Cybercrime, InfoSec and VPN - Cyber Security Informer

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 10, 2023

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital North Korea-linked threat actors target cybersecurity experts with a zero-day Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks Nation-state actors (..)

DDOS

DDOS VPN Data breaches Cybercrime

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

Read more at [link] #Cybersecurity #InfoSec #Ransomware — US-CERT (@USCERT_gov) July 15, 2021. Other groups targeted known vulnerabilities in SonicWall devices in the past, such as the UNC2447 cybercrime gang that exploited the CVE-2021-20016 zero-day bug in SonicWall SMA 100 Series VPN appliances to deliver the FiveHands ransomware.

Ransomware

Ransomware Firmware Mobile InfoSec

Lapsus$ gang claims to have hacked Microsoft source code repositories

Security Affairs

MARCH 21, 2022

Microsoft announced that is investigating claims that the Lapsus$ cybercrime gang breached their internal Azure DevOps source code repositories and stolen data. Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted.

Hacking

Hacking InfoSec Telecommunications Cybercrime

Cisco was hacked by the Yanluowang ransomware gang

Security Affairs

AUGUST 10, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. “Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account. ” reads the analysis published by Cisco Talos.

Ransomware

Ransomware Hacking VPN Phishing

The State of Data Breaches, Part 2: The Trilogy of Players

Troy Hunt

JUNE 30, 2024

A dropped VPN connection. Increasingly, we're seeing formal government entities issue much broader infosec advice, for example, as our Australian Signals Directorate regularly does. An email address, handle or password used somewhere else that links to their identity. An incorrect assumption about the anonymity of cryptocurrency.

Data breaches

Data breaches Government InfoSec Passwords

Preventing Critical Email Attacks: Brian Krebs and Mike Britton Discuss

SecureWorld News

MARCH 17, 2022

These attackers will use a variety of lures to pull people in, but a lot of the phishing has been centered around updating the VPN for a client or employee, or redirecting users to phishing sites that look a lot like their collaborative platform login page. And you know, that can cause a potential loss for that organization.".

InfoSec

InfoSec Social Engineering Phishing Cybercrime

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

ransomfeed #security #infosec #energychina pic.twitter.com/deRRximVPd — Ransomfeed (@ransomfeed) November 25, 2023 The China Energy Engineering Corporation (CEEC) is a state-owned company in China that operates in the energy and infrastructure sectors. VPNs, RDPs) to gain initial access to the target network and maintain persistence.

Ransomware

Ransomware Hacking Engineering Manufacturing

Threats to ICS and industrial enterprises in 2022

SecureList

NOVEMBER 23, 2021

Further evolution of cyberthreats as a response to infosec tools and measures. The debate about which threats pose the most danger to industrial enterprises often revolves around comparisons between APTs and cybercrime. Update firewalls and SSL VPN gateways in good time. Actions of various attacker categories.

Spyware

Spyware Phishing Cybercrime Energy and Utilities

The Story of Manuel’s Java RAT.

Security Affairs

JANUARY 25, 2019

As anticipated before, the “ longText ” variable encodes a JAR executable containing the infamous, multi-platform (Win/macOS), Adwind/JRat malware: a Remote Access Tool well known to the InfoSec community. The remote destination address 185.244.30.93, belonging to “Stajazk VPN” services, hosts the control server reachable on port tcp/9888.

Malware

Malware VPN Advertising InfoSec

Scattered Spider x RansomHub: A New Partnership

Digital Shadows

OCTOBER 23, 2024

In this report, we explore Scattered Spider’s evolution from low-level cybercrimes to partnering with ransomware groups to target major organizations. Exploiting VPN and ESXi for Undercover Operations At this stage of the attack, visibility was lost as unmanaged devices were used.

Social Engineering

Social Engineering Engineering Accountability Backups

Cyber CEO: 7 Tips to Stay Cyber Safe While Online Holiday Shopping

Herjavec Group

NOVEMBER 23, 2021

My gift to you this holiday season is a list of tips that will help you as a customer avoid adding cybercrime to that long list of stressors. If you must use one to make a purchase, use a Virtual Private Network (VPN) to keep your information protected. Verify Email Offers and Shipping Confirmations.

Cybercrime

Cybercrime InfoSec Encryption Risk

Scattered Spider x RansomHub: A New Partnership

Digital Shadows

OCTOBER 23, 2024

In this report, we explore Scattered Spider’s evolution from low-level cybercrimes to partnering with ransomware groups to target major organizations. Exploiting VPN and ESXi for Undercover Operations At this stage of the attack, visibility was lost as unmanaged devices were used.

Social Engineering

Social Engineering Engineering Accountability Backups

DDoS attacks in Q2 2022

SecureList

AUGUST 3, 2022

The incident prompted the school district administration to contract a specialized infosec provider for DDoS protection. In particular, they use VPN, proxy servers, and infected devices located in the same region as the target to render blocking pointless. As usual, the gaming industry was targeted too.

DDOS

DDOS Government Marketing IoT

The Hacker Mind Podcast: The Fog of Cyber War

ForAllSecure

JULY 6, 2022

There’s an online war in Ukraine, one that you haven’t heard much about because that country is holding its own with an army of infosec volunteers worldwide. RSAC also attracts some of the top researchers in infosec. It’s about challenging our expectations about the people who hack for a living.

Cybercrime

Cybercrime Government Ransomware Hacking

Cisco’s CISO of the Month – Esmond Kane

Cisco Security

JUNE 25, 2021

First of all, while I am honoured and deeply thankful for the recognition, I believe strongly that Security is a team effort and I must acknowledge the superb InfoSec team in Steward but also the Steward workforce. Read on to learn about his journey and how he leads his team: What were you doing when you got your first taste of cybersecurity?

CISO

CISO Healthcare InfoSec Computers and Electronics

Cyber Security Informer

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

HelloKitty ransomware gang targets vulnerable SonicWall devices

Trending Sources

Lapsus$ gang claims to have hacked Microsoft source code repositories

Cisco was hacked by the Yanluowang ransomware gang

The State of Data Breaches, Part 2: The Trilogy of Players

Preventing Critical Email Attacks: Brian Krebs and Mike Britton Discuss

Rhysida ransomware gang claimed China Energy hack

Threats to ICS and industrial enterprises in 2022

The Story of Manuel’s Java RAT.

Scattered Spider x RansomHub: A New Partnership

Cyber CEO: 7 Tips to Stay Cyber Safe While Online Holiday Shopping

Scattered Spider x RansomHub: A New Partnership

DDoS attacks in Q2 2022

The Hacker Mind Podcast: The Fog of Cyber War

Cisco’s CISO of the Month – Esmond Kane

Stay Connected