, was sentenced to 20 years in prison for his role in NetWalker ransomware attacks. ” reads the press release published by DoJ. in restitution.”

Ransomware 109

Ransomware Healthcare Government Cryptocurrency 109

Digital Shadows

NOVEMBER 12, 2024

Top MITRE Technique: Spearphishing The construction sector is no stranger to phishing attacks, which topped the list of initial access techniques between October 1, 2023, and September 30, 2024. This is likely driven by the vast amounts of sensitive data that organizations hold and their critical need to maintain operational continuity.

Ransomware 111

Ransomware Phishing Cyber threats Malware 111

Lohrman on Security

SEPTEMBER 3, 2023

Reports from cybersecurity companies in 2023 show mixed trends regarding the number of global data breaches, ransomware attacks, records affected and government costs. But one thing is clear: Cyber attack impacts steadily grow.

Data breaches 246

Data breaches Ransomware Cyber Attacks Government 246

Krebs on Security

APRIL 30, 2025

“tylerb”) fled the United Kingdom in February 2023, after a rival cybercrime gang hired thugs to invade his home, assault his mother, and threaten to burn him with a blowtorch unless he gave up the keys to his cryptocurrency wallet. Tyler Buchanan, being escorted by Spanish police at the airport in Palma de Mallorca in June 2024.

Identity Theft 195

Identity Theft Phishing Cryptocurrency Cybercrime 195

Security Affairs

MARCH 7, 2025

Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024. The Symantec Threat Hunter Team reported that the Medusa ransomware operators have claimed nearly 400 victims since January 2023. Experts tracked the Medusa ransomware activity as Spearwing.

Ransomware 64

Ransomware Antivirus Healthcare Encryption 64

Security Affairs

FEBRUARY 11, 2025

Authorities dismantled the 8Base ransomware gang, shutting down its dark web data leak and negotiation sites. An international law enforcement operation, codenamed Operation Phobos Aetor, dismantled the 8Base ransomware gang. The ransomware component is then decrypted and loaded into the SmokeLoader process memory.

Ransomware 74

Ransomware Encryption Backups Malware 74

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. According to several SIM-swapping channels on Telegram where Tylerb was known to frequent, rival SIM-swappers hired thugs to invade his home in February 2023. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft 269

Identity Theft Phishing Cryptocurrency Accountability 269

Krebs on Security

DECEMBER 10, 2024

“Ransomware authors who have abused previous CLFS vulnerabilities will be only too pleased to get their hands on a fresh one,” wrote Adam Barnett , lead software engineer at Rapid7. The security firm Rapid7 notes there have been a series of zero-day elevation of privilege flaws in CLFS over the past few years.

Engineering 254

Engineering Authentication Software Accountability 254