What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-03-11 13:43:18 | Faits saillants hebdomadaires OSINT, 11 mars 2024 Weekly OSINT Highlights, 11 March 2024 (lien direct) |
## Weekly OSINT Highlights, 11 March 2024 The OSINT reporting last week underscores several prevalent trends in cyber threats. Firstly, ransomware continues to be a significant threat, with groups like GhostSec conducting double extortion attacks and offering RaaS programs, while threat actors like SocGholish exploit vulnerabilities in web platforms like WordPress. Additionally, phishing remains a persistent tactic, exemplified by the discovery of the CryptoChameleon kit targeting cryptocurrency platforms and governmental agencies. Furthermore, attackers are targeting misconfigured servers and leveraging 1-day vulnerabilities to conduct various malicious activities, from cryptocurrency mining to unauthorized data collection. These trends emphasize the evolving tactics and motivations of cyber threat actors, highlighting the need for robust cybersecurity measures and vigilance across various sectors and platforms. 1. **[SocGholish Malware Targeting WordPress](https://security.microsoft.com/intel-explorer/articles/0218512b?)**: WordPress websites are targeted by SocGholish malware, initiating with a JavaScript malware framework and leading to potential ransomware infections, often through compromised administrator accounts. 2. **[GhostSec Ransomware Activities Surge](https://security.microsoft.com/intel-explorer/articles/ee5a4e56?)**: GhostSec, a financially motivated hacking group, collaborates with Stormous ransomware in double extortion attacks across various business verticals, offering a ransomware-as-a-service (RaaS) program, with a surge in activities observed recently. 3. **[CryptoChameleon Phishing Kit](https://security.microsoft.com/intel-explorer/articles/9227be0c?)**: Lookout uncovers the CryptoChameleon phishing kit, adept at stealing sensitive data from cryptocurrency platforms and the FCC, utilizing custom single sign-on (SSO) pages and SMS lures, primarily targeting victims in the United States. Notably, the kit includes an administrative console to monitor phishing attempts and offers customized redirections based on victims\' responses, with an emphasis on mimicking authentic MFA processes. 4. **[Malware Campaign Targeting Misconfigured Servers](https://security.microsoft.com/intel-explorer/articles/68797fe5?)**: Cado Security Labs discovers a malware campaign targeting misconfigured servers, leveraging unique payloads and exploiting n-day vulnerabilities for Remote Code Execution (RCE) attacks and cryptocurrency mining. 5. **[Earth Kapre Espionage Group](https://security.microsoft.com/intel-explorer/articles/d2d46a48?)**: Trend Micro exposes the Earth Kapre espionage group, conducting phishing campaigns across multiple countries, with malicious attachments leading to unauthorized data collection and transmission to command-and-control (C&C) servers. 6. **[Magnet Goblin Exploiting 1-Day Vulnerabilities](https://security.microsoft.com/intel-explorer/articles/11616c16?)**: Check Point identifies Magnet Goblin\'s financially motivated attacks, rapidly adopting 1-day vulnerabilities, particularly targeting Ivanti Connect Secure VPN, with a diverse arsenal including a Linux version of NerbianRAT and JavaScript credential stealers. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog) and the following blog posts: - [Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself](https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/?ocid=magicti_ta_blog#defending-against-ransomware) - [Cryptojacking: Understanding and defending against cloud compute resource abuse](https://www.microsoft.com/en-us/security/blog/2023/07/25/cryptojacking-understanding-and-defending-against-cloud-compute-resource-abuse/) Microsoft customers can use the following reports in Mi | Ransomware Malware Tool Vulnerability Threat Prediction Cloud | ★★★ | |
 |
2024-03-11 13:30:06 | La bibliothèque britannique pousse le bouton nuage British Library pushes the cloud button, says legacy IT estate cause of hefty rebuild (lien direct) |
cinq mois après et la récupération de la gigantesque post-ransomware a à peine commencé La bibliothèque britannique dit que l'héritage est le facteur écrasant retardant les efforts pour se remettre de l'attaque du ransomware de Rhysida à la fin de 2023.…
Five months in and the mammoth post-ransomware recovery has barely begun The British Library says legacy IT is the overwhelming factor delaying efforts to recover from the Rhysida ransomware attack in late 2023.… |
Ransomware Cloud | ★★★ | |
 |
2024-03-11 10:00:00 | La préparation aux incidents est cruciale pour les gouvernements des États et locaux Incident readiness is crucial for state and local governments (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The current cybersecurity landscape: Navigating threats and safeguarding local government operations Local governments in the United States faced a surge in cyber threats during the latter half of 2023, with over 160 cybersecurity incidents impacting the State, Local, and Education (SLED) sectors. Alarming statistics reveal that many of these incidents were ransomware attacks (45%) and data breaches (37%). As custodians of vast amounts of personal and private information, local governments are entrusted with safeguarding sensitive data against evolving cyber threats. The urgency of cybersecurity incident readiness becomes paramount in this landscape, where the consequences of breaches extend beyond operational disruptions. Protecting sensitive data is not just a matter of legal compliance; it is crucial for preserving privacy and upholding public trust. A breach can lead to severe legal consequences and reputational damage. Demonstrating a commitment to robust cybersecurity practices not only safeguards sensitive information but also enhances confidence in state and local government reassuring community stakeholders that their data is secure. Operational continuity is equally critical, as local governments play a vital role in delivering essential services to communities. Cybersecurity incidents have the potential to disrupt operations, causing service outages and delays. Therefore, the importance of effective incident readiness cannot be overstated, as it helps to maintain the uninterrupted delivery of crucial services and fortifies the resilience of local governments in the face of escalating cyber threats. | Ransomware Threat | ★★ | |
 |
2024-03-11 06:00:16 | How Proofpoint aide les agences gouvernementales fédérales à se défendre contre les cybercriminels et les menaces d'initiés How Proofpoint Helps Federal Government Agencies Defend Against Cybercriminals and Insider Threats (lien direct) |
Protecting people and defending data are ongoing priorities for federal agencies whose missions are constantly under attack. These entities struggle to keep pace with an array of potent threats, like insiders who steal secrets about missile technology and threat actors who use living off the land techniques (LOTL). Proofpoint can provide agencies with a critical edge in their efforts to defend data from risky users and detect real-time identity threats. Products to help with these challenges include: Proofpoint Insider Threat Management Proofpoint Identity Threat Defense This blog takes a closer look at these products and how they help our federal customers. Understand the context behind user behavior with Proofpoint ITM Across all levels of government, data loss is costly-these incidents have cost agencies $26 billion over the past eight years. A critical first step toward preventing data loss and risky behavior is to understand that data does not lose itself. People lose it. Employees, third parties and contractors have access to more data than ever-on their laptops, in email and the cloud. But you can\'t reduce the risk of insider threats without first understanding the context behind user behavior. Context also helps you to choose the best response when an insider-led incident occurs, whether it\'s due to a malicious, compromised or careless user. Proofpoint ITM can help you gain that vital context. It also helps you to move swiftly to address insider threats. Here\'s how: Get a clear picture of threats. You can gain complete context into users and their data activity on endpoints, and web and cloud applications. User attribution is easy thanks to a clear, visual timeline and flexible, real-time screenshots. Identify risks proactively. Proofpoint includes preconfigured indicators of risk that can help you catch user activities in real time, like data exfiltration, privilege abuse, unauthorized access and security controls bypass. The out-of-the-box Insider Threat Library was built using feedback from our customers as well as guidelines from NIST, MITRE and the CERT Division of the Software Engineering Institute at Carnegie Mellon. Investigate faster. You can investigate incidents with more efficiency when you can see user intent. With Proofpoint ITM, you can gather, package and export the evidence (who, what, where, when and user intent) and share it easily with groups outside of security such as HR, legal and privacy. This saves time and reduces the cost of investigations. Get better time to value. Proofpoint ITM has a single, lightweight user-mode agent that is easy to install and invisible to your users. With a converged DLP and ITM solution, you can monitor everyday and risky users. Gain efficiencies and manage risks Here are more ways that Proofpoint ITM helps federal agencies: Manage alert rules efficiently. Alert rules are grouped by categories and assigned to user lists, which streamlines management. Comply with privacy laws. Agencies can protect privacy by anonymizing users in the dashboard, which helps eliminate bias in investigations. Manage risks at a department level. Large agencies can manage employee risks based on their department or group by using Active Directory group-based permissions. Each group has a dedicated security team member or manager. Meet zero trust and CMMC needs Agencies can use ITM to meet their zero trust and Cybersecurity Maturity Model Certification (CMMC) needs as well. Proofpoint ITM capabilities support several pillars of Zero Trust and more than seven domains of CMMC. For Zero Trust, Proofpoint ITM helps agencies align to these pillars: Department of Defense: Data and Visibility and Analytics Pillar Cybersecurity and Infrastructure Security Agency: Data and Devices Pillars Proofpoint Information Protection products help our customers with these CMMC domains: Access Controls Asset Management Audit and Accountability Configuration Management Incident Response Media Protect | Ransomware Vulnerability Threat Cloud | ★★★ | |
 |
2024-03-11 00:01:00 | Les défaillances des ransomwares du gouvernement britannique laissent le pays \\ 'exposé et non préparé \\' UK government\\'s ransomware failings leave country \\'exposed and unprepared\\' (lien direct) |
Le gouvernement britannique a été accusé par un comité parlementaire de prendre la «stratégie d'autruche» en enfouissant sa tête dans le sable sur la cyber-menace nationale «grande et imminente» posée par le ransomware.La critique suit l'édition gouvernementale lundi sa réponse officielle à une Rapport du comité conjoint de la sécurité nationale
The British government has been accused by a parliamentary committee of taking the “ostrich strategy” by burying its head in the sand over the “large and imminent” national cyber threat posed by ransomware. The criticism follows the government publishing on Monday its formal response to a report from the Joint Committee on the National Security |
Ransomware Threat | ★★ | |
|
2024-03-08 14:33:09 | Changer les registres des soins de santé Pulse après une attaque de ransomware paralysante Change Healthcare registers pulse after crippling ransomware attack (lien direct) |
Les services restants devraient revenir dans les prochaines semaines après que 22 millions de dollars alphv rançonnent Change Healthcare a fait les premiers pas vers une récupération complète de l'attaque du ransomware en février en ramenant ses services de prescription électronique en ligne.… | Ransomware Medical | ★★★ | |
 |
2024-03-08 13:35:11 | Changer les soins de santé restaure les services de pharmacie perturbés par les ransomwares Change Healthcare Restores Pharmacy Services Disrupted by Ransomware (lien direct) |
> Changer Healthcare dit qu'il a fait des progrès significatifs dans la restauration des systèmes touchés par une récente attaque de ransomware.
>Change Healthcare says it has made significant progress in restoring systems impacted by a recent ransomware attack. |
Ransomware Medical | ★★ | |
 |
2024-03-08 12:54:22 | UnitedHealth ramène des services de pharmacie de santé en ligne UnitedHealth brings some Change Healthcare pharmacy services back online (lien direct) |
Le changement de santé d'Optum \\ a commencé à ramener les systèmes en ligne après avoir subi une attaque par ransomware de Blackcat paralysant le mois dernier, ce qui a entraîné une perturbation généralisée du système de santé américain.[...]
Optum\'s Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system. [...] |
Ransomware Medical | ★★★ | |
 |
2024-03-08 12:42:54 | Production de bière DUVEL frappée par la cyber-attaque Production of Duvel beer hit by cyber-attack (lien direct) |
Une attaque suspectée de ransomware a laissé le brasseur belge incapable de faire de la bière sur quatre de ses sites.
A suspected ransomware attack has left the Belgian brewer unable to make beer at four of its sites. |
Ransomware | ★★ | |
|
2024-03-08 12:35:12 | Sécurité du fromage suisse?Jouer au gang ransomware lait le gouvernement de 65 000 fichiers Swiss cheese security? Play ransomware gang milks government of 65,000 files (lien direct) |
Docs classifiés, mots de passe lisibles et des milliers d'informations personnelles décontiquées dans une violation de Xplain Le gouvernement suisse avait environ 65 000 fichiers liés à celle volée par le gang de ransomware de jeu lors d'une attaque contre un fournisseur informatique, son fournisseurLe National Cyber Security Center (NCSC) dit.…
Classified docs, readable passwords, and thousands of personal information nabbed in Xplain breach The Swiss government had around 65,000 files related to it stolen by the Play ransomware gang during an attack on an IT supplier, its National Cyber Security Center (NCSC) says.… |
Ransomware | ★★★ | |
|
2024-03-07 22:25:49 | Jouez des ransomwares divulgués 65 000 documents du gouvernement suisse, les résultats de l'enquête Play ransomware leaked 65,000 Swiss government documents, investigation finds (lien direct) |
Les autorités suisses ont constaté que 65 000 documents gouvernementaux détenant des informations classifiés et des données personnelles sensibles avaient été divulguées à la suite de une attaque de ransomware L'année dernière sur l'un de ses fournisseurs informatiques.Le National Cyber Security Center (NCSC) de Suisse Publié Une brève analyse des données volées lors de l'attaque en mai dernier - lorsque des pirates se sont connectés à la pièce
Swiss authorities have found that 65,000 government documents holding classified information and sensitive personal data were leaked following a ransomware attack last year on one of its IT vendors. Switzerland\'s National Cyber Security Centre (NCSC) published a brief analysis of the data stolen during the attack last May - when hackers connected to the Play |
Ransomware | ★★ | |
|
2024-03-07 21:25:48 | Stormous Ransomware Gang prend le crédit pour l'attaque contre le brasseur belge DUVEL Stormous ransomware gang takes credit for attack on Belgian brewer Duvel (lien direct) |
Le gang de ransomware Stormous a pris le crédit d'une attaque contre un grand producteur de bière belge cette semaine.L'attaque des ransomwares contre la brasserie de Duvel Moortgat affecte les opérations pendant des jours. outouts locaux de presse locaux Et bleepingcomputer a rapporté mercredi que le service informatique de Duvel \\ a détecté l'attaque et fermé les lignes de production.La porte-parole Ellen Aerts a déclaré aux journalistes
The Stormous ransomware gang has taken credit for an attack on a major Belgian beer producer this week. The ransomware attack on Duvel Moortgat Brewery has affected operations for days. Local news outlets and BleepingComputer reported on Wednesday that Duvel\'s IT department detected the attack and shut down production lines. Spokesperson Ellen Aerts told reporters |
Ransomware | ★★ | |
 |
2024-03-07 20:22:08 | L'IA et les ransomwares en tête de liste des cyber-menaces informatiques du marché intermédiaire AI and Ransomware Top the List of Mid-Market IT Cyber Threats (lien direct) |
Un rapport récent révèle un écart important dans les priorités des services informatiques de marché intermédiaire lorsqu'il s'agit de traiter les cybermenaces.
Il est quelque peu ironique que les professionnels informatiques se retrouvent enchevêtrés dans un paradoxe logique lorsqu'ils répondent aux enquêtes, comme le démontre Node4 \\ 's & nbsp; Rapport de priorités informatiques du marché moyen 2024 .Ce rapport met en lumière le fait que deux des trois principales cyber-menaces concernant les services informatiques du marché intermédiaire sont des menaces et des ransomwares basés sur l'IA, les menaces d'initiés se classant comme la principale préoccupation cette année.
A recent report reveals a significant discrepancy in the priorities of mid-market IT departments when it comes to addressing cyber threats.
It\'s somewhat ironic that IT professionals find themselves entangled in a logical paradox when responding to surveys, as demonstrated by Node4\'s Mid-Market IT Priorities Report 2024. This report sheds light on the fact that two of the top three cyber threats concerning mid-market IT departments are AI-based threats and ransomware, with insider threats ranking as the primary concern this year. |
Ransomware | ★★ | |
|
2024-03-07 18:34:17 | Lien chinois possible pour changer l'attaque des ransomwares de soins de santé Possible China link to Change Healthcare ransomware attack (lien direct) |
présumé Crim a acheté SmartScreen Killer, Cobalt Strike sur les marchés sombres un criminel prétendant être un affilié Alphv / BlackCat - le gang responsable de l'infection à un ransomware de santé à changement très perturbateur - peut avoir le mois dernier - peut avoirliens avec les syndicats de cybercriminaux soutenus par le gouvernement chinois.… | Ransomware Medical | ★★ | |
 |
2024-03-07 18:09:36 | Expliquez le piratage après: jouer au ransomware des fuites Xplain Hack Aftermath: Play Ransomware Leaks Sensitive Swiss Government Data (lien direct) |
> Par deeba ahmed
En juin 2023, Xplain, un fournisseur de services informatiques suisses, a été victime d'une cyberattaque revendiquée par le groupe de ransomware de jeu.
Ceci est un article de HackRead.com Lire la publication originale: Aftermath de piratage XPLAIN: Play Ransomware fuit les données du gouvernement suisse sensibles
>By Deeba Ahmed In June 2023, Xplain, a Swiss IT services provider, fell victim to a cyberattack claimed by the Play ransomware group. This is a post from HackRead.com Read the original post: Xplain Hack Aftermath: Play Ransomware Leaks Sensitive Swiss Government Data |
Ransomware Hack | ★★ | |
|
2024-03-07 16:34:52 | JetBrains TeamCity sous attaque par Ransomware Thugs après le désordre de divulgation JetBrains TeamCity under attack by ransomware thugs after disclosure mess (lien direct) |
Plus de 1 000 serveurs restent non corrigés et vulnérables Les chercheurs en sécurité voient de plus en plus des tentatives d'exploitation actives en utilisant les dernières vulnérabilités de JetBrains \\ 'TeamCity qui, dans certains cas, conduisent à un déploiement de ransomwares.…
More than 1,000 servers remain unpatched and vulnerable Security researchers are increasingly seeing active exploit attempts using the latest vulnerabilities in JetBrains\' TeamCity that in some cases are leading to ransomware deployment.… |
Ransomware Vulnerability Threat | ★★ | |
|
2024-03-07 15:27:04 | Suisse: le ransomware de jeu a divulgué 65 000 documents gouvernementaux Switzerland: Play ransomware leaked 65,000 government documents (lien direct) |
Le National Cyber Security Center (NCSC) de Suisse a publié un rapport sur son analyse d'une violation de données à la suite d'une attaque de ransomware contre Xplain, révélant que l'incident a eu un impact sur des milliers de dossiers sensibles du gouvernement fédéral.[...]
The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files. [...] |
Ransomware Data Breach | ★★★ | |
|
2024-03-07 15:15:51 | Ransomware Gang prétend avoir gagné 3,4 millions de dollars après avoir attaqué l'hôpital des enfants \\ Ransomware gang claims to have made $3.4 million after attacking children\\'s hospital (lien direct) |
Un gang de ransomwares prétend avoir vendu des données volées à l'hôpital des enfants à Chicago après l'avoir inscrite sur le Dark Web pour 3,4 millions de dollars.L'attaque le mois dernier contre l'hôpital de Lurie Childre
A ransomware gang is claiming to have sold data stolen from a children\'s hospital in Chicago after listing it on the dark web for $3.4 million. The attack last month on Lurie Children\'s Hospital forced staff to resort to manual processes as officials took the institution\'s entire computer network offline due to what was at |
Ransomware | ★★ | |
 |
2024-03-07 15:10:00 | FBI: les pertes de ransomware américaines augmentent de 74% à 59,6 millions de dollars en 2023 FBI: US Ransomware Losses Surge 74% to $59.6 Million in 2023 (lien direct) |
Les pertes de ransomwares aux États-Unis ont augmenté de 74% à 59,6 millions de dollars en 2023, selon des incidents signalés au FBI
Ransomware losses in the US rose by 74% to $59.6m in 2023, according to reported incidents to the FBI |
Ransomware | ★★ | |
|
2024-03-07 12:45:08 | La brasserie de la légende de la bière belge DUVEL \\ est borkée alors que le ransomware arrête la production Belgian ale legend Duvel\\'s brewery borked as ransomware halts production (lien direct) |
L'entreprise rassure le public qu'elle a suffisamment de bière, s'attend à une récupération rapide avant le week-end Belgian Beer Brewer Duvel a déclaré qu'une attaque de ransomware a amené ses installations à l'arrêt tandis que son équipe informatique travaille pour résoudre les dégâts.…
Company reassures public it has enough beer, expects quick recovery before weekend Belgian beer brewer Duvel says a ransomware attack has brought its facility to a standstill while its IT team works to remediate the damage.… |
Ransomware | ★★ | |
|
2024-03-07 11:20:00 | Les attaquants de ransomware divulguent des documents gouvernementaux suisses sensibles, les informations d'identification de connexion Ransomware Attackers Leak Sensitive Swiss Government Documents, Login Credentials (lien direct) |
Les données sensibles des services gouvernementaux Suisse ont été divulguées par le groupe de ransomwares de jeu après une attaque contre Xplain, y compris des documents classifiés et se connecter aux informations d'identification
Sensitive data from Switzerland government departments were leaked by the Play ransomware group after an attack on Xplain, including classified documents and log in credentials |
Ransomware | ★★ | |
 |
2024-03-07 08:13:37 | 12,5 milliards de dollars perdus dans la cybercriminalité, au milieu du raz de marée de la fraude d'investissement en crypto $12.5 billion lost to cybercrime, amid tidal wave of crypto investment fraud (lien direct) |
Si vous avez été optimiste que les pertes attribuées à la cybercriminalité auraient pu être réduites au cours de la dernière année, il est temps de se réveiller.Le dernier rapport annuel du Centre annuel sur les plaintes de la criminalité sur Internet du FBI \\ vient d'être publié et fait une lecture sombre.Selon le rapport IC3, la fraude en ligne a atteint des pertes record en 2023, le public américain signalant 12,5 milliards de dollars, une augmentation de 22% par rapport à l'année précédente.Cependant, cela ne compte que des crimes signalés au FBI.La vraie figure est probablement beaucoup, beaucoup plus élevée.Alors, quels sont les principaux plats à retenir du rapport?Ransomware I ...
If you have been optimistically daydreaming that losses attributed to cybercrime might have reduced in the last year, it\'s time to wake up. The FBI\'s latest annual Internet Crime Complaint Center (IC3) report has just been published and makes for some grim reading. According to the IC3 report, online fraud hit record losses in 2023, with the American public reporting US $12.5 billion, a 22% increase from the year before. However, this only counts reported crimes to the FBI. The true figure is likely to be much, much higher. So, what are some of the main takeaways from the report? Ransomware I... |
Ransomware | ★★ | |
|
2024-03-06 21:32:29 | La ville canadienne indique que la chronologie de la récupération des attaques de ransomware \\ 'inconnue \\' Canadian city says timeline for recovery from ransomware attack \\'unknown\\' (lien direct) |
Ransomware | ★★★ | ||
 |
2024-03-06 20:33:00 | Arnaque de sortie: Blackcat Ransomware Group disparaît après un paiement de 22 millions de dollars Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout (lien direct) |
Les acteurs de la menace derrière le & nbsp; BlackCat Ransomware & NBSP; ont fermé leur site Web Darknet et ont probablement tiré une arnaque de sortie après avoir téléchargé une bannière de crise d'application de la loi.
"Alphv / Blackcat n'a pas été saisi. Ils sont de sortie en escroquerie leurs sociétés affiliées", a déclaré le chercheur en sécurité Fabian Wosar & NBSP;"Il est manifestement évident lorsque vous vérifiez le code source du nouvel avis de retrait."
"Là
The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is blatantly obvious when you check the source code of the new takedown notice." "There |
Ransomware Threat Legislation | ★★★★ | |
|
2024-03-06 18:18:28 | Fidelity customers\\' financial info feared stolen in suspected ransomware attack (lien direct) | Le géant de l'assurance blâme Infosys, Lockbit Credits Credit Les criminels ont probablement volé près de 30 000 clients d'assurance-vie de fidélité \\ 'Informations personnelles et financières - y compris les numéros de compte bancaire et de routage, les numéros de carte de crédit et la sécurité ou la sécuritéCodes d'accès - après avoir pénétré dans les systèmes informatiques Infosys \\ 'à l'automne…
Insurance giant blames Infosys, LockBit claims credit Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers\' personal and financial information - including bank account and routing numbers, credit card numbers and security or access codes - after breaking into Infosys\' IT systems in the fall.… |
Ransomware | ★★ | |
|
2024-03-06 18:11:17 | Europol, DOJ, NCA nie la participation dans la récente fermeture alphv / blackcat \\ '\\' Europol, DOJ, NCA deny involvement in recent AlphV/BlackCat \\'shutdown\\' (lien direct) |
Plusieurs des organismes d'application de la loi impliqués dans le retrait de l'un des groupes de ransomware les plus prolifiques ont nié la participation à un nouvel avis publié sur le site de fuite du gang - ajoutant du poids derrière des rumeurs d'experts et de cybercriminels que le groupe tentait de transportersur une arnaque de sortie élaborée.Le ministère américain de la Justice,
Several of the law enforcement agencies involved in the takedown of one of the most prolific ransomware groups denied involvement in a new notice posted to the gang\'s leak site - adding weight behind rumors from experts and cybercriminals that the group was attempting to carry out an elaborate exit scam. The U.S. Justice Department, |
Ransomware Legislation | ★★★★ | |
|
2024-03-06 15:21:19 | Anatomie d'une attaque Blackcat à travers les yeux de la réponse aux incidents Anatomy of a BlackCat Attack Through the Eyes of Incident Response (lien direct) |
> Les experts de la réponse aux incidents de Sygnia fournissent un souffle détaillé par coup d'une attaque de ransomware Blackcat et partagent des conseils pour la survie.
>Incident response experts at Sygnia provide a detailed blow-by-blow of a BlackCat ransomware attack and share tips for survival. |
Ransomware Technical | ★★★★ | |
|
2024-03-06 14:40:33 | Capita dit que la cyberattaque a contribué à une perte annuelle de plus de & livre; 106 millions Capita says cyberattack contributed to annual loss of more than £106 million (lien direct) |
Capita, la société britannique d'externalisation frappée par une attaque de ransomware en mars dernier, a rapporté avoir perdu plus que & Pound; 106,6 millions (135,5 millions de dollars) au cours de la dernière année - dont environ un quart a été directement causé par l'incident.L'entreprise avait initialement Il s'attendait à ce qu'il s'attendait à
Capita, the British outsourcing company hit by a ransomware attack last March, has reported losing more than £106.6 million ($135.5 million) over the last year - roughly a quarter of which was directly caused by the incident. The company had initially said it expected the incident to cost up to £20 million ($25.4 million) to |
Ransomware | ★★★ | |
 |
2024-03-06 14:12:15 | Démantèlement Lockbit - Quel impact sur le marché du ransomware ? (lien direct) | Démantèlement Lockbit - Quel impact sur le marché du ransomware ? Fabio Costa, ingénieur en cybersécurité chez Akamai - Malwares | Ransomware | ★★ | |
|
2024-03-06 13:15:13 | Duvel dit qu'il a "plus qu'assez" de bière après une attaque de ransomware Duvel says it has "more than enough" beer after ransomware attack (lien direct) |
La brasserie de Duvel Moortgat a été frappée par une attaque de ransomware tard hier soir, mettant en garde la production de bière dans les installations d'embouteillage de la société [...]
Duvel Moortgat Brewery was hit by a ransomware attack late last night, bringing to a halt the beer production in the company\'s bottling facilities [...] |
Ransomware Industrial | ★★★★ | |
|
2024-03-06 12:41:00 | Alerte: GhostSec et Stormous Lancent les attaques du ransomware conjointe dans plus de 15 pays Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries (lien direct) |
Le groupe de cybercrimes appelé Ghostsec a été lié à une variante Golang d'une famille de ransomwares appelée & nbsp; Ghostlocker.
«Les groupes de ransomware de TheghostSec et Stormous mènent conjointement des attaques de ransomwares à double extorsion contre diverses verticales commerciales dans plusieurs pays», le chercheur de Cisco Talos Chetan Raghuprasad & Nbsp; a déclaré & nbsp; dans un rapport partagé avec le Hacker News.
«Ghostlocker et
The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker. “TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos researcher Chetan Raghuprasad said in a report shared with The Hacker News. “GhostLocker and |
Ransomware | ★★★ | |
|
2024-03-06 11:25:48 | Gang de ransomware Blackcat soupçonné de tirer une arnaque de sortie BlackCat Ransomware Gang Suspected of Pulling Exit Scam (lien direct) |
> Le Blackcat Ransomware Gang annonce la fermeture alors qu'un affilié accuse le vol de 22 millions de dollars de rançon.
>The BlackCat ransomware gang announces shutdown as an affiliate accuses theft of $22 million ransom payment. |
Ransomware | ★★ | |
|
2024-03-06 01:05:06 | Faits saillants hebdomadaires d'osint, 4 mars 2024 Weekly OSINT Highlights, 4 March 2024 (lien direct) |
## Weekly OSINT Highlights, 4 March 2024 Ransomware loomed large in cyber security research news this week, with our curated OSINT featuring research on Abyss Locker, BlackCat, and Phobos. Phishing attacks, information stealers, and spyware are also in the mix, highlighting the notable diversity in the cyber threat landscape. The OSINT reporting this week showcases the evolving tactics of threat actors, with operators increasingly employing multifaceted strategies across different operating systems. Further, the targets of these attacks span a wide range, from civil society figures targeted by spyware in the Middle East and North Africa to state and local governments victimized by ransomware. The prevalence of attacks on sectors like healthcare underscores the significant impact on critical infrastructure and the potential for substantial financial gain through ransom payments. 1. [**Abyss Locker Ransomware Evolution and Tactics**](https://ti.defender.microsoft.com/articles/fc80abff): Abyss Locker ransomware, derived from HelloKitty, exfiltrates victim data before encryption and targets Windows systems, with a subsequent Linux variant observed. Its capabilities include deleting backups and employing different tactics for virtual machines, indicating a growing sophistication in ransomware attacks. 2. [**ALPHV Blackcat Ransomware-as-a-Service (RaaS)**:](https://ti.defender.microsoft.com/articles/b85e83eb) The FBI and CISA warn of ALPHV Blackcat RaaS, which targets multiple sectors, particularly healthcare. Recent updates to ALPHV Blackcat include improved defense evasion, encryption capabilities for Windows and Linux, reflecting the increasing sophistication in ransomware operations. 3. [**Phobos RaaS Model**](https://ti.defender.microsoft.com/articles/ad1bfcb4): Phobos ransomware, operating as a RaaS model, frequently targets state and local governments. Its use of accessible open-source tools enhances its popularity among threat actors, emphasizing the ease of deployment and customization for various environments. 4. [**TimbreStealer Phishing Campaign**](https://ti.defender.microsoft.com/articles/b61544ba): Talos identifies a phishing campaign distributing TimbreStealer, an information stealer disguised as Mexican tax-related themes. The threat actor was previously associated with banking trojans, underscoring the adaptability and persistence of malicious actors. 5. [**Nood RAT Malware Features and Stealth**](https://ti.defender.microsoft.com/articles/cc509147): ASEC uncovers Nood RAT, a Linux-based variant of Gh0st RAT, equipped with encryption and disguised as legitimate software. The malware\'s flexibility in binary creation and process naming underscores the threat actor\'s intent to evade detection and carry out malicious activities with sophistication. 6. [**Predator Spyware Infrastructure and Targeting**](https://ti.defender.microsoft.com/articles/7287eb1b): The Insikt Group\'s discovery highlights the widespread use of Predator spyware, primarily targeting journalists, politicians, and activists in various countries. Despite its purported use for counterterrorism and law enforcement, Predator is employed by threat actors outside these contexts, posing significant privacy and safety risks. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog) and the following blog posts: - [Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself](https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/?ocid=magicti_ta_blog#defending-against-ransomware) Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this summary. The following | Ransomware Spam Malware Tool Threat Legislation Medical | ★★★★ | |
|
2024-03-06 00:30:09 | L'oncle Sam intervient alors que Change Healthcare Ransomware fiasco crée le chaos Uncle Sam intervenes as Change Healthcare ransomware fiasco creates mayhem (lien direct) |
en tant que escrocs derrière l'attaque - probablement alphv / blackcat - simuler leur propre disparition Le gouvernement américain est intervenu pour aider les hôpitaux et autres fournisseurs de soins de santé touchés par l'infection au ransomware de santé du changement, offrant plus de détenteMedicare règne et exhortant un financement avancé aux fournisseurs.…
As the crooks behind the attack - probably ALPHV/BlackCat - fake their own demise The US government has stepped in to help hospitals and other healthcare providers affected by the Change Healthcare ransomware infection, offering more relaxed Medicare rules and urging advanced funding to providers.… |
Ransomware Medical | ★★★ | |
 |
2024-03-06 00:22:56 | Le groupe Ransomware Blackcat implose après un paiement apparent de 22 millions de dollars par changement de santé BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare (lien direct) |
Il y a des indications que le géant des soins de santé américain Change Healthcare a effectué un paiement d'extorsion de 22 millions de dollars au tristement célèbre groupe de ransomware BlackCat (alias "AlphV") alors que la société a du mal à ramener les services en ligne au milieu d'une cyberattaque qui a perturbé les services de médicaments sur ordonnance à l'échelle nationale pendant des semaines.Cependant, le cybercriminal qui prétend avoir donné à BlackCat un accès au réseau de changement \\ dit que le gang du crime les avait trompés de leur part de la rançon, et qu'ils ont toujours les données sensibles que le changement aurait payé le groupe pour détruire.Pendant ce temps, la divulgation de la filiale \\ semble avoir incité BlackCat à cesser entièrement les opérations.
There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. "ALPHV") as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change\'s network says the crime gang cheated them out of their share of the ransom, and that they still have the sensitive data that Change reportedly paid the group to destroy. Meanwhile, the affiliate\'s disclosure appears to have prompted BlackCat to cease operations entirely. |
Ransomware Medical | ★★★ | |
|
2024-03-05 21:30:37 | Rapport Découvre la vente massive des informations d'identification CHATGPT compromises Report Uncovers Massive Sale of Compromised ChatGPT Credentials (lien direct) |
> Par deeba ahmed
Le rapport Group-IB met en garde contre l'évolution des cyber-menaces, y compris les vulnérabilités de l'IA et du macOS et des attaques de ransomwares.
Ceci est un article de HackRead.com Lire le post original: Le rapport découvre une vente massive des informations d'identification CHATGPT compromises
>By Deeba Ahmed Group-IB Report Warns of Evolving Cyber Threats Including AI and macOS Vulnerabilities and Ransomware Attacks. This is a post from HackRead.com Read the original post: Report Uncovers Massive Sale of Compromised ChatGPT Credentials |
Ransomware Vulnerability | ChatGPT | ★★ |
 |
2024-03-05 20:49:07 | Groupe de ransomwares derrière le changement d'attaque de soins de santé devient sombre Ransomware group behind Change Healthcare attack goes dark (lien direct) |
> Alphv / Blackcat aurait reçu 22 millions de dollars de Change Healthcare avant de directement arnaquer ses affiliés avant un éventuel rebrand.
>ALPHV/BlackCat reportedly received $22 million from Change Healthcare before scamming its affiliates ahead of a possible rebrand. |
Ransomware Medical | ★★ | |
|
2024-03-05 20:46:20 | Le fonctionnement conjoint des ransomwares et l'évolution de leur arsenal GhostSec\\'s Joint Ransomware Operation and Evolution of their Arsenal (lien direct) |
#### Description
Cisco Talos a observé une augmentation de GhostSec, des activités malveillantes d'un groupe de piratage depuis l'année dernière.
GhostSec, un groupe de piratage à motivation financière, a été observé menant des attaques de ransomwares à double extorsion contre diverses verticales commerciales dans plusieurs pays.Le groupe a évolué avec un nouveau Ransomware Ghostlocker 2.0, une variante Golang du Ransomware Ghostlocker.Les groupes GhostSec et Stormous Ransomware mènent conjointement ces attaques et ont lancé un nouveau programme Ransomware-as-a-Service (RAAS) STMX_GHOSTLOCKER, offrant diverses options pour leurs affiliés.Les groupes GhostSec et Stormous Ransomware ont conjointement mené des attaques de ransomware à double extorsion ciblant les victimes dans divers secteurs d'activité dans plusieurs pays.
Talos a également découvert deux nouveaux outils dans l'arsenal de GhostSec \\, le "GhostSec Deep Scan Tool" et "Ghostpresser", tous deux utilisés dans les attaques contre les sites Web GhostSec sont restés actifs depuis l'année dernière et ont mené plusieurs déni de-Service (DOS) attaque et aLes sites Web des victimes ont été retirées.
#### URL de référence (s)
1. https://blog.talosintelligence.com/ghostec-ghostlocker2-ransomware/
#### Date de publication
5 mars 2024
#### Auteurs)
Chetan Raghuprasad
#### Description Cisco Talos observed a surge in GhostSec, a hacking group\'s malicious activities since this past year. GhostSec, a financially motivated hacking group, has been observed conducting double extortion ransomware attacks on various business verticals in multiple countries. The group has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware. GhostSec and Stormous ransomware groups are jointly conducting these attacks and have started a new ransomware-as-a-service (RaaS) program STMX_GhostLocker, providing various options for their affiliates. GhostSec and Stormous ransomware groups have jointly conducted double extortion ransomware attacks targeting victims across various business verticals in multiple countries. Talos also discovered two new tools in GhostSec\'s arsenal, the "GhostSec Deep Scan tool" and "GhostPresser," both likely being used in the attacks against websites GhostSec has remained active since last year and has conducted several denial-of-service (DoS) attacks and has taken down victims\' websites. #### Reference URL(s) 1. https://blog.talosintelligence.com/ghostsec-ghostlocker2-ransomware/ #### Publication Date March 5, 2024 #### Author(s) Chetan Raghuprasad |
Ransomware Tool | ★★★ | |
 |
2024-03-05 20:00:39 | Félicitations à Check Point \\'s CPX Americas Partner Award Gainters Congratulating Check Point\\'s CPX Americas Partner Award Winners (lien direct) |
> 2023 a été l'année des attaques de méga ransomwares et des cybermenaces alimentées par l'IA avec 1 organisation sur 10 dans le monde en proie à des tentatives de ransomware.Nos partenaires étaient là pour soutenir et guider les clients au milieu du paysage des menaces croissantes et de nouvelles cyber-réglementations.Nous remercions tous nos partenaires pour leur dévouement continu à assurer la meilleure sécurité aux organisations de toutes tailles.Cette année, nous sommes fiers d'annoncer les prix des partenaires Amériques CPX suivants et de célébrer les gagnants: Americas Partner of the Year: Sayers Distributeur de l'année: licence en ligne GSI partenaire de l'année: DXC Technology Harmony Partner of the Year:Gotham [& # 8230;]
>2023 was the year of mega ransomware attacks and AI-fueled cyber threats with 1 in 10 organizations worldwide plagued by attempted ransomware attacks. Our partners were there to support and guide customers amidst the growing threat landscape and new cyber regulations. We thank all of our partners for their continued dedication to providing the best security to organizations of all sizes. This year, we\'re proud to announce the following CPX Americas Partner awards and celebrate the winners: Americas Partner of the Year: Sayers Distributor of the Year: Licensias OnLine GSI Partner of the Year: DXC Technology Harmony Partner of the Year: Gotham […] |
Ransomware Threat | ★★ | |
|
2024-03-05 19:28:12 | Fidelity Clients \\ 'Informations financières craignant le volé dans une attaque de ransomware présumée Fidelity customers\\' financial info feared stolen in suspected ransomware attack (lien direct) |
Le géant de l'assurance blâme Infosys, Lockbit Credits Credit Les criminels ont probablement volé près de 30 000 clients d'assurance-vie de fidélité \\ 'Informations personnelles et financières - y compris les numéros de compte bancaire et de routage, les numéros de carte de crédit et la sécurité ou la sécuritéCodes d'accès - après avoir pénétré dans les systèmes informatiques Infosys \\ 'à l'automne…
Insurance giant blames Infosys, LockBit claims credit Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers\' personal and financial information - including bank account and routing numbers, credit card numbers and security or access codes - after breaking into Infosys\' IT systems in the fall.… |
Ransomware | ★★ | |
|
2024-03-05 19:03:47 | Rester en avance sur les acteurs de la menace à l'ère de l'IA Staying ahead of threat actors in the age of AI (lien direct) |
## Snapshot Over the last year, the speed, scale, and sophistication of attacks has increased alongside the rapid development and adoption of AI. Defenders are only beginning to recognize and apply the power of generative AI to shift the cybersecurity balance in their favor and keep ahead of adversaries. At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors, including prompt-injections, attempted misuse of large language models (LLM), and fraud. Our analysis of the current use of LLM technology by threat actors revealed behaviors consistent with attackers using AI as another productivity tool on the offensive landscape. You can read OpenAI\'s blog on the research [here](https://openai.com/blog/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors). Microsoft and OpenAI have not yet observed particularly novel or unique AI-enabled attack or abuse techniques resulting from threat actors\' usage of AI. However, Microsoft and our partners continue to study this landscape closely. The objective of Microsoft\'s partnership with OpenAI, including the release of this research, is to ensure the safe and responsible use of AI technologies like ChatGPT, upholding the highest standards of ethical application to protect the community from potential misuse. As part of this commitment, we have taken measures to disrupt assets and accounts associated with threat actors, improve the protection of OpenAI LLM technology and users from attack or abuse, and shape the guardrails and safety mechanisms around our models. In addition, we are also deeply committed to using generative AI to disrupt threat actors and leverage the power of new tools, including [Microsoft Copilot for Security](https://www.microsoft.com/security/business/ai-machine-learning/microsoft-security-copilot), to elevate defenders everywhere. ## Activity Overview ### **A principled approach to detecting and blocking threat actors** The progress of technology creates a demand for strong cybersecurity and safety measures. For example, the White House\'s Executive Order on AI requires rigorous safety testing and government supervision for AI systems that have major impacts on national and economic security or public health and safety. Our actions enhancing the safeguards of our AI models and partnering with our ecosystem on the safe creation, implementation, and use of these models align with the Executive Order\'s request for comprehensive AI safety and security standards. In line with Microsoft\'s leadership across AI and cybersecurity, today we are announcing principles shaping Microsoft\'s policy and actions mitigating the risks associated with the use of our AI tools and APIs by nation-state advanced persistent threats (APTs), advanced persistent manipulators (APMs), and cybercriminal syndicates we track. These principles include: - **Identification and action against malicious threat actors\' use:** Upon detection of the use of any Microsoft AI application programming interfaces (APIs), services, or systems by an identified malicious threat actor, including nation-state APT or APM, or the cybercrime syndicates we track, Microsoft will take appropriate action to disrupt their activities, such as disabling the accounts used, terminating services, or limiting access to resources. - **Notification to other AI service providers:** When we detect a threat actor\'s use of another service provider\'s AI, AI APIs, services, and/or systems, Microsoft will promptly notify the service provider and share relevant data. This enables the service provider to independently verify our findings and take action in accordance with their own policies. - **Collaboration with other stakeholders:** Microsoft will collaborate with other stakeholders to regularly exchange information a | Ransomware Malware Tool Vulnerability Threat Studies Medical Technical | APT 28 ChatGPT APT 4 | ★★ |
 |
2024-03-05 18:04:52 | Le groupe de ransomware RA à croissance rapide devient global Fast-Growing RA Ransomware Group Goes Global (lien direct) |
Le groupe de menaces en évolution rapide utilise des tactiques à fort impact qui incluent la manipulation de la politique de groupe pour déployer des charges utiles dans les environnements.
The rapidly evolving threat group uses high-impact tactics that include manipulating group policy to deploy payloads across environments. |
Ransomware Threat | ★★ | |
|
2024-03-05 14:45:00 | Les serveurs ransomwares Alphv / Blackcat baissent ALPHV/BlackCat Ransomware Servers Go Down (lien direct) |
Les spéculations sur la plage de fermeture d'une arnaque de sortie potentielle à une initiative de changement de marque
Speculations about the shut down range from a potential exit scam to a rebranding initiative |
Ransomware | ★★★ | |
|
2024-03-05 13:10:00 | Ghostlocker 2.0 hante les entreprises du Moyen-Orient, de l'Afrique et de l'ampli;Asie GhostLocker 2.0 Haunts Businesses Across Middle East, Africa & Asia (lien direct) |
Ransomware Cybercrime Gangs GhostSec et Stormous se sont associés à des attaques à double expression généralisées.
Ransomware cybercrime gangs GhostSec and Stormous have teamed up in widespread double-extortion attacks. |
Ransomware | ★★ | |
|
2024-03-05 11:30:12 | Blackfog Février State of Ransomware Rapport Blackfog February State of Ransomware Report (lien direct) |
Blackfog Février State of Ransomware Report
-
rapports spéciaux
Blackfog February State of Ransomware Report - Special Reports |
Ransomware | ★★ | |
|
2024-03-04 21:35:28 | Les services du comté de Fulton reviennent sur \\ 'Rolling Base \\' After Lockbit Attack Fulton County services coming back on \\'rolling basis\\' after LockBit attack (lien direct) |
Le comté de Fulton de Géorgie dit qu'il est en passe de restaurer de nombreux systèmes réduits par Une attaque de ransomware de janvier par le Gang Lockbit .Le comté a publié lundi une mise à jour de son site Web gouvernemental disant que sa plate-forme de facturation d'eau avait été restaurée, permettant aux résidents de effectuer des paiements en ligne.Les responsables du comté n'ont pas
Georgia\'s Fulton County says it is on its way to restoring many of the systems brought down by a January ransomware attack by the LockBit gang. The county posted an update to its government website on Monday saying its water billing platform has been restored, allowing residents to make online payments. County officials did not |
Ransomware | ★★★ | |
|
2024-03-04 21:01:06 | Changer l'attaque des soins de santé Dernier: Alphv Sacs 22 millions de dollars en Bitcoin au milieu du drame d'affiliation Change Healthcare attack latest: ALPHV bags $22M in Bitcoin amid affiliate drama (lien direct) |
Aucun honneur parmi les voleurs? alphv / blackcat, le gang derrière le changement de cyberattaque de soins de santé, a reçu plus de 22 millions de dollars en bitcoin dans ce qui pourrait être un paiement de ransomware.…
No honor among thieves? ALPHV/BlackCat, the gang behind the Change Healthcare cyberattack, has received more than $22 million in Bitcoin in what might be a ransomware payment.… |
Ransomware Medical | ★★ | |
|
2024-03-04 20:21:51 | Une nouvelle vague d'infections de Socgholish imite les plugins WordPress New Wave of SocGholish Infections Impersonates WordPress Plugins (lien direct) |
#### Description
Une nouvelle vague d'infections de logiciels malveillants SocGholish a été identifiée, ciblant les sites Web WordPress.La campagne malveillante tire parti d'un cadre de logiciel malveillant JavaScript qui est utilisé depuis au moins 2017. Le malware tente de inciter les utilisateurs sans méfiance à télécharger ce qui est en fait un Trojan (rat) d'accès à distance sur leurs ordinateurs, qui est souvent la première étape d'un ransomware à distanceinfection.Les sites infectés ont été compromis via des comptes d'administrateur WP-Admin piratés.
#### URL de référence (s)
1. https://blog.sucuri.net/2024/03/new-wave-of-socgholish-infections-impersonates-wordpress-plugins.html
#### Date de publication
1er mars 2024
#### Auteurs)
Ben Martin
#### Description A new wave of SocGholish malware infections has been identified, targeting WordPress websites. The malware campaign leverages a JavaScript malware framework that has been in use since at least 2017. The malware attempts to trick unsuspecting users into downloading what is actually a Remote Access Trojan (RAT) onto their computers, which is often the first stage in a ransomware infection. The infected sites were compromised through hacked wp-admin administrator accounts. #### Reference URL(s) 1. https://blog.sucuri.net/2024/03/new-wave-of-socgholish-infections-impersonates-wordpress-plugins.html #### Publication Date March 1, 2024 #### Author(s) Ben Martin |
Ransomware Malware | ★★ | |
 |
2024-03-04 17:41:48 | Les pirates derrière le changement d'attaque de ransomware de soins de santé viennent de recevoir un paiement de 22 millions de dollars Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment (lien direct) |
La transaction, visible sur la blockchain de Bitcoin \\, suggère que la victime de l'une des pires attaques de ransomware depuis des années peut avoir payé une très grande rançon.
The transaction, visible on Bitcoin\'s blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom. |
Ransomware Medical | ★★ | |
|
2024-03-04 14:57:28 | Kaspersky présente son nouveau jeu vidéo immersif pour professionnels (lien direct) | Initiation aux attaques par ransomware : Kaspersky présente son nouveau jeu vidéo immersif pour professionnels - Produits | Ransomware | ★★ |
To see everything:
Our RSS (filtrered)
