Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Ransomware Attacks: In 2023, a whopping 72.7% of organizations faced ransomware. RaaS usage is expected to increase by 25% in 2024. Shockingly, 96% of these attacks come through email.

Social Engineering 118

Social Engineering Cyber Attacks Cyber Insurance IoT 118

eSecurity Planet

DECEMBER 19, 2023

2023 cybersecurity issues will continue: Weak IT fundamentals, poor cybersecurity awareness, and ransomware will still cause problems and make headlines. In 2024, AI poisoning attacks will become the new software supply chain attacks. Bottom line: Prepare now based on risk.

Cybersecurity 140

Cybersecurity CISO Government Technology 140

Security Affairs

FEBRUARY 17, 2024

CISA warns that the Akira Ransomware gang is exploiting the Cisco ASA/FTD vulnerability CVE-2020-3259 (CVSS score: 7.5) The issue was listed by CISA as known to be used in ransomware campaigns, but the agency did not reveal which ransomware groups are actively exploiting the issue. in attacks in the wild. This week the U.S.

Ransomware 125

Ransomware VPN Education Hacking 125

SecureList

JANUARY 17, 2024

In 2023, for instance, there was a significant rise in posts offering login credentials and passwords for various personal and work accounts. This points to a continuous rise in companies falling prey to ransomware. They typically emerge when a new ransomware group appears.

Marketing 111

Marketing Cryptocurrency Malware Ransomware 111

Security Affairs

FEBRUARY 10, 2024

Bitdefender Researchers linked a new macOS backdoor, named RustDoor, to the Black Basta and Alphv/BlackCat ransomware operations. Researchers from Bitdefender discovered a new macOS backdoor, dubbed RustDoor, which appears to be linked to ransomware operations Black Basta and Alphv/BlackCat. ” concludes the report.

Ransomware 116

Ransomware Architecture Malware Passwords 116

Malwarebytes

FEBRUARY 6, 2024

Released today, the Malwarebytes State of Malware 2024 report takes a deep dive into the latest developments in the world of cybercrime. Passwords Google and Microsoft made good on their promise to back passkeys , an encryption-based alternative to passwords that can’t be stolen, guessed, cracked, or phished.

Malware 77

Malware Passwords Identity Theft Banking 77

Security Affairs

MARCH 8, 2024

The ransomware attack on Xplain impacted tens of thousands Federal government files, said the National Cyber Security Centre (NCSC) of Switzerland. The National Cyber Security Centre (NCSC) published a data analysis report on the data breach resulting from the ransomware attack on the IT services provider Xplain.

Ransomware 113

Ransomware Data breaches Unstructured Data Architecture 113

SecureList

APRIL 15, 2024

They generated a custom version of the ransomware, which used the aforementioned account credential to spread across the network and perform malicious activities, such as killing Windows Defender and erasing Windows Event Logs in order to encrypt the data and cover its tracks. Revisiting the LockBit 3.0 builder files The LockBit 3.0

Ransomware 96

Ransomware Encryption Passwords Accountability 96

Security Affairs

JANUARY 24, 2024

A ransomware attack against the Finnish IT services provider Tietoevry disrupted the services of some Swedish government agencies and shops. The company said that the ransomware attack took place on Friday night and impacted only one data center in Sweden. The company later confirmed the news of an Akira ransomware attack.

Ransomware 104

Ransomware VPN Government Retail 104

eSecurity Planet

FEBRUARY 26, 2024

February 19, 2024 Microsoft Exchange Servers Vulnerable to Privilege Escalation Attacks Type of vulnerability: Critical severity privilege escalation vulnerability. The problem: CVE-2024-21410 allows remote attackers to carry out NTLM relay attacks on Microsoft Exchange Servers, providing them with privileged access.

Risk 111

Risk Authentication System Administration Ransomware 111

Krebs on Security

MAY 13, 2024

and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. used the password 225948. ” In an October 2013 discussion on the cybercrime forum Exploit , NeroWolfe weighed in on the karmic ramifications of ransomware. and admin@stairwell.ru

Ransomware 244

Ransomware Cybercrime Accountability Malware 244

eSecurity Planet

APRIL 29, 2024

An old Microsoft Windows spooler flaw is added to the CISA KEV list, and the Cactus Ransomware gang currently pursues unfixed Qlik Sense servers with a vulnerability patched in September 2023. April 22, 2024 CISA Adds 2022 Windows Print Spooler Vulnerability to KEV Catalog Type of vulnerability: Elevation of privilege.

Firewall 110

Firewall Software Ransomware Penetration Testing 110

Krebs on Security

JANUARY 30, 2024

9, 2024, U.S. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. LastPass said criminal hackers had stolen encrypted copies of some password vaults, as well as other personal information. technology companies during the summer of 2022. According to an Aug.

Social Engineering 327

Social Engineering Mobile Cybercrime Passwords 327

Security Affairs

MARCH 24, 2024

surfaces in the threat landscape Pokemon Company resets some users’ passwords Ukraine cyber police arrested crooks selling 100 million compromised accounts New AcidPour wiper targets Linux x86 devices. Is it a Russia’s weapon? Players hacked during the matches of Apex Legends Global Series.

Malware 95

Malware Cybercrime Hacking Cyber threats 95

Malwarebytes

APRIL 23, 2024

On Wednesday February 21, 2024, Change Healthcare experienced serious system outages due to the cyberattack. The attack on Change Healthcare, which processes about 50% of US medical claims, was one of the worst ransomware attacks against American healthcare and caused widespread disruption in payments to doctors and health facilities.

Healthcare 128

Healthcare Identity Theft Passwords Data breaches 128

Security Affairs

FEBRUARY 4, 2024

Ransomware Revenue Down As More Victims Refuse to Pay Energy giant Schneider Electric hit by Cactus ransomware attack Hundreds Of Network Operators’ Credentials Found Circulating In Dark Web Fla.

Identity Theft 102

Identity Theft VPN Malware Ransomware 102

Security Affairs

FEBRUARY 4, 2024

Such data could be extremely valuable for both initial access brokers and ransomware groups familiar with AnyDesk, often abused as one of the tools following successful network intrusions. Some users may not have changed their password, or this process might still be ongoing. ” However, there seems to be an issue with it.

Scams 122

Scams Passwords Phishing Accountability 122

eSecurity Planet

MARCH 19, 2024

March 8, 2024 150,000 Fortinet Secure Web Gateways Remain Exposed Type of vulnerability: Arbitrary code execution (ACE). The problem: The FortiOS SSL VPN feature vulnerability, CVE-2024-21762, disclosed February 8th , remains exposed to attack on nearly 150,000 devices according to the ShadowServer Foundation website.

Authentication 117

Authentication VPN Software DDOS 117

Malwarebytes

FEBRUARY 13, 2024

On February 9, 2024, the Justice Department announced that an international operation had seized internet domains that were selling information-stealing malware. On February 7, 2024, two suspects were arrested in Malta and Nigeria, accused of selling the malware and supporting cybercriminals who used it for malicious purposes.

Social Engineering 109

Social Engineering Internet Internet Malware 109

eSecurity Planet

MARCH 4, 2024

State actors actively attack Ivanti, Ubiquity, and Microsoft’s Windows AppLocker, and ransomware attackers probe for unpatched ScreenConnect servers in this week’s vulnerability recap. February 26, 2024 FCKeditor Used for SEO Poisoning on Government, University Sites Type of vulnerability: Malicious URL redirect.

IoT 114

IoT Internet Internet Ransomware 114

Security Affairs

MARCH 16, 2024

Email addresses, phone numbers, passwords and financial data are not exposed. The investigation conducted by France’s Cybermalveillance cybercrime prevention initiative revealed that threat actors stole the personal information of 43 million people between February 6 and March 5, 2024.

Data breaches 104

Data breaches Cybercrime Government Ransomware 104

eSecurity Planet

JANUARY 29, 2024

January 19, 2024 Critical VMware vCenter Server Zero-Day Under Attack Since 2021 Type of vulnerability: Remote code execution (RCE) vulnerability. January 22, 2024 Apple Fixes 16 Vulnerabilities, Including Exploited Zero Days Type of vulnerability: A type confusion issue enables arbitrary code execution (ACE) attacks.

Software 111

Software Authentication CSO Accountability 111

Security Affairs

NOVEMBER 19, 2023

Israeli man sentenced to 80 months in prison for providing hacker-for-hire services Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine The board of directors of OpenAI fired Sam Altman Medusa ransomware gang claims the hack of Toyota Financial Services CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog (..)

Data breaches 92

Data breaches Identity Theft Ransomware Hacking 92

Malwarebytes

MARCH 5, 2024

As revealed in our 2024 ThreatDown State of Malware report, a full 11% of all detections recorded by Malwarebytes on Mac computers in 2023 were for different variants of malware—the catch-all term that cybersecurity researchers use to refer to ransomware, trojans, info stealers, worms, viruses, and more.

Malware 136

Malware Adware Ransomware Social Engineering 136

Krebs on Security

FEBRUARY 1, 2024

In a SIM-swapping attack, the crooks transfer the target’s phone number to a device they control, allowing them to intercept any text messages or phone calls sent to the victim, including one-time passcodes for authentication or password reset links sent via SMS. 2, 2024.

Cryptocurrency 244

Cryptocurrency Ransomware Retail Government 244

Malwarebytes

FEBRUARY 9, 2024

It also includes methods deployed by Russian Federation state-sponsored actors, and will likely apply to Ransomware-as-a-Service (RaaS) gangs that leverage legitimate tools to evade detection too. Use endpoint security software that can prevent exploits and malware used to deliver ransomware. Block common forms of entry.

Software 145

Software Ransomware Backups Manufacturing 145

eSecurity Planet

MAY 30, 2024

Ransomware attacks and data breaches make headlines when they shut down huge connected healthcare providers such as Ascension Healthcare or Change Healthcare. 2024 looks like it will only increase the number of affected individuals considering the scale of ransomware attacks from the first half of the year in the USA, Canada, and Australia.

Healthcare 73

Healthcare Cybersecurity Backups Ransomware 73

Malwarebytes

FEBRUARY 28, 2024

In late January 2024, the ThreatDown Managed Detection and Response (MDR) team found and stopped a three-month long malware campaign against a Managed Service Provider (MSP) based in Europe. Changing all administrative and local passwords three times to fortify security. Detection of malware leveraging RMM tools.

Malware 85

Malware DNS Surveillance Backups 85

Security Affairs

JANUARY 19, 2024

In December 2023, VF Corp announced it was the victim of a ransomware attack and was forced to take some systems down to contain the threat. ” reads a Form 8-K filed with the Securities and Exchange Commission (SEC) on January 18, 2024. VF Corp also added that it has found no evidence that customer passwords were stolen.

Data breaches 109

Data breaches Retail Insurance Passwords 109

Malwarebytes

OCTOBER 6, 2023

Recently, Amazon announced that it will require all privileged Amazon Web Services (AWS) accounts to use multi-factor authentication (MFA) , starting in mid-2024. Our regular readers will know that we feel that passwords alone are not adequate protection , especially not for your important accounts. Get a free trial below.

Authentication 124

Authentication Passwords Social Engineering Accountability 124

Security Affairs

APRIL 7, 2024

A researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as , tracked as CVE-2024-3273 , that impacts multiple end-of-life D-Link Network Attached Storage (NAS) device models. This trick allows attackers to obtain bypass authentication.

Internet 130

Internet Internet DNS Hacking 130

Security Boulevard

APRIL 28, 2024

In episode 327 Tom, Scott, and Kevin discuss the findings from Mandiant’s M-Trends 2024 report, highlighting a significant rise in traditional vulnerability exploitation by attackers while observing a decline in phishing. Despite phishing’s decreased prevalence, it remains the second most popular method for gaining initial network access.

Phishing 72

Phishing Data privacy Passwords Technology 72

IT Security Guru

MAY 20, 2024

Today, common cyber threats include phishing, ransomware, and malware attacks, each capable of significantly disrupting operations and compromising sensitive data. These sessions should cover critical topics like phishing, which tricks you into giving out sensitive information, and password security to protect your data.

Cybersecurity 114

Cybersecurity Backups Cyber threats Mobile 114

Security Affairs

DECEMBER 10, 2023

billion personal records compromised by data breaches in past two years — underscoring need for end‑to‑end encryption Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter)

Data breaches 85

Data breaches Ransomware Hacking Financial Services 85

SecureWorld News

MARCH 27, 2023

Cybersecurity education is a central component of landmark House Bill 1398 , signed into law by Governor Doug Burnum and expected to garner final approval July 1, 2024. T he move is fitting as schools are being targeted more and more by ransomware criminals that put student data at risk. North Dakota is the first state in the U.S.

Education 78

Education Cybersecurity Scams Cybercrime 78

eSecurity Planet

JULY 8, 2022

The four new security standards selected by NIST will become part of a quantum-safe cryptography standard released as soon as 2024. Just as an eight-digit password was once considered nigh-unbreakable through brute force tactics, quantum computing has the potential of rendering our current cryptography and security meaningless.

Encryption 137

Encryption Technology Artificial Intelligence Backups 137

eSecurity Planet

MAY 24, 2024

To improve security and prevent unwanted access, best practices include limiting access to authorized users, enforcing strong password restrictions, and utilizing multi-factor authentication (MFA). Secure your storage methods: Encrypt and hash passwords and other authentication data to ensure their security.

Encryption 117

Encryption Risk Passwords Authentication 117