What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-16 06:11:08 | Threat Trend Report on Region-Specific Ransomware (lien direct) | Background Currently, ransomware creators include individuals, cyber criminal gangs and state-supported groups. Out of these individuals and groups, cyber criminal gangs are the most proactive in ransomware development, while individuals and state-supported groups are less so. Privately developed ransomware is most often for research purposes with the intention of destroying data. Some state-sponsored threat groups also develop ransomware. The purpose of these cases is not for financial gain either but for data destruction, and Wipers, which do not allow recovery,... | Ransomware Threat Prediction | ★★ | |
|
2023-03-15 23:55:25 | ASEC Weekly Malware Statistics (March 6th, 2023 – March 12th, 2023) (lien direct) | AhnLab Security response Center (ASEC) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 6th, 2023 (Monday) to March 12th, 2023 (Sunday). For the main category, Infostealer ranked top with 52.6%, followed by backdoor with 27.6%, downloader with 15.7%, ransomware with 3.0%, CoinMiner with 0.7%, and banking malware with 0.4%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 25.4%. It leaks... | Ransomware Malware | ★★ | |
 |
2023-03-15 21:12:00 | Hornetsecurity Launches VM Backup V9 (lien direct) | Hornetsecurity research highlights that more than 1 in 4 companies have fallen victim to ransomware attacks, with 14.1% losing data and 6.6% paying a ransom. | Ransomware | ★★ | |
 |
2023-03-15 18:12:47 | Share of Ransomware Funds Being Funneled to Popular Exchanges Soared to 48.3% In 2022 (lien direct) | Share of Ransomware Funds Being Funneled to Popular Exchanges Soared to 48.3% In 2022 - Malware Update | Ransomware | ★★ | |
|
2023-03-15 17:49:06 | WithSecure™: Chinese cyber crime tool acquired by Russian ransomware gangs (lien direct) | WithSecure™: Chinese cyber crime tool acquired by Russian ransomware gangs - Malware Update | Ransomware Tool | ★ | |
|
2023-03-15 17:27:46 | Troisième édition de l\'étude " ransomware " Cybereason : Les SOC modernes face aux attaques par ransomwares (lien direct) | Troisième édition de l'étude " ransomware " Cybereason : Les SOC modernes face aux attaques par ransomwares. La nouvelle étude de Cybereason révèle que les attaques par ransomwares et la pénurie de main-d'œuvre sont des leviers pour l'évolution des SOC (centres d'opérations de sécurité) - Investigations | Ransomware Studies | ★★★ | |
|
2023-03-15 17:10:42 | WithSecure : Un outil de piratage chinois acquis par des hackers russes spécialistes du ransomware (lien direct) | WithSecure : Un outil de piratage chinois acquis par des hackers russes spécialistes du ransomware L'outil chinois SILKLOADER est désormais utilisé par des hackers russes. En documentant ce transfert d'outil, WithSecure révèle les coopérations qui ont lieu dans le monde de la cybercriminalité. - Malwares | Ransomware General Information | ★★★ | |
 |
2023-03-15 14:50:26 | LockBit ransomware claims Essendant attack, company says “network outage” (lien direct) | LockBit ransomware has claimed a cyber attack on Essendant, a wholesale distributer of office products after a "significant" and ongoing outage knocked the company's operations offline. [...] | Ransomware | ★★ | |
 |
2023-03-15 12:17:00 | Ransomware gang exploited a zero-day in Microsoft security feature, Google says (lien direct) |
Financially motivated hackers are using a previously undocumented bug in Microsoft's SmartScreen security feature to spread the Magniber ransomware, according to a new report. The cybercriminals have been able to exploit the zero-day vulnerability in SmartScreen since December, researchers from Google's Threat Analysis Group (TAG) said. The Google team [reported](https://blog.google/threat-analysis-group/magniber-ransomware-actors-used-a-variant-of-microsoft-smartscreen-bypass/) its findings about the bug |
Ransomware Vulnerability Threat Threat | ★★ | |
 |
2023-03-15 11:30:00 | 5 Steps to More Effective Ransomware Response (lien direct) |
|
Ransomware Ransomware | ★★★ | |
 |
2023-03-15 09:41:52 | Data Security Firm Rubrik Targeted With GoAnywhere Zero-Day Exploit (lien direct) | >Cybersecurity firm Rubrik has confirmed being hit by the GoAnywhere zero-day exploit after the Cl0p ransomware group named the company on its leak website. | Ransomware | ★★ | |
|
2023-03-14 20:36:00 | Hackers used Fortra zero-day to steal sales data from cloud management giant Rubrik (lien direct) |
Cloud data management giant Rubrik confirmed that hackers attacked the company using a vulnerability in a popular file transfer tool. The Clop ransomware group – which has been the primary force behind the [exploitation of a vulnerability](https://therecord.media/forta-goanywhere-mft-file-transfer-zero-day) affecting Fortra's GoAnywhere Managed File Transfer product – added Rubrik to its list of victims on Tuesday. A |
Ransomware Vulnerability Cloud | ★★ | |
|
2023-03-14 19:58:00 | LockBit Threatens to Leak Stolen SpaceX Schematics (lien direct) | The ransomware group sent a message directly to Elon Musk: Pay or the confidential SpaceX information goes up for grabs on the Dark Web. | Ransomware | ★★★ | |
 |
2023-03-14 19:57:32 | Cancer patient sues medical provider after ransomware group posts her photos online (lien direct) | >The suit comes about six weeks after the ransomware threatened to post sensitive material online if they weren't paid. | Ransomware Medical | ★★★ | |
|
2023-03-14 19:51:27 | CISA Trials Ransomware Warning System for Critical Infrastructure Orgs (lien direct) | An agency team will identify vulnerabilities being exploited by ransomware groups and alert organizations ahead of attacks, CISA says. | Ransomware | ★★ | |
 |
2023-03-14 17:32:00 | Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam (lien direct) |
Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam, and More.
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Android, APT, DLL side-loading, Iran, Linux, Malvertising, Mobile, Pakistan, Ransomware, and Windows. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Xenomorph V3: a New Variant with ATS Targeting More Than 400 Institutions
(published: March 10, 2023)
Newer versions of the Xenomorph Android banking trojan are able to target 400 applications: cryptocurrency wallets and mobile banking from around the World with the top targeted countries being Spain, Turkey, Poland, USA, and Australia (in that order). Since February 2022, several small, testing Xenomorph campaigns have been detected. Its current version Xenomorph v3 (Xenomorph.C) is available on the Malware-as-a-Service model. This trojan version was delivered using the Zombinder binding service to bind it to a legitimate currency converter. Xenomorph v3 automatically collects and exfiltrates credentials using the ATS (Automated Transfer Systems) framework. The command-and-control traffic is blended in by abusing Discord Content Delivery Network.
Analyst Comment: Fraud chain automation makes Xenomorph v3 a dangerous malware that might significantly increase its prevalence on the threat landscape. Users should keep their mobile devices updated and avail of mobile antivirus and VPN protection services. Install only applications that you actually need, use the official store and check the app description and reviews. Organizations that publish applications for their customers are invited to use Anomali's Premium Digital Risk Protection service to discover rogue, malicious apps impersonating your brand that security teams typically do not search or monitor.
MITRE ATT&CK: [MITRE ATT&CK] T1417.001 - Input Capture: Keylogging | [MITRE ATT&CK] T1417.002 - Input Capture: Gui Input Capture
Tags: malware:Xenomorph, Mobile, actor:Hadoken Security Group, actor:HadokenSecurity, malware-type:Banking trojan, detection:Xenomorph.C, Malware-as-a-Service, Accessibility services, Overlay attack, Discord CDN, Cryptocurrency wallet, target-industry:Cryptocurrency, target-industry:Banking, target-country:Spain, target-country:ES, target-country:Turkey, target-country:TR, target-country:Poland, target-country:PL, target-country:USA, target-country:US, target-country:Australia, target-country:AU, malware:Zombinder, detection:Zombinder.A, Android
Cobalt Illusion Masquerades as Atlantic Council Employee
(published: March 9, 2023)
A new campaign by Iran-sponsored Charming Kitten (APT42, Cobalt Illusion, Magic Hound, Phosphorous) was detected targeting Mahsa Amini protests and researchers who document the suppression of women and minority groups i |
Ransomware Malware Tool Vulnerability Threat Guideline Conference | APT 35 ChatGPT ChatGPT APT 36 APT 42 | ★★ |
 |
2023-03-14 17:22:00 | The Prolificacy of LockBit Ransomware (lien direct) | Today, the LockBit ransomware is the most active and successful cybercrime organization in the world. Attributed to a Russian Threat Actor, LockBit has stepped out from the shadows of the Conti ransomware group, who were disbanded in early 2022. LockBit ransomware was first discovered in September 2019 and was previously known as ABCD ransomware because of the ".abcd virus" extension first | Ransomware Threat | ★★★ | |
 |
2023-03-14 16:30:00 | CISA Creates New Ransomware Vulnerability Warning Program (lien direct) | The Agency will warn critical infrastructure entities to enable mitigation before an incident | Ransomware Vulnerability | ★★★ | |
|
2023-03-14 15:34:00 | CISA unveils ransomware warning pilot for critical infrastructure (lien direct) |
The Cybersecurity and Infrastructure Security Agency (CISA) on Monday unveiled an effort that will collect data about commonly exploited vulnerabilities in ransomware attacks and alert critical infrastructure operators of the risks. [The Ransomware Vulnerability Warning Pilot](https://www.cisa.gov/stopransomware/Ransomware-Vulnerability-Warning-Pilot) launched Jan. 30 and was mandated under the sweeping cyber incident reporting [legislation](https://therecord.media/biden-signs-cyber-incident-reporting-bill-into-law) President Joe Biden signed into law |
Ransomware Vulnerability | ★★★ | |
|
2023-03-14 14:14:38 | CISA tests ransomware alert system to safeguard vulnerable organizations (lien direct) | >The Cybersecurity and Infrastructure Security Agency launched a ransomware warning pilot for critical infrastructure owners and operators. | Ransomware | ★★ | |
 |
2023-03-14 13:00:00 | CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears (lien direct) |
CyberheistNews Vol 13 #11 | March 14th, 2023
[Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes.
I'm giving you a short extract of the story and the link to the whole article is below.
"Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn't in place for the service.
"In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential info, client data, source code, or regulated information to the LLM.
"In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company.
"And as more employees use ChatGPT and other AI-based services as productivity tools, the risk will grow, says Howard Ting, CEO of Cyberhaven.
"'There was this big migration of data from on-prem to cloud, and the next big shift is going to be the migration of data into these generative apps," he says. "And how that plays out [remains to be seen] - I think, we're in pregame; we're not even in the first inning.'"
Your employees need to be stepped through new-school security awareness training so that they understand the risks of doing things like this.
Blog post with links:https://blog.knowbe4.com/employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blockl |
Ransomware Data Breach Spam Malware Threat Guideline Medical | ChatGPT ChatGPT | ★★ |
|
2023-03-14 12:34:00 | Amazon-owned Ring denies \'ransomware event\' following darknet listing (lien direct) |
The smart doorbell and security camera company Ring has denied that it suffered a ransomware attack after the company was listed on a prominent ransomware gang's extortion site. The ALPHV ransomware group, also known as BlackCat, added the listing for Ring to its site late on Monday evening, adding: “There's always an option to let |
Ransomware | ★★★ | |
|
2023-03-14 12:23:00 | Ring Denies Falling Victim to Ransomware Attack (lien direct) | >Ring says it has no indications it has fallen victim to a ransomware attack after cybergang threatens to publish supposedly stolen data. | Ransomware | ★★★ | |
|
2023-03-14 10:30:00 | LA Housing Authority Suffers Year-Long Breach (lien direct) | LockBit ransomware group stole data and encrypted files | Ransomware | ★★ | |
|
2023-03-14 10:00:00 | New Study: Ransomware Driving SOC Modernization Requirements (lien direct) |
|
Ransomware | ★★★ | |
|
2023-03-13 23:31:00 | Mallox Ransomware Being Distributed in Korea (lien direct) | AhnLab Security Emergency response Center (ASEC) has recently discovered the distribution of the Mallox ransomware during the team’s monitoring. As covered before, Mallox, which targets vulnerable MS-SQL servers, has historically been distributed at a consistently high rate based on AhnLab’s statistics. The malware disguised as a program related to DirectPlay is a file built in .NET which, as shown in Figure 3, connects to a certain address, downloads additional malware, and runs it in the memory. If this address cannot... | Ransomware Malware | ★★★ | |
|
2023-03-13 15:51:33 | LA housing authority discloses data breach after ransomware attack (lien direct) | The Housing Authority of the City of Los Angeles (HACLA) is warning of a "data security event" after the LockBit ransomware gang targeted the organization and leaked data stolen in the attack. [...] | Ransomware Data Breach | ★★ | |
|
2023-03-13 09:30:00 | Blackbaud Settles $3m Charge Over Ransomware Attack (lien direct) | SEC claims company filed misleading disclosures | Ransomware Guideline | ★★ | |
|
2023-03-12 11:12:06 | Medusa ransomware gang picks up steam as it targets companies worldwide (lien direct) | A ransomware operation known as Medusa has begun to pick up steam in 2023, targeting corporate victims worldwide with million-dollar ransom demands. [...] | Ransomware | ★★★ | |
|
2023-03-10 17:02:50 | Blackbaud Fined $3M For \'Misleading Disclosures\' About 2020 Ransomware Attack (lien direct) | >Blackbaud has been slapped with a $3 million civil penalty by the SEC for "making misleading disclosures" about a 2020 ransomware attack that impacted more than 13,000 customers. | Ransomware Guideline | ★★ | |
|
2023-03-10 16:30:00 | IceFire Ransomware Targets Linux Enterprise Networks (lien direct) | The campaign leveraged the exploitation of a flaw in IBM's Aspera Faspex file-sharing software | Ransomware | ★★ | |
|
2023-03-10 12:00:00 | Ransomware tracker: the latest figures [March 2023] (lien direct) |
* Note: this Ransomware Tracker is updated on the 10th day of each month to stay current * Unlike past years, cybercriminals didn't take a break over the winter holidays. The number of victims posted on ransomware extortion sites rose more than 20% in December to 241 organizations - the highest monthly count since April, |
Ransomware | ★★ | |
|
2023-03-10 11:30:18 | Blackbaud to pay $3M for misleading ransomware attack disclosure (lien direct) | Cloud software provider Blackbaud has agreed to pay $3 million to settle charges brought by the Securities and Exchange Commission (SEC), alleging that it failed to disclose the full impact of a 2020 ransomware attack that affected more than 13,000 customers. [...] | Ransomware Cloud | ★★ | |
|
2023-03-09 21:47:10 | IceFire Ransomware Portends a Broader Shift From Windows to Linux (lien direct) | IceFire has changed up its OS target in recent cyberattacks, emblematic of ransomware actors increasingly targeting Linux enterprise networks, despite the extra work involved. | Ransomware | ★★ | |
 |
2023-03-09 21:19:11 | New Rise In ChatGPT Scams Reported By Fraudsters (lien direct) | Since the release of ChatGPT, the cybersecurity company Darktrace has issued a warning, claiming that a rise in criminals utilizing artificial intelligence to craft more intricate schemes to defraud employees and hack into organizations has been observed. The Cambridge-based corporation said that AI further enabled “hacktivist” cyberattacks employing ransomware to extract money from businesses. The […] | Ransomware Hack | ChatGPT ChatGPT | ★★ |
|
2023-03-09 20:41:03 | Medusa Gang Video Shows Minneapolis School District\'s Ransomed Data (lien direct) | Much like a hostage's proof-of-life video, the ransomware gang offers the film as verification that it has the goods, and asks $1 million for the data. | Ransomware | ★★ | |
|
2023-03-09 20:15:00 | Canadian military: Ransomware attack on contractor didn\'t touch defense systems (lien direct) |
Canada's defense department confirmed Thursday that its systems were not affected by a ransomware attack on engineering giant Black & McDonald. Black & McDonald did not respond to repeated requests for comment, but a spokesperson for Canada's Department of National Defence told The Record that it was aware of a ransomware attack on the company. |
Ransomware | ★★★ | |
|
2023-03-09 19:31:00 | IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks (lien direct) | A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. The intrusions entail the exploitation of a recently disclosed deserialization vulnerability in IBM Aspera Faspex file-sharing software (CVE-2022-47986, CVSS score: 9.8), according to | Ransomware Vulnerability | ★★★ | |
|
2023-03-09 16:51:41 | IceFire ransomware returns: Now targeting Linux enterprise networks (lien direct) | IceFire ransomware returns: Now targeting Linux enterprise networks - Malware Update | Ransomware | ★★ | |
|
2023-03-09 16:02:20 | 76 % des vulnérabilités actuellement exploitées par les groupes-pirates usant de ransomwares ont été découvertes avant 2020, d\'après le Ransomware Report Ivanti (lien direct) | 76 % des vulnérabilités actuellement exploitées par les groupes-pirates usant de ransomwares ont été découvertes avant 2020, d'après le Ransomware Report Ivanti. Cette enquête commune de Cyber Security Works, Ivanti, Cyware et Securin identifie, entre autres, 56 nouvelles vulnérabilités associées aux ransomwares, soit un total de 344 menaces de ransomware fin 2022. - Investigations | Ransomware | ★★★ | |
 |
2023-03-09 13:58:50 | Retourne du ransomware de feu sur glace |Ciblant maintenant Linux Enterprise Networks IceFire Ransomware Returns | Now Targeting Linux Enterprise Networks (lien direct) |
La nouvelle version Linux du Ransomware de feu glacé a été observée dans les récentes intrusions de réseaux de médias et de divertissement.
New Linux version of the IceFire ransomware have been observed in recent network intrusions of media and entertainment enterprises. |
Ransomware | ★★★ | |
 |
2023-03-09 12:21:50 | Evolution of Ransomware: So Far and Hereafter (lien direct) | >By SOCRadar Research Ransomware attacks have become a potential threat to all enterprises, regardless of... | Ransomware Threat | ★★★★ | |
 |
2023-03-09 00:00:00 | Examining Ransomware Payments From a Data-Science Lens (lien direct) | In this entry, we discuss case studies that demonstrated how data-science techniques were applied in our investigation of ransomware groups' ransom transactions, as detailed in our joint research with Waratah Analytics, “What Decision-Makers Need to Know About Ransomware Risk.” | Ransomware Studies | ★★★ | |
|
2023-03-08 23:00:00 | Decryptable iswr Ransomware Being Distributed in Korea (lien direct) | ASEC (AhnLab Security Emergency response Center) has recently discovered the distribution of the iswr ransomware during the team’s monitoring. A characteristic of iswr is the fact that it adds the iswr extension at the end of filenames after the files have been encrypted. The ransom note of this ransomware has the same format as the STOP ransomware, but when it comes to its encryption method along with the extensions and folders that are targeted, its operation routine differs greatly from... | Ransomware | ★★ | |
 |
2023-03-08 21:31:48 | Limited distribution: Oakland City Hall (11.7 GB) (lien direct) | Emails and files from the PLAY ransomware attack on Oakland City Hall, a large city in California with a long history of police abuses. | Ransomware | ★★ | |
 |
2023-03-08 19:23:33 | Addressing TSA\'s Aviation Security Emergency Mandates for Airlines and Airports (lien direct) | >The Department of Homeland Security (DHS) and its Transportation Security Administration (TSA) have issued a handful of sector-specific cybersecurity directives over the last eighteen months. The effort began as a response to the 2021 ransomware attack on the Colonial Pipeline, which became a catalyst for the first major security directive for pipeline owners and operators. […] | Ransomware | ★★ | |
|
2023-03-08 15:55:00 | Ransomware group says it stole student data from Minneapolis Public Schools (lien direct) |
The ransomware group behind an [attack on Minneapolis Public Schools](https://therecord.media/minneapolis-public-schools-still-investigating-what-caused-encryption-event) posted a public video allegedly showing screenshots of stolen data after the school district said it was using backups to recover from the incident. The school district – which serves about 34,500 students – faced disruptions last week after a ransomware attack damaged some systems. |
Ransomware | ★★ | |
|
2023-03-08 12:37:04 | Ransomware gang posts video of data stolen from Minneapolis schools (lien direct) | The Medusa ransomware gang is demanding a $1,000,000 ransom from the Minneapolis Public Schools (MPS) district to delete data allegedly stolen in a ransomware attack. [...] | Ransomware | ★★★ | |
|
2023-03-08 02:35:18 | ASEC Weekly Malware Statistics (February 27th, 2023 – March 5th, 2023) (lien direct) | The ASEC (AhnLab Security response Center) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 27th, 2023 (Monday) to March 5th, 2023 (Sunday). For the main category, backdoor ranked top with 51.4%, followed by Infostealer with 31.2%, downloader with 16.5%, and ransomware with 0.9%. Top 1 – RedLine RedLine ranked first place with 41.0%. The malware steals various information such as web browsers, FTP clients, cryptocurrency... | Ransomware Malware | ★★ | |
|
2023-03-08 00:00:00 | Security Patch Management Strengthens Ransomware Defense (lien direct) | With thousands of applications to manage, enterprises need an effective way to prioritize software security patches. That calls for a contextualized, risk-based approach and good overall attack surface risk management. | Ransomware | ★★ |
To see everything:
Our RSS (filtrered)
