What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-31 12:26:08 | Le géant de l'énergie électrique Schneider confirme l'attaque du ransomware de cactus Schneider Electric Energy Giant Confirms Cactus Ransomware Attack (lien direct) |
> Par waqas
Schneider Electric Hit by Ransomware Attack: Sustainability Business Division affecté.
Ceci est un article de HackRead.com Lire le post original: schneider electricLe géant de l'énergie confirme l'attaque des ransomwares du cactus
>By Waqas Schneider Electric Hit by Ransomware Attack: Sustainability Business Division Impacted. This is a post from HackRead.com Read the original post: Schneider Electric Energy Giant Confirms Cactus Ransomware Attack |
Ransomware | ★★★ | |
 |
2024-01-31 12:11:38 | Veeam lance programme Cyber Secure (lien direct) | Veeam lance programme Cyber Secure, pour aider les entreprises à se protéger et rétablir leur activité en cas d'attaque de ransomware Ce programme complet de cyberprotection et de support inclut une assistance technique avant, pendant et après un cyberincident, ainsi que le versement de 5 millions de dollars aux clients de Veeam en cas d'attaque par ransomware. - Business | Ransomware | ★★ | |
 |
2024-01-31 10:30:00 | ESET Research Podcast: Chatgpt, The Moveit Hack et Pandora ESET Research Podcast: ChatGPT, the MOVEit hack, and Pandora (lien direct) |
Un chatbot AI Kindle par inadvertance un boom de la cybercriminalité, des bandits de ransomware pluncent des organisations sans déploiement
An AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxes |
Ransomware Hack Mobile | ChatGPT | ★★★ |
 |
2024-01-31 10:00:45 | ICS et prédictions de menace OT pour 2024 ICS and OT threat predictions for 2024 (lien direct) |
Les experts de Kaspersky font leurs prédictions sur les CI et les menaces OT: en particulier, les ransomwares et les attaques hacktivistes, les menaces pour la logistique et le transport, etc.
Kaspersky experts make their predictions about ICS and OT threats: specifically, ransomware and hacktivist attacks, threats to logistics and transportation, etc. |
Ransomware Threat Industrial Prediction | ★★★★ | |
 |
2024-01-31 09:55:37 | Johnson Controls dit que l'attaque des ransomwares a coûté 27 millions de dollars, les données volées Johnson Controls says ransomware attack cost $27 million, data stolen (lien direct) |
Johnson Controls International a confirmé qu'une attaque de ransomware de septembre 2023 a coûté 27 millions de dollars à la société et a conduit à une violation de données après que les pirates ont volé des données d'entreprise.[...]
Johnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data. [...] |
Ransomware Data Breach | ★★★ | |
 |
2024-01-31 07:39:04 | Schneider Electric fait face à des attaques de ransomwares dans le secteur de la durabilité;Groupe de cactus impliqué Schneider Electric faces ransomware attack in Sustainability Business; Cactus group involved (lien direct) |
> La société de gestion de l'énergie et d'automatisation industrielle Schneider Electric a confirmé un incident de ransomware dans sa division des affaires de durabilité ....
>Energy management and industrial automation firm Schneider Electric has confirmed a ransomware incident in its Sustainability Business division.... |
Ransomware Industrial | ★★★ | |
 |
2024-01-31 03:00:56 | Le logiciel de point de contrôle dévoile la plate-forme Infinity: pionnier de l'avenir de la cybersécurité alimentée par Cloud, alimentée par l'IA, Check Point Software Unveils the Infinity Platform: Pioneering the Future of AI-Powered, Cloud-Delivered Cyber Security (lien direct) |
> Chez Check Point Software Technologies, nous sommes toujours à la pointe des solutions innovantes de cybersécurité.Aujourd'hui, nous sommes ravis d'annoncer une évolution importante de la technologie de cybersécurité & # 8211;Le lancement de notre plate-forme Redéfinie à Point Infinity.Cette plate-forme avancée marque une nouvelle ère dans la cybersécurité alimentée par les nuages alimentée par l'IA, spécialement conçue pour relever les défis modernes d'un paysage de menace en évolution.En 2023, le cyber-monde a connu une augmentation stupéfiante de 90% des attaques de ransomwares, mettant en évidence le besoin urgent de mesures de sécurité plus robustes et adaptatives.De plus, le domaine de la cybersécurité fait face à un écart de talent important, avec approximativement [& # 8230;]
>At Check Point Software Technologies, we are always at the forefront of innovative cyber security solutions. Today, we are excited to announce a significant evolution in cyber security technology – the launch of our redefined Check Point Infinity Platform. This advanced platform marks a new era in AI-powered, cloud-delivered cyber security, specifically designed to meet the modern challenges of an evolving threat landscape. In 2023, the cyber world witnessed a staggering 90% increase in ransomware attacks, highlighting the urgent need for more robust and adaptive security measures. Additionally, the cyber security field is facing a significant talent gap, with approximately […] |
Ransomware Threat | ★★ | |
 |
2024-01-30 22:34:00 | \\ 'cactus \\' Ransomware frappe Schneider Electric \\'Cactus\\' Ransomware Strikes Schneider Electric (lien direct) |
La division du développement durable de Schneider, qui fournit des services de logiciels et de conseil aux entreprises, a été abattu par des cybercriminels à la mi-janvier.
Schneider\'s Sustainability division, which provides software and consulting services to enterprises, was felled by cybercriminals in mid-January. |
Ransomware | ★★ | |
 |
2024-01-30 21:03:44 | GAO: Les agences fédérales manquent de compréhension des protections des ransomwares pour l'infrastructure critique GAO: Federal agencies lack insight on ransomware protections for critical infrastructure (lien direct) |
> Le gouvernement du gouvernement de la responsabilité constate que les agences supervisant les secteurs clés des infrastructures critiques ne savent pas si des protections contre les ransomwares ont été implémentées.
>The Government Accountability Office finds that agencies overseeing key critical infrastructure sectors don\'t know whether protections against ransomware have been implemented. |
Ransomware | ★★★ | |
 |
2024-01-30 17:45:00 | Schneider Electric confirme les données accessibles dans Ransomware Attack Schneider Electric Confirms Data Accessed in Ransomware Attack (lien direct) |
La société d'énergie, Schneider Electric, a déclaré qu'un incident de ransomware, qui aurait été perpétré par le groupe Cactus, a conduit les données accessibles à sa division des activités de durabilité
Energy firm Schneider Electric said a ransomware incident, reportedly perpetrated by the Cactus group, has led to data being accessed from its Sustainability Business division |
Ransomware | ★ | |
 |
2024-01-30 17:39:33 | Schneider Electric confirme l'attaque des ransomwares contre la division de la durabilité Schneider Electric confirms ransomware attack on sustainability division (lien direct) |
La multinationale française Schneider Electric a déclaré que sa division commerciale de durabilité avait souffert d'une attaque de ransomware au début du mois.La société a confirmé l'incident dans un communiqué cette semaine que l'attaque a affecté son produit de conseil en ressources - un outil de visualisation des données pour les informations sur la durabilité - ainsi que d'autres «systèmes spécifiques à la division».Schneider Electric a dit qu'ils
French multinational Schneider Electric said its Sustainability Business division suffered from a ransomware attack earlier this month. The company confirmed the incident in a statement this week that the attack affected its Resource Advisory product - a data visualization tool for sustainability information - as well as other “division specific systems.” Schneider Electric said they |
Ransomware Tool | ★★ | |
|
2024-01-30 16:30:00 | Alpha Ransomware Group lance le site de fuite de données sur le Web Dark Alpha Ransomware Group Launches Data Leak Site on the Dark Web (lien direct) |
Netenrich a analysé le modèle de note de rançon disant que le groupe affine ses messages aux victimes
Netenrich analyzed the ransom note pattern saying the group is refining their messages to victims |
Ransomware | ★★ | |
|
2024-01-30 15:18:00 | Cyber Chief du gouvernement des EAU: Nous sommes confrontés quotidiennement à 50 000 cyberattaques UAE Government Cyber Chief: We Face 50K Cyberattacks Daily (lien direct) |
Les Emirats voient des e-mails de phishing, des attaques DDOS et des ransomwares, ainsi que des analyses de port, régulièrement.
The Emirates see phishing emails, DDoS attacks, and ransomware, as well as port scans, regularly. |
Ransomware | ★★ | |
|
2024-01-30 14:00:00 | Les incidents de ransomware atteignent un record, mais les démontages des forces de l'ordre Ransomware Incidents Hit Record High, But Law Enforcement Takedowns Slow Growth (lien direct) |
De nouvelles données de Corvus ont révélé que les incidents de ransomware ont augmenté de 68% en 2023 par rapport à 2022, mais les démontages des forces de l'ordre ont entraîné une baisse du quatrième trimestre
New data from Corvus found that ransomware incidents rose by 68% in 2023 compared to 2022, but law enforcement takedowns led to a fall in Q4 |
Ransomware Legislation | ★★★ | |
|
2024-01-30 13:47:04 | (Déjà vu) La recherche de la délibération révèle que les ransomwares sont de retour en augmentation alors que les cybercriminels \\ 'la motivation se déplace vers l'exfiltration des données Delinea Research Reveals that Ransomware is Back on the Rise as Cybercriminals\\' Motivation Shifts to Data Exfiltration (lien direct) |
La recherche sur la conduite révèle que les ransomwares sont de retour en augmentation alors que les cybercriminels \\ 'se déplacent vers l'exfiltration des données
Plus de 75% des organisations paient des ransomwares à mesure que les entreprises de taille moyenne deviennent la cible préférée, le cloud devient le vecteur d'attaque le plus vulnérable
-
mise à jour malveillant
Delinea Research Reveals that Ransomware is Back on the Rise as Cybercriminals\' Motivation Shifts to Data Exfiltration More than 75% of organizations are paying ransomware as mid-sized companies become the preferred target, cloud becomes the most vulnerable attack vector - Malware Update |
Ransomware Studies Cloud | ★ | |
|
2024-01-30 13:45:17 | L\'étude Delinea révèle que les ransomwares sont de nouveau en hausse alors que les cybercriminels se tournent vers l\'exfiltration de données (lien direct) | L'étude Delinea révèle que les ransomwares sont de nouveau en hausse alors que les cybercriminels se tournent vers l'exfiltration de données • Plus de 75 % des entreprises paient des ransomwares • Les entreprises de taille moyenne deviennent la cible privilégiée • L'informatique dématérialisée est le vecteur d'attaque le plus vulnérable - Malwares | Ransomware Studies | ★★★ | |
 |
2024-01-30 12:14:41 | Division électrique de Schneider répondant à l'attaque des ransomwares, violation de données Schneider Electric Division Responding to Ransomware Attack, Data Breach (lien direct) |
> La division commerciale de durabilité de Schneider Electric \\ a perturbé à la suite d'une attaque de ransomware et d'une violation de données.
>Schneider Electric\'s Sustainability Business division disrupted as a result of a ransomware attack and data breach. |
Ransomware Data Breach Industrial | ★★★★ | |
 |
2024-01-30 10:17:31 | Ransomware chez Schneider Electric : un suspect nommé Cactus (lien direct) | Dit victime d'un ransomware, Schneider Electric l'a confirmé. Sans confirmer si on doit bien l'attaque au groupe Cactus. | Ransomware Industrial | ★★★ | |
|
2024-01-30 09:13:41 | Le rapport UK NCSC met en garde contre l'augmentation de la menace des ransomwares avec la montée de l'IA affectant les cyber opérations UK NCSC report warns of increased ransomware threat with rise of AI affecting cyber operations (lien direct) |
> Le Royaume-Uni National Cyber Security Center (NCSC) a publié un rapport mettant en évidence l'impact potentiel de l'intelligence artificielle ...
>The U.K. National Cyber Security Centre (NCSC) has released a report highlighting the potential impact of artificial intelligence... |
Ransomware Threat | ★★★ | |
|
2024-01-30 05:20:34 | Trigona Ransomware menace l'acteur utilise Mimic Ransomware Trigona Ransomware Threat Actor Uses Mimic Ransomware (lien direct) |
Ahnlab Security Intelligence Center (ASEC) a récemment identifié une nouvelle activité de l'acteur de menace de ransomware Trigona Installation de Mimicransomware.Comme les cas passés, l'attaque récemment détectée cible les serveurs MS-SQL et est remarquable pour abuser de l'utilitaire BCP (Bulk Copy Program) dans les serveurs MS-SQL pendant le processus d'installation de logiciels malveillants.L'ASEC a découvert un cas d'attaque pour la première fois en utilisant BCP pour installer Mimic début janvier 2024. À la mi-janvier 2024, des types d'attaques similaires étaient identifiés où Trigona a été installé à la place ...
AhnLab SEcurity intelligence Center (ASEC) has recently identified a new activity of the Trigona ransomware threat actor installing Mimic ransomware. Like past cases, the recently detected attack targets MS-SQL servers and is notable for abusing the Bulk Copy Program (BCP) utility in MS-SQL servers during the malware installation process. ASEC first discovered a case of attack using BCP to install Mimic in early January 2024. In mid-January 2024, there were similar types of attacks identified where Trigona was installed instead... |
Ransomware Malware Threat | ★★ | |
|
2024-01-30 04:00:02 | Félicitations à Check Point \\'s CPX APAC Partner Award Gainters Congratulating Check Point\\'s CPX APAC Partner Award Winners (lien direct) |
> 2023 a été l'année des attaques de méga ransomwares et des cybermenaces alimentées par l'IA.La région de l'APAC a été la plus touchée par les cyberattaques, les organisations subissant une moyenne de 1 930 attaques par semaine.Nos partenaires étaient là pour soutenir et guider les clients au milieu du paysage des menaces croissantes et de nouvelles cyber-réglementations.Nous remercions tous nos partenaires pour leur dévouement continu à assurer la meilleure sécurité aux organisations de toutes tailles dans l'APAC.Cette année, nous sommes fiers d'annoncer les prix de partenaire CPX APAC suivants et de célébrer les gagnants: le prix du partenaire de l'année 2023 va à NCS Pte Ltd!Le [& # 8230;]
>2023 was the year of mega ransomware attacks and AI-fueled cyber threats. The APAC region was hit hardest by cyber attacks, with organizations experiencing an average of 1,930 attacks per week. Our partners were there to support and guide customers amidst the growing threat landscape and new cyber regulations. We thank all of our partners for their continued dedication to providing the best security to organizations of all sizes in APAC. This year, we\'re proud to announce the following CPX APAC Partner awards and celebrate the winners: The 2023 Partner of the Year award goes to NCS Pte Ltd! The […] |
Ransomware Threat | ★★★ | |
|
2024-01-30 00:30:00 | Dévasser des ransomwares alpha: une plongée profonde dans ses opérations Unveiling Alpha Ransomware: A Deep Dive into Its Operations (lien direct) |
Dévoilage des ransomwares alpha: une plongée profonde dans ses opérations
-
mise à jour malveillant
Unveiling Alpha Ransomware: A Deep Dive into Its Operations - Malware Update |
Ransomware | ★★ | |
|
2024-01-29 18:00:00 | Une perspective de cyber-assureur \\ sur la façon d'éviter les ransomwares A Cyber Insurer\\'s Perspective on How to Avoid Ransomware (lien direct) |
Les compagnies d'assurance ont une vision unique des ravages des ransomwares, ce qui nous permet de formuler des leçons sur la façon d'éviter de devenir victime.
Insurance companies have a unique view of the ravages of ransomware, which lets us formulate lessons in how to avoid becoming a victim. |
Ransomware | ★★ | |
|
2024-01-29 17:15:00 | La famille des ransomwares Phobos se développe avec une nouvelle variante Faust Phobos Ransomware Family Expands With New FAUST Variant (lien direct) |
Fortiguard a déclaré que la variante avait été trouvée dans un document de bureau à l'aide d'un script VBA
FortiGuard said the variant was found in an Office document using a VBA script |
Ransomware | ★★★ | |
 |
2024-01-29 16:33:00 | Albabat, Kasseika, Kuiper: de nouveaux gangs de ransomware augmentent avec Rust et Golang Albabat, Kasseika, Kuiper: New Ransomware Gangs Rise with Rust and Golang (lien direct) |
Les chercheurs en cybersécurité ont détecté dans la nature une autre variante de la famille des ransomwares Phobos appelée & nbsp; Faust.
Fortinet Fortiguard Labs, qui a détaillé la dernière itération du ransomware, a déclaré qu'elle était propagée au moyen d'une infection qui offre un document Microsoft Excel (.xlam) contenant un script VBA.
"Les attaquants ont utilisé le service Gitea pour stocker plusieurs fichiers
Cybersecurity researchers have detected in the wild yet another variant of the Phobos ransomware family known as Faust. Fortinet FortiGuard Labs, which detailed the latest iteration of the ransomware, said it\'s being propagated by means of an infection that delivers a Microsoft Excel document (.XLAM) containing a VBA script. "The attackers utilized the Gitea service to store several files |
Ransomware | ★★★ | |
|
2024-01-29 15:10:00 | Géant de l'énergie Schneider Electric Hit par Cactus Ransomware Attack Energy giant Schneider Electric hit by Cactus ransomware attack (lien direct) |
Le géant de la gestion de l'énergie et de l'automatisation, Schneider Electric, a subi une attaque de ransomware de cactus menant au vol de données d'entreprise, selon des personnes familières avec la question.[...]
Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. [...] |
Ransomware | ★★★ | |
|
2024-01-29 13:12:14 | Sécurité des données : le ransomware reste la principale préoccupation (lien direct) | Sécurité des données : le ransomware reste la principale préoccupation Par Daniel de Prezzo, Head of Technology Southern Europe chez Veritas Technologies - Points de Vue | Ransomware | ★★★ | |
|
2024-01-29 11:20:10 | Les paiements des ransomwares baissent pour enregistrer le bas car les victimes refusent de payer Ransomware payments drop to record low as victims refuse to pay (lien direct) |
Le nombre de victimes de ransomwares payant des demandes de rançon a chuté à un creux record de 29% au dernier trimestre de 2023, selon la société de négociation de ransomware Coveware.[...]
The number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023, according to ransomware negotiation firm Coveware. [...] |
Ransomware | ★★★★ | |
|
2024-01-29 11:09:47 | Kansas Bus Agency Kcata révèle l'attaque des ransomwares, le groupe Medusa demande une rançon de 2 millions de dollars Kansas bus agency KCATA discloses ransomware attack, Medusa group demands $2 million ransom (lien direct) |
> La Kansas City Area Transportation Authority (KCATA) a révélé une cyber-attaque de rançon qui a eu lieu mardi, janvier ...
>The Kansas City Area Transportation Authority (KCATA) has disclosed a ransom cyber-attack that took place on Tuesday, Jan.... |
Ransomware | ★★★ | |
 |
2024-01-29 11:00:00 | Étude de cas: USM de Vertek \\ partout où MDR aide plus grand concessionnaire automobile dans le nord-est à améliorer leur posture de cybersécurité Case study: Vertek\\'s USM Anywhere MDR helps larger auto dealership in the northeast improve their Cybersecurity posture (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Challenges A larger auto dealership in the northeast faced a number of cybersecurity challenges, including: Lack of resources: The dealership did not have the in-house expertise or resources to manage its own security operations center (SOC). The lack of trained security experts resulted in slower responses times to security incidents. Multiple security solutions: The dealership was using a variety of security solutions from different vendors, making it difficult to manage and correlate security data. Increased threat landscape: The dealership was facing an increasing number of cyber threats, including ransomware, phishing, and malware attacks. Solution The dealership engaged Vertek to implement their top of line Managed Detection and Response (MDR) service using AT&T AlienVault SIEM. Vertek\'s USM Anywhere MDR service provides 24/7 proactive threat monitoring, industry leading threat intelligence, and expert incident response. It is built on top of the AlienVault USM Anywhere platform, which is a unified security management (USM) platform that combines multiple essential security capabilities in one unified console. The service easily integrates with the existing security stack and is implemented without interruption to existing operations. Benefits Since implementing Vertek\'s USM Anywhere MDR service the dealership has experienced a number of benefits, including: Improved security posture: Vertek\'s MDR service has helped the dealership improve its overall security posture by identifying and mitigating security vulnerabilities, and by providing the dealership with actionable security insights. Vertek’s 24/7 SOC identifies and responds to security incidents with speed and accuracy using industry leading threat intelligence. Reduced workload and more effective allocation of resources: Vertek\'s MDR service has reduced the workload on the dealership\'s IT staff by freeing them up to focus on mission critical tasks that fall in line with their core competency. Working with Vertek instead of building an in-house security team has resulted in significant cost savings for the dealership. Improved peace of mind: Vertek\'s MDR service gives the dealership peace of mind knowing that their security is being monitored and managed by a team of experts with expert response to threats. Specific example Vertek was actively monitoring a customer\'s network for threats using their USM Anywhere MDR service. AlienVault SIEM detected a large number of failed login attempts to the customer\'s Active Directory server. Vertek\'s security team immediately investigated the incident and discovered that the attacker was using a brute-force attack to try to guess the passwords of Active Directory users. Vertek\'s security team used context data in the form of network traffic, end-user behavior analytics, and NXLOGS output from their IT tools to understand the significance of the attack. They knew that the Active Directory server was a critical system for the customer, and that if the attacker was able to gain access to the server, they would be able to compromise the entire network. Vertek also used threat intelligence from the MITRE ATT&CK Framework to understand the tactics, techniques, and procedures (TTPs) of the attacker. They knew that brute-force attacks were a common tactic used by ransomware gangs. Based on the context data and threat intelligence, Vertek was able to determine that the customer was facing a high-risk ransomware attack. Vertek\'s security team quickly took steps to mitiga | Ransomware Malware Tool Vulnerability Threat Studies | ★★★ | |
|
2024-01-27 10:08:16 | Kansas City Public Transportation Authority frappé par les ransomwares Kansas City public transportation authority hit by ransomware (lien direct) |
La Kansas City Area Transportation Authority (KCATA) a annoncé qu'elle avait été ciblée par une attaque de ransomware le mardi 23 janvier. [...]
The Kansas City Area Transportation Authority (KCATA) announced it was targeted by a ransomware attack on Tuesday, January 23. [...] |
Ransomware | ★★ | |
|
2024-01-27 10:08:16 | Kansas Public Transportation Authority frappé par des ransomwares Kansas public transportation authority hit by ransomware (lien direct) |
La Kansas City Area Transportation Authority (KCATA) a annoncé qu'elle avait été ciblée par une attaque de ransomware le mardi 23 janvier. [...]
The Kansas City Area Transportation Authority (KCATA) announced it was targeted by a ransomware attack on Tuesday, January 23. [...] |
Ransomware | ★★★ | |
|
2024-01-26 21:57:00 | Black Kite dévoile des tableaux de bord de ransomware mensuels Black Kite Unveils Monthly Ransomware Dashboards (lien direct) |
La Kansas City Area Transportation Authority (KCATA) a annoncé qu'elle avait été ciblée par une attaque de ransomware le mardi 23 janvier. [...]
The Kansas City Area Transportation Authority (KCATA) announced it was targeted by a ransomware attack on Tuesday, January 23. [...] |
Ransomware | ★★ | |
 |
2024-01-26 18:12:09 | Qui est présumé de la pirate de Medibank Aleksandr Ermakov? Who is Alleged Medibank Hacker Aleksandr Ermakov? (lien direct) |
Les autorités en Australie, le Royaume-Uni et les États-Unis ont fait cette semaine des sanctions financières contre un homme russe accusé d'avoir volé des données sur près de 10 millions de clients du géant de l'assurance maladie australienne Medibank.Aleksandr Ermakov, 33 ans, aurait volé et divulgué les données de Medibank tout en travaillant avec l'un des groupes de ransomware les plus destructeurs de Russie, mais il est peu plus partagé sur l'accusé.Voici un examen plus approfondi des activités des prétendus poignées de pirates de M. Ermakov.
Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia\'s most destructive ransomware groups, but little more is shared about the accused. Here\'s a closer look at the activities of Mr. Ermakov\'s alleged hacker handles. |
Ransomware | ★★ | |
 |
2024-01-26 16:00:00 | Ransomware Roundup - Albabat (lien direct) | Le ransomware Albabat motivé financièrement a commencé à se répartir en tant que programme voyou fin 2023 et a depuis évolué.Apprendre encore plus.
The financially motivated Albabat ransomware began distributing as a rogue program in late 2023, and has since evolved. Learn more. |
Ransomware | ★★ | |
|
2024-01-26 14:19:00 | ICS Ransomware Danger fait rage malgré moins d'attaques ICS Ransomware Danger Rages Despite Fewer Attacks (lien direct) |
Les tactiques raffinées, la collaboration accrue entre les groupes et le succès continu à exploiter zéro-jours aident les attaquants de ransomware ICS à infliger plus de dégâts, selon les chercheurs.
Refined tactics, increased collaboration between groups, and continued success exploiting zero-days is helping ICS ransomware attackers inflict more damage, researchers find. |
Ransomware Industrial | ★★ | |
|
2024-01-26 11:00:00 | Cybersécurité pour les systèmes de contrôle industriel: meilleures pratiques Cybersecurity for Industrial Control Systems: Best practices (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Network segmentation, software patching, and continual threats monitoring are key cybersecurity best practices for Industrial Control Systems (ICS). Although ICSs significantly improve health and safety by automating dangerous tasks, facilitating remote monitoring and control, and activating safety protocols in the case of emergency, they’re increasingly exposed to cybersecurity threats. In 2022, there was a 2,000% increase in adversarial reconnaissance targeting Modbus/TCP port 502 — a widely-used industrial protocol — allowing malicious actors to exploit vulnerabilities in operational technology systems. Fortunately, by taking steps to improve and maintain ICS cybersecurity, manufacturers can successfully reduce the attack surface of their critical infrastructure and keep threats (including phishing, denial-of-service attacks, ransomware, and malware) at bay. ICS cyberattacks on the rise ICS cyberattacks are on the rise, with almost 27% of ICS systems affected by malicious objects in the second quarter of 2023, data from Kaspersky reveals. Cyberattacks have the power to devastate ICS systems, damage equipment and infrastructure, disrupt business, and endanger health and safety. For example, the U.S. government has warned of a malware strain called Pipedream: “a modular ICS attack framework that contains several components designed to give threat actors control of such systems, and either disrupt the environment or disable safety controls”. Although Pipedream has the ability to devastate industrial systems, it fortunately hasn’t yet been used to that effect. And, last year, a notorious hacking group called Predatory Sparrow launched a cyberattack on an Iranian steel manufacturer, resulting in a serious fire. In addition to causing equipment damage, the hackers caused a malfunctioning foundry to start spewing hot molten steel and fire. This breach only highlights the importance of safety protocols in the manufacturing and heavy industry sectors. By leveraging the latest safety tech and strengthening cybersecurity, safety, security, and operational efficiency can all be improved. Segment networks By separating critical systems from the internet and other non-critical systems, network segmentation plays a key role in improving ICS cybersecurity. Network segmentation is a security practice that divides a network into smaller, distinct subnetworks based on security level, functionality, or access control, for example. As a result, you can effectively prevent attacker lateral movement within your network — this is a common way hackers disguise themselves as legitimate users and their activities as expected traffic, making it hard to spot this method. Network segmentation also lets you create tailored and unique security policies and controls for each segment based on their defined profile. Each individual segment is therefore adequately protected. And, since network segmentation also provides you with increased visibility in terms of network activity, you’re also better able to spot and respond to problems with greater speed and efficiency. When it comes to | Ransomware Malware Vulnerability Threat Patching Industrial | ★★★ | |
 |
2024-01-26 10:00:00 | Un examen de 2023 & # 8211;26 447 CVE, 44 jours pour exploiter et Ransomware OnSlaught A Review of 2023 – 26,447 CVEs, 44 Days to Exploit, and Ransomware Onslaught (lien direct) |
Alors que nous réfléchissons au parcours de cybersécurité de 2023, nous découvrons des leçons précieuses qui façonnent ...
As we reflect on the cybersecurity journey of 2023, we uncover valuable lessons that shape... |
Ransomware Threat | ★★★ | |
 |
2024-01-26 07:30:00 | Akira Ransomware Gang revendique une cyberattaque luxuriante Akira ransomware gang claims Lush cyber attack (lien direct) |
Alors que nous réfléchissons au parcours de cybersécurité de 2023, nous découvrons des leçons précieuses qui façonnent ...
As we reflect on the cybersecurity journey of 2023, we uncover valuable lessons that shape... |
Ransomware | ★★★ | |
|
2024-01-26 07:07:33 | GuidePoint rapporte une augmentation alarmante des ransomwares, impactant principalement des industries de la fabrication et de la technologie GuidePoint reports alarming rise in ransomware, mostly impacting manufacturing and technology industries (lien direct) |
La sécurité des points de guidage a révélé que 2023 a observé la plupart des impacts affectant un sous-ensemble limité d'industries.62% de tous ...
GuidePoint Security disclosed that 2023 observed most impacts affecting a limited subset of industries. 62 percent of all... |
Ransomware | ★★★ | |
 |
2024-01-25 23:58:06 | Trickbot Malware Scumbag obtient cinq ans pour infecter les hôpitaux, les entreprises Trickbot malware scumbag gets five years for infecting hospitals, businesses (lien direct) |
Le reste de l'équipage toujours en général Un ancien développeur TrickBot a été envoyé depuis cinq ans et quatre mois pour son rôle dans l'infecticule des hôpitaux et des entreprises américaines avec des ransomwares et d'autres logiciels malveillants, ce qui coûte aux victimes des dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizainesdes millions de dollars de pertes…
Rest of the crew still at large A former Trickbot developer has been sent down for five years and four months for his role in infecting American hospitals and businesses with ransomware and other malware, costing victims tens of millions of dollars in losses.… |
Ransomware Malware | ★★★ | |
 |
2024-01-25 20:18:28 | Kasseika Ransomware déploie BYOVD ATTAQUES ABUS Psexec et exploite le pilote Martini Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver (lien direct) |
#### Description
L'opération de ransomware nommée \\ 'Kasseika \' a adopté Bring vos propres tactiques de pilote vulnérable (BYOVD) pour désactiver le logiciel antivirus avant de crypter des fichiers.
Kasseika exploite le pilote Martini, qui fait partie du système d'agent Virtt Soft \\ de TG Soft, pour désactiver les produits antivirus protégeant le système ciblé.Trend Micro a découvert Kasseika en décembre 2023, notant ses similitudes avec Blackmatter, suggérant qu'il pourrait avoir été construit par d'anciens membres ou acteurs qui ont acheté le code de Blackmatter \\.L'attaque commence par un e-mail de phishing, volant des informations d'identification pour l'accès initial, suivie de l'outil d'abus de Psexec Windows pour le mouvement latéral.Kasseika utilise des attaques BYOVD pour gagner des privilèges, résilier les processus antivirus et exécuter son ransomware binaire, exigeant une rançon de Bitcoin et offrant aux victimes une option de décryptage dans les 120 heures.
#### URL de référence (s)
1. https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attades-abuses-psexec-and-expl.html
#### Date de publication
25 janvier 2024
#### Auteurs)
Chercheurs Trendmicro
#### Description The ransomware operation named \'Kasseika\' has adopted Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files. Kasseika exploits the Martini driver, part of TG Soft\'s VirtIT Agent System, to disable antivirus products protecting the targeted system. Trend Micro discovered Kasseika in December 2023, noting its similarities with BlackMatter, suggesting it may have been built by former members or actors who purchased BlackMatter\'s code. The attack begins with a phishing email, stealing credentials for initial access, followed by the abuse of Windows PsExec tool for lateral movement. Kasseika utilizes BYOVD attacks to gain privileges, terminate antivirus processes, and execute its ransomware binary, demanding a Bitcoin ransom and providing victims with a decryption option within 120 hours. #### Reference URL(s) 1. https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html #### Publication Date January 25, 2024 #### Author(s) TrendMicro Researchers |
Ransomware Tool Prediction | ★★★ | |
 |
2024-01-25 17:43:48 | Le nombre de victimes d'attaque ransomware augmente en 2023 à plus de 4000 The Number of Ransomware Attack Victims Surge in 2023 to over 4000 (lien direct) |
La poussée de ransomware -As-A-Service Affiliates est probablement la raison de l'augmentation spectaculaire du nombre d'organisations victimes, avec tous les indicateurs suggérant que cette tendance persistera en 2024.
The surge in Ransomware-as-a-Service affiliates is likely the reason behind the dramatic increase in the number of victimized organizations, with all indicators suggesting that this trend will persist into 2024.
|
Ransomware Prediction | ★★★ | |
|
2024-01-25 17:28:00 | Les gouvernements locaux du Colorado, de la Pennsylvanie et du Missouri traitant des ransomwares Local governments in Colorado, Pennsylvania and Missouri dealing with ransomware (lien direct) |
Plusieurs gouvernements locaux traitent des cyberattaques, notamment des incidents de ransomwares, cette semaine, provoquant des pannes et des problèmes pour les hôpitaux du comté, les bibliothèques et autres services locaux.Bucks County, Pennsylvanie - abritant près de 650 000 personnes - a déclaré mercredi qu'il était toujours aux prises avec un incident de cybersécurité qui avait éliminé les communications d'urgence \\ 'du département \\.
Multiple local governments are dealing with cyberattacks, including ransomware incidents, this week, causing outages and problems for county hospitals, libraries and other local services. Bucks County, Pennsylvania - home to nearly 650,000 people - said on Wednesday that it is still grappling with a cybersecurity incident that has knocked out the Emergency Communications\' Department\'s computer-aided |
Ransomware | ★★★ | |
|
2024-01-25 16:00:00 | Une autre variante de ransomware Phobos lance l'attaque & # 8211;Fauve Another Phobos Ransomware Variant Launches Attack – FAUST (lien direct) |
Fortiguard Labs dévoile une récente attaque de ransomware Faust, une variante de la famille Phobos quiexploite un document Office et se déploie sur les systèmes Windows.Apprendre encore plus.
Fortiguard Labs unveils a recent FAUST ransomware attack, a variant of the Phobos family that exploits an Office document and deploys on Windows systems. Learn more. |
Ransomware | ★★★ | |
 |
2024-01-25 13:44:28 | L'IA augmentera le nombre et l'impact des cyberattaques, disent les officiers Intel AI will increase the number and impact of cyber attacks, intel officers say (lien direct) |
Le ransomware est probablement le plus grand bénéficiaire au cours des 2 prochaines années, explique GCHQ de l'UK \\.
Ransomware is likely to be the biggest beneficiary in the next 2 years, UK\'s GCHQ says. |
Ransomware | ★★★ | |
|
2024-01-25 12:00:00 | Southern Water confirme la violation des données après les réclamations Black Basta Southern Water Confirms Data Breach Following Black Basta Claims (lien direct) |
Southern Water a confirmé qu'une violation de données s'est produite après que le groupe Black Basta Ransomware a prétendument publié des informations personnelles détenues par l'entreprise
Southern Water confirmed a data breach had occurred after the Black Basta ransomware group purportedly published personal information held by the firm |
Ransomware Data Breach | ★★★ | |
|
2024-01-25 11:00:00 | Le côté obscur de la cybersécurité 2023: évolution des logiciels malveillants et cyber-menaces The dark side of 2023 Cybersecurity: Malware evolution and Cyber threats (lien direct) |
In the ever-evolving cybersecurity landscape, 2023 witnessed a dramatic surge in the sophistication of cyber threats and malware. AT&T Cybersecurity Alien Labs reviewed the big events of 2023 and how malware morphed this year to try new ways to breach and wreak havoc. This year\'s events kept cybersecurity experts on their toes, from expanding malware variants to introducing new threat actors and attack techniques. Here are some of the most compelling developments, highlighting malware\'s evolving capabilities and the challenges defenders face. Highlights of the year: Emerging trends and notable incidents As the year unfolded, several trends and incidents left an indelible mark on the cybersecurity landscape: Exploiting OneNote for malicious payloads Cybercriminals leveraged Microsoft OneNote to deliver many malicious payloads to victims, including Redline, AgentTesla, Quasar RAT, and others. This previously underutilized Office program became a favored tool due to its low suspicion and widespread usage. SEO poisoning and Google Ads Malicious actors resorted to SEO poisoning tactics, deploying phishing links through Google Ads to deceive unsuspecting victims. These links led to cloned, benign web pages, avoiding Google\'s detection and remaining active for extended periods. Prominent malware families, including Raccoon Stealer and IcedID, capitalized on this strategy. Exploiting geopolitical events Cybercriminals exploited the geopolitical climate, particularly the Middle East conflict, as a lure for their attacks. This trend mirrored the previous year\'s Ukraine-related phishing campaigns and crypto scams. APTs: State-sponsored espionage continues to present challenges Advanced Persistent Threats (APTs) continued to pose a significant threat in 2023: Snake: CISA reported on the Snake APT, an advanced cyber-espionage tool associated with the Russian Federal Security Service (FSB). This malware had been in use for nearly two decades. Volt Typhoon: A campaign targeting critical infrastructure organizations in the United States was attributed to Volt Typhoon, a state-sponsored actor based in China. Their focus lay on espionage and information gathering. Storm-0558: This highly sophisticated intrusion campaign, orchestrated by the Storm-0558 APT from China, infiltrated the email accounts of approximately 25 organizations, including government agencies. Ransomware\'s relentless rise Ransomware remained a prevalent and lucrative threat throughout the year: Cuba and Snatch: Ransomware groups like Cuba and Snatch targeted critical infrastructure in the United States, causing concern for national security. ALPHV/BlackCat: Beyond SEO poisoning, this group compromised the computer systems of Caesar and MGM casinos. They also resorted to filing complaints with the US Securities and Exchange Commission (SEC) against their victims, applying additional pressure to pay ransoms. Exploiting new vulnerabilities: Cybercriminals wasted no time exploiting newly discovered vulnerabilities, such as CVE-2023-22518 in Atlassian\'s Confluence, CVE-2023-4966 (Citrix bleed), and others. These vulnerabilities became gateways for ransomware attacks. Evolving ransom | Ransomware Spam Malware Tool Vulnerability Threat Prediction | Guam | ★★★ |
 |
2024-01-25 10:45:00 | Analyse des ransomwares industriels de Dragos: Q4 2023 Dragos Industrial Ransomware Analysis: Q4 2023 (lien direct) |
> Alors que les efforts incessants de l'international ont entraîné des arrestations et le démantèlement des opérations de ransomware, la bataille contre les ransomwares ...
Le post Dragos Industrial Ransomware Analysis: Q4 2023 = "https://www.dragos.com"> dragos .
>While international law enforcement’s relentless efforts have resulted in arrests and the dismantling of ransomware operations, the battle against ransomware... The post Dragos Industrial Ransomware Analysis: Q4 2023 first appeared on Dragos. |
Ransomware Industrial | ★★★★ | |
 |
2024-01-25 09:50:55 | NCSC prévient que l'IA est déjà utilisée par les gangs de ransomware NCSC Warns That AI is Already Being Used by Ransomware Gangs (lien direct) |
Dans un rapport nouvellement publié, le National Cyber Security Center (NCSC) du Royaume-Uni a averti que les attaquants malveillants profitent déjà de l'intelligence artificielle et que le volume et l'impact des menaces - y compris le ransomware - augmenteront au cours des deux prochaines années.Le NCSC, qui fait partie de GCHQ - l'intelligence, la sécurité et la cyber-agence du Royaume-Uni, évalue que l'IA a permis aux pirates relativement non qualifiés de "effectuer des opérations d'accès et de collecte d'informations plus efficaces ... en abaissant la barrière de l'entréeaux cybercriminels novices, aux pirates-pour-location et aux hacktivistes. "Nous avons vu ...
In a newly published report , the UK\'s National Cyber Security Centre (NCSC) has warned that malicious attackers are already taking advantage of artificial intelligence and that the volume and impact of threats - including ransomware - will increase in the next two years. The NCSC , which is part of GCHQ - the UK\'s intelligence, security and cyber agency, assesses that AI has enabled relatively unskilled hackers to "carry out more effective access and information gathering operations... by lowering the barrier of entry to novice cybercriminals, hacker-for-hire and hacktivists." We\'ve seen... |
Ransomware | ★★★ |
To see everything:
Our RSS (filtrered)
