What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-17 14:36:33 | AXA Confirms Ransomware Attack Impacted Operations in Asia (lien direct) | France-based insurance giant AXA has confirmed that some of its operations in Asia have been impacted by a ransomware attack. A cybercrime gang that uses a piece of ransomware named Avaddon appears to be behind the attack. | Ransomware | ||
 |
2021-05-17 13:48:43 | DarkSide Gang and the New Golden Age of Piracy (lien direct) |
Late on Friday May 7, 2021, Colonial Pipeline, the company that runs the largest gasoline pipeline in the US, shut down operations following a ransomware attack on their systems. It later emerged that a relatively new ransomware-as-a-service criminal organization known as DarkSide was behind the attack - but there was a twist. |
Ransomware | ||
 |
2021-05-17 11:15:00 | Conti ransomware syndicate behind attack on Irish health service (lien direct) | Pas de details / No more details | Ransomware | ||
 |
2021-05-17 10:33:18 | Expert Comment on Irish Health Service Ransomware Attack (lien direct) | Following the news that Ireland's health service has closed down its computer systems after a 'significant ransomware attack', please see below for comment from security experts. Following the news that Ireland's health service has… | Ransomware | ||
 |
2021-05-17 10:25:59 | Cyberinsurance giant AXA hit by ransomware attack after saying it would stop covering ransom payments (lien direct) | One week after the French branch of cyberinsurance giant AXA said that it would no longer be writing policies to cover ransomware payments, the company's operations in Thailand, Malaysia, Hong Kong, and the Phillippines have reportedly been hit... by a ransomware attack. | Ransomware | ||
|
2021-05-17 10:25:14 | French Appeal Set for Convicted Russian Money Launderer (lien direct) | Russian Alexander Vinnik, jailed last year for money laundering, begins an appeal at a Paris court Tuesday, as prosecutors challenge his acquittal on charges that he masterminded massive ransomware attacks. | Ransomware | ||
 |
2021-05-17 09:35:00 | Cybercrime Forum Bans Ransomware Activity (lien direct) | XSS complains of “too much PR” from recent incidents | Ransomware | ||
|
2021-05-17 09:15:00 | Toshiba Business Reportedly Hit by DarkSide Ransomware (lien direct) | Ransomware group said to have stolen over 700GB of data | Ransomware | ||
 |
2021-05-17 08:35:15 | Irish healthcare system suffers two cyber-attacks (lien direct) | It has been confirmed that Ireland’s healthcare system fell victim to two cyber-attacks on Thursday and Friday last week. The Department of Health reported that its IT systems were shut down after the first ransomware attack on Thursday. On Friday a similar attack was launched against the Health Service Executive (HSE) causing “substantial” cancellations to […] | Ransomware | ||
|
2021-05-17 08:28:31 | Insurance giant hit by ransomware (lien direct) | Over the weekend AXA, an insurance giant based in Thailand, Malaysia, Hong Kong and the Philippines, reported falling victim to a ransomware attack. The attack is claimed to have been perpetrated by the Avaddon ransomware group, which has said it stole 3 TB of sensitive data from AXA’s Asian operations. The attack was not limited […] | Ransomware | ||
 |
2021-05-17 06:19:59 | Conti ransomware demanded $20M ransom to Ireland Health Service Executive (lien direct) | Ireland Health Service Executive (HSE) refuses to pay a $20 million ransom demand after its systems were hit by the Conti ransomware gang. Ireland's Health Service Executive that was forced to shut down its IT systems on Friday after being targeted with a significant ransomware attack. The Health Service Executive opted to shut down its infrastructure as a […] | Ransomware | ||
 |
2021-05-17 00:26:31 | U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized (lien direct) | Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure.
All the dark websites operated by the gang, including its DarkSide Leaks blog, ransom collection site, and breach data content |
Ransomware | ||
 |
2021-05-17 00:00:00 | Newly Discovered Function in DarkSide Ransomware Variant Targets Disk Partitions (lien direct) | FortiGuard Labs has uncovered additional tactics used by the DarkSide Threat Actors, primarily the discovery of the DarkSide ransomware seeking out partition information. Learn more.
|
Ransomware Threat | ||
|
2021-05-17 00:00:00 | Analyzing the History of Ransomware Across Industries (lien direct) | We take a dive into the history of ransomware across industries explaining how these threats are still looming today. Learn more.
|
Ransomware | ★★★★ | |
|
2021-05-16 17:44:58 | Avaddon Ransomware gang hacked France-based Acer Finance and AXA Asia (lien direct) | Avaddon ransomware gang has breached the France-based financial consultancy firm Acer Finance. Avaddon ransomware gang made the headlines again, the cybercrime gang has breached the France-based financial consultancy firm Acer Finance. Acer Finance operates as an investment management company. The Company offers risk management, mutual funds, analysis, financial planning, and advisory services. Acer Finance serves […] | Ransomware | ★★★★★ | |
 |
2021-05-16 12:24:32 | Insurer AXA hit by ransomware after dropping support for ransom payments (lien direct) | Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack. As seen by BleepingComputer yesterday, the Avaddon ransomware group claimed on their leak site that they had stolen over 3 TB of sensitive data from AXA's Asian operations. [...] | Ransomware | ||
|
2021-05-16 09:51:58 | Security Affairs newsletter Round 314 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. CISA MAR report provides technical details of FiveHands Ransomware SQL injection issue in Anti-Spam WordPress Plugin exposes User Data TsuNAME flaw exposes DNS servers to DDoS attacks City of Tulsa, […] | Ransomware | ||
 |
2021-05-16 00:17:39 | Ransomware : après les blogs, les graphistes, les sites de ventes aux enchères, voici le site SAV (lien direct) | Le business du ransomware possède de multiples ramifications économiques toutes aussi étonnantes qu'inquiétantes. Après le traducteur, le graphiste, le webmaster, voici le fournisseur de Service Après-vente pour groupes de maîtres chanteurs.... | Ransomware | ||
 |
2021-05-15 20:33:28 | Episode 214: Darkside Down: What The Colonial Attack Means For The Future of Ransomware (lien direct) | Intel 471 CISO Brandon Hoffman joins us to to discuss Darkside, the ransomware group that attacked the Colonial Pipeline, why the crew may have bitten off more than it can chew and what the attack says about the state of America's Critical Infrastructure.
The post Episode 214: Darkside Down: What The Colonial Attack Means For The Future of...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/652414106/0/thesecurityledger -->»
|
Ransomware | ||
|
2021-05-15 13:40:26 | Ireland\'s Health Services hit with $20 million ransomware demand (lien direct) | Ireland's health service, the HSE, says they are refusing to pay a $20 million ransom demand to the Conti ransomware gang after the hackers encrypted computers and disrupted health care in the country. [...] | Ransomware | ★★★★ | |
|
2021-05-15 12:31:40 | Major hacking forums XSS and Exploit ban ads from ransomware gangs (lien direct) | XSS forum (previously known as DaMaGeLab) one of the most popular hacking forums, announced that it would ban the ads published by ransomware gangs. The popular hacking forum XSS forum, previously known as DaMaGeLab, announced that that it would ban the ads published by ransomware gangs. The forum is one the most important places of […] | Ransomware | ||
|
2021-05-15 08:41:55 | QNAP warns of eCh0raix ransomware and Roon Server zero-day attacks (lien direct) | QNAP warns of an actively exploited Roon Server zero-day flaw and eCh0raix ransomware attacks on its NAS devices. QNAP warns customers of threat actors that are targeting its Network Attached Storage (NAS) devices with eCh0raix ransomware attacks and exploiting a Roon Server zero-day vulnerability. The Taiwanese vendor was informed of ongoing eCh0raix ransomware attacks that […] | Ransomware Threat | ||
 |
2021-05-14 22:00:39 | What\'s on Cybersecurity Experts\' Minds: RSA Conference 2021 (lien direct) | Greg Day discusses key trends at the upcoming RSA Conference 2021, including focus on ransomware attacks, vulnerability management and more. | Ransomware Vulnerability | ||
|
2021-05-14 20:21:22 | Solving the Ransomware Crisis (lien direct) |
Ransomware attacks are trivial to execute and there is little, if any, risk and no penalties for the attackers. As a victim, there are no good choices once an organization is hit by ransomware. You can ignore the ransom demand and restore your data from backups and take your chances with the risk of data exposure. At the same time, the reality is that it doesn't pay to pay--it is not a guarantee that you will get all of the data back in a usable state.
In addition, when you pay the ransom you are essentially funding these criminals who are acting as terrorists. The chances are that you are funding additional research and development of the next exploit or ransomware variant, so paying the ransom just makes the problem bigger.
Organizations that pay the ransom also risk putting a bullseye on their backs-making themselves attractive targets for future ransomware attacks because they have established that they're willing to pay. The only good option is to avoid having your data stolen or encrypted in the first place, which is why it needs to be a global priority to solve this crisis. |
Ransomware | ||
|
2021-05-14 19:29:43 | Darkside gang lost control of their servers and funds (lien direct) | The operators of the Darkside ransomware announced that they have lost control of their infrastructure and part of the funds the gang obtained from the victims. Darkside ransomware operators say they have lost control of their servers and funds resulting from their extortion activity, the funds were transferred to an unknown wallet. “The funds, which […] | Ransomware | ||
 |
2021-05-14 19:18:41 | Verizon\'s 2021 DBIR: Phishing and ransomware threats looming ever larger (lien direct) | The report provides unique insights into how the COVID-19 pandemic affected the data breach landscape | Ransomware Data Breach | ||
|
2021-05-14 17:35:22 | DarkSide Ransomware Shutdown: An Exit Scam or Running for Hills? (lien direct) | The criminal gang behind the disruptive Colonial Pipeline ransomware hack says it is shutting down operations, but threat hunters believe the group will reemerge with a new name and new ransomware variants. | Ransomware Hack Threat | ||
|
2021-05-14 16:51:57 | Ransomware ads now also banned on Exploit cybercrime forum (lien direct) | The team behind Exploit, a major cybercrime forum used by ransomware gangs to hire affiliates and advertise their Ransomware-as-a-Service (RaaS) services, has announced that ransomware ads are now banned and will be removed. [...] | Ransomware | ||
 |
2021-05-14 16:17:50 | Ireland\'s health care system taken down after ransomware attack (lien direct) | Doctors left unable to access patient records after "very sophisticated" attack. | Ransomware | ||
 |
2021-05-14 16:05:13 | DarkSide Ransomware Suffers \'Oh, Crap!\' Server Shutdowns (lien direct) | The RaaS that crippled Colonial Pipeline lost the servers it uses to pull off ransomware attacks, while REvil's gonads shrank in response. | Ransomware | ||
 |
2021-05-14 15:45:11 | Le système de santé irlandais paralysé par le ransomware Conti (lien direct) | Les experts cyber de One Identity et Zscaler vous proposent leur commentaire ainsi que des informations sur le ransomware Conti, à l'origine de la cyberattaque de ransomware paralysant le système de santé Irlandais, HSE (selon la Chief Operations Officer du HSE). The post Le système de santé irlandais paralysé par le ransomware Conti first appeared on UnderNews. | Ransomware | ||
 |
2021-05-14 15:44:45 | DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized (lien direct) | The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained funds from an account the group uses to pay affiliates. | Ransomware | ||
|
2021-05-14 14:39:33 | The Week in Ransomware - May 14th 2021 - One down, many more to go (lien direct) | Ransomware took the media spotlight this week after a ransomware gang known as DarkSide targeted critical infrastructure in the USA. [...] | Ransomware | ||
|
2021-05-14 13:24:37 | DarkSide Ransomware Hits Toshiba Tec Group (lien direct) | The DarkSide ransomware threat that triggered the shut down of the Colonial pipeline is growing. It was reported yesterday that German Chemical distribution giant Brenntag paid a $4.4 million ransom to DarkSide operators. Today Toshiba Tec Corp announced a 'cyberattack on European subsidiaries of the Toshiba Tec Group'. | Ransomware | ||
|
2021-05-14 13:00:22 | Palo Alto Networks Leads Efforts to Combat Ransomware (lien direct) | Palo Alto Networks is committed to combating ransomware with the Ransomware Task Force (RTF). The RTF recently shared key goals and recommendations. | Ransomware | ||
|
2021-05-14 12:53:30 | Insurer CNA Fully Restores Systems Following Ransomware Attack (lien direct) | Commercial insurer CNA this week announced that it has fully restored its systems following a ransomware attack two months ago. | Ransomware | ||
|
2021-05-14 12:32:00 | Ireland\'s Healthcare System\'s IT Offline Following Ransomware Attack (lien direct) | HSE Ireland reveals it has taken its IT systems offline due to a "significant ransomware attack" | Ransomware | ||
|
2021-05-14 12:30:43 | Ransomware\'s New Swindle: Triple Extortion (lien direct) | Ransomware attackers are now demanding cash from the customers of victims too. | Ransomware | ||
 |
2021-05-14 11:45:00 | Toshiba unit struck by DarkSide ransomware group (lien direct) | Following Colonial Pipeline, a DarkSide affiliate has claimed another victim. | Ransomware | ||
|
2021-05-14 11:30:27 | Ransomware Is Getting Ugly (lien direct) | Modern ransomware has two dimensions: pay to get your data back, and pay not to have your data dumped on the Internet. The DC police are the victims of this ransomware, and the criminals have just posted personnel records — “including the results of psychological assessments and polygraph tests; driver’s license images; fingerprints; social security numbers; dates of birth; and residential, financial, and marriage histories” — for two dozen police officers. The negotiations don’t seem to be doing well. The criminals want $4M. The DC police offered them $100,000... | Ransomware | ||
|
2021-05-14 11:30:06 | (Déjà vu) Ireland\'s Health Service Executive hit by ransomware attack (lien direct) | Ireland's Health Service Executive service shut down its IT systems after they were hit with a “significant ransomware attack.” Another major ransomware attack made the headlines, this time the victim is Ireland's Health Service Executive that was forced to shut down its IT systems on Friday. After being targeted with a significant ransomware attack the Health Service […] | Ransomware | ||
|
2021-05-14 10:55:49 | Critical Infrastructure Remains At Risk Following Ransomware Attack (lien direct) | Critical infrastructure has increasingly become a top target for cybercriminals. Over the weekend, we learned of the ransomware attack against a U.S. fuel company, Colonial Pipeline, that carries nearly half… | Ransomware | ||
|
2021-05-14 10:38:11 | Colonial Pipeline Pays $5 Million Ransom (lien direct) | It has been announced that Colonial Pipeline reportedly paid the ransomware group responsible for a cyberattack last week close to $5 million to decrypt locked systems. On Thursday, Bloomberg reported that two people close… | Ransomware | ||
|
2021-05-14 10:37:45 | (Déjà vu) DarkSide ransomware servers reportedly seized, operation shuts down (lien direct) | The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. [...] | Ransomware Threat | ||
|
2021-05-14 10:37:45 | DarkSide ransomware servers reportedly seized, REvil restricts targets (lien direct) | The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. [...] | Ransomware Threat | ||
 |
2021-05-14 10:33:26 | 2021 Verizon Data Breach Investigations Report Proves That Cybercrime Continued to Thrive During the Pandemic (lien direct) |  Verizon recently published its 2021 Data Breach Investigations Report (DBIR). This year, Verizon analyzed 79,635 incidents, of which 29,207 met their quality standards and 5,258 were confirmed data breaches, from 88 countries around the world.
Despite the global pandemic, the DBIR uncovered that cybercrime continued to thrive. Like previous years, the majority of breaches were financially motivated, and most were caused by external actors illegally accessing data.
Phishing, ransomware, and web app attacks ??ヲ Oh my!
Phishing and ransomware attacks, along with the continued high number of web application attacks, dominated the data breaches for 2021. Phishing attacks were present in a whopping 36 percent of breaches in this year???s dataset, representing an 11 percent increase from last year.
Ransomware attacks increased by 6 percent, accounting for 10 percent of breaches. This increase can likely be attributed to new tactics where ransomware now steals the data as it encrypts it. Ransomware has also proven to be very efficient for cybercriminals. It doesn???t take a lot of hands on keyboards and it???s a relatively easy way for cybercriminals to make a quick buck.
Web applications made up 39 percent of all data breaches. Most of the web applications attacked were cloud-based, which isn???t surprising giving the increased shift to digital during the pandemic. The majority of web application attacks were through stolen credentials or brute-force attacks. 95 percent of organizations that suffered a credentials management attack experienced between 637 to 3.3 billion malicious login attempts throughout the year.
If you look at breaches by region, EMEA ??? comprised of Europe, the Middle East, and Africa ??? had the highest proportion of web application attacks. This is the second year in a row that web applications accounted for the majority (54 percent) of breaches in EMEA. Not surprisingly, the most commonly breached data type in EMEA was credentials ??? which goes hand-in-hand with web attacks.ツ?
In Asia, web application attacks fell second to social engineering attacks and in North America, web application attacks fell third ??? behind social engineering and system intrusion.
Web application threats were also prevalent across the 11 examined industries, especially in the information industry. The retail industry, which has notoriously been susceptible to web application attacks, has decreased its proportion of web application breaches.
What can organizations do to prevent web application attacks? |
Ransomware Data Breach | ||
 |
2021-05-14 10:32:09 | DarkSide Ransomware Victims Sold Short (lien direct) | 
Over the past week we have seen a considerable body of work focusing on DarkSide, the ransomware responsible for the recent gas pipeline shutdown. Many of the excellent technical write-ups will detail how it operates an affiliate model that supports others to be involved within the ransomware business model (in addition to the developers). While […]
|
Ransomware | ||
|
2021-05-14 09:53:26 | Report: Colonial Pipeline paid ransomware attackers $5 million, but still had to rely on its own backups (lien direct) | Bloomberg reports that the extortionists of Colonial Pipeline received almost $5 million worth of cryptocurrency, but that the tool they provided to decrypt IT systems wasn't up to the job. | Ransomware Tool | ||
|
2021-05-14 09:12:50 | (Déjà vu) Scumbag ransomware attackers hit Irish Health Service (lien direct) | Earlier today, Ireland's health service (the HSE) shut down all of its IT systems following what they describes as a “significant ransomware attack.” | Ransomware | ||
|
2021-05-14 08:49:34 | QNAP warns of eCh0raix ransomware attacks, Roon Server zero-day (lien direct) | QNAP warns customers of an actively exploited Roon Server zero-day bug and eCh0raix ransomware attacks targeting their Network Attached Storage (NAS) devices, just two weeks after alerting them of an ongoing AgeLocker ransomware outbreak. [...] | Ransomware |
To see everything:
Our RSS (filtrered)
