What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-18 16:47:00 | Récupérez des ransomwares en 5 minutes-nous vous apprendrez comment! Recover from Ransomware in 5 Minutes-We will Teach You How! (lien direct) |
RPO super bas avec protection continue des données: reposez-vous à quelques secondes avant une attaque
Zerto, une entreprise d'entreprise Hewlett Packard, peut vous aider à détecter et à vous remettre de ransomwares en temps réel.Cette solution exploite la protection des données continue (CDP) pour s'assurer que toutes les charges de travail ont l'objectif de point de récupération le plus bas (RPO) possible.La chose la plus précieuse à propos du CDP est qu'elle n'utilise pas
Super Low RPO with Continuous Data Protection:Dial Back to Just Seconds Before an Attack Zerto, a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use |
Ransomware | ★★ | |
 |
2024-04-18 16:39:02 | \\ 'grand volume \\' des données volées à l'agence des Nations Unies après une attaque de ransomware \\'Large volume\\' of data stolen from UN agency after ransomware attack (lien direct) |
> L'attaque n'est que la dernière d'une chaîne ciblant le corps multilatéral ces dernières années.
>The attack is just the latest in a string targeting the multilateral body in recent years. |
Ransomware | ★★ | |
 |
2024-04-18 14:21:42 | Agence des Nations Unies enquêtant sur une attaque de ransomware impliquant un vol de données United Nations Agency Investigating Ransomware Attack Involving Data Theft (lien direct) |
> Programme des Nations Unies (PNUD) Enquêtant sur une attaque de ransomware dans laquelle les pirates ont volé des données sensibles.
>United Nations Development Programme (UNDP) investigating a ransomware attack in which hackers stole sensitive data. |
Ransomware | ★★★ | |
 |
2024-04-18 14:11:29 | FBI: Akira Ransomware a récolté 42 millions de dollars de plus de 250 victimes FBI: Akira ransomware raked in $42 million from 250+ victims (lien direct) |
Selon un avis conjoint du FBI, de la CISA, du centre de cybercriminalité européen d'Europol (EC3) et du National Cyber Security Center (NCSC-NL), l'opération Ransomware Akira a violé les réseaux de plus de 250les organisations et ont ratissé environ 42 millions de dollars en paiements de rançon.[...]
According to a joint advisory from the FBI, CISA, Europol\'s European Cybercrime Centre (EC3), and the Netherlands\' National Cyber Security Centre (NCSC-NL), the Akira ransomware operation has breached the networks of over 250 organizations and raked in roughly $42 million in ransom payments. [...] |
Ransomware | ★★★★ | |
|
2024-04-18 11:30:39 | 180k touchés par la violation de données à l'organisation de la santé du Michigan 180k Impacted by Data Breach at Michigan Healthcare Organization (lien direct) |
> Cherry Health indique que les informations personnelles de plus de 180 000 personnes ont été volées dans une attaque de ransomware.
>Cherry Health says the personal information of over 180,000 individuals was stolen in a ransomware attack. |
Ransomware Data Breach Medical | ★★★ | |
 |
2024-04-18 09:27:16 | CVSS score 10! Atlassian Confluence Linux instances targeted with Cerber ransomware (lien direct) | CVSS score 10! Atlassian Confluence Linux instances targeted with Cerber ransomware by Sylvain Cortes, VP Strategy, Hackuity - Security Vulnerability | Ransomware | ★★ | |
 |
2024-04-17 19:17:10 | \\ 'brut \\' outils de ransomware proliférant sur le Web sombre pour pas cher, les chercheurs trouvent \\'Crude\\' ransomware tools proliferating on the dark web for cheap, researchers find (lien direct) |
CVSS score 10! Atlassian Confluence Linux instances targeted with Cerber ransomware by Sylvain Cortes, VP Strategy, Hackuity - Security Vulnerability | Ransomware Tool | ★★ | |
|
2024-04-17 17:17:53 | L'agence des Nations Unies affirme que les données ont été volées dans l'attaque des ransomwares UN agency says data stolen in ransomware attack (lien direct) |
CVSS score 10! Atlassian Confluence Linux instances targeted with Cerber ransomware by Sylvain Cortes, VP Strategy, Hackuity - Security Vulnerability | Ransomware | ★★ | |
 |
2024-04-17 17:00:47 | La menace évolutive des ransomwares - un appel à l'action pour la cybersécurité The Evolving Threat of Ransomware - A Call to Action for Cybersecurity (lien direct) |
> Témoignage devant le sous-comité des services financiers de la Chambre sur la sécurité nationale, la finance illicite et les institutions financières internationales sur les ransomwares.
>Testifying before the House Financial Services Subcommittee on National Security, Illicit Finance and International Financial Institutions on ransomware. |
Ransomware Threat | ★★ | |
|
2024-04-17 16:27:00 | Flaw atlassien critique exploité pour déployer la variante Linux de Cerber Ransomware Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (lien direct) |
Les acteurs de la menace exploitent les serveurs Atlassian non corrigés pour déployer une variante Linux du ransomware Cerber (AKA C3RB3R).
Les attaques Levier et NBSP; CVE-2023-22518 & NBSP; (Score CVSS: 9.1), une vulnérabilité de sécurité critique ayant un impact sur le centre de données de Confluence Atlassian qui permet un attaquant non authentifié pour réinitialiser la confluence et créer un compte administrateur.
Armé de cet accès, un
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account. Armed with this access, a |
Ransomware Vulnerability Threat | ★★ | |
|
2024-04-17 16:21:42 | L'Organisation des soins de santé du Michigan affirme que le ransomware a violé les données de 185 000 Michigan healthcare organization says ransomware breached data of 185,000 (lien direct) |
Les acteurs de la menace exploitent les serveurs Atlassian non corrigés pour déployer une variante Linux du ransomware Cerber (AKA C3RB3R).
Les attaques Levier et NBSP; CVE-2023-22518 & NBSP; (Score CVSS: 9.1), une vulnérabilité de sécurité critique ayant un impact sur le centre de données de Confluence Atlassian qui permet un attaquant non authentifié pour réinitialiser la confluence et créer un compte administrateur.
Armé de cet accès, un
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account. Armed with this access, a |
Ransomware Medical | ★★ | |
 |
2024-04-17 16:00:00 | Variante de ransomware Linux Cerber Exploite les serveurs atlassiens Linux Cerber Ransomware Variant Exploits Atlassian Servers (lien direct) |
Les attaques exploitent CVE-2023-22518, une faille critique dans le centre de données et le serveur Atlassian Confluence
The attacks exploit CVE-2023-22518, a critical flaw in Atlassian Confluence Data Center and Server |
Ransomware Threat | ★★ | |
|
2024-04-17 11:52:40 | Cerber ransomware hits Confluence: Cado Security dissects the three heads (lien direct) | Cerber Ransomware frappe Confluence: Cado Security dissèque les trois têtes
-
mise à jour malveillant
Cerber ransomware hits Confluence: Cado Security dissects the three heads - Malware Update |
Ransomware | ★★ | |
|
2024-04-17 08:21:29 | Tendances mondiales de la cybersécurité au 1er trimestre 2024 : les cyberattaques en hausse de 28 % dans le monde (lien direct) | Tendances mondiales de la cybersécurité au 1er trimestre 2024 : les cyberattaques en hausse de 28 % dans le monde Une recrudescence des cyberattaques : au premier trimestre 2024, le nombre moyen de cyberattaques par entreprise a augmenté de 28 % par rapport à fin 2023, avec toutefois une hausse de 5 % au premier trimestre en glissement annuel La priorité aux attaques de l'industrie : les fabricants de matériel informatique ont vu une augmentation substantielle de 37 % des cyberattaques par rapport à l'année précédente, mais les secteurs de l'éducation/recherche, du gouvernement/militaire et de la santé restent les secteurs les plus attaqués au 1er trimestre 2024 Des variations régionales contrastées : la région de l'Afrique a enregistré une hausse notable de 20 % des cyberattaques contrairement à l'Amérique latine, qui a de son côté fait état d'une baisse de 20 % par rapport à l'année précédente Les ransomwares continuent de faire des ravages : en Europe, les attaques de ransomware ont augmenté de 64 % par rapport à l'année précédente, suivies par l'Afrique avec une hausse de 18 % même si l'Amérique du Nord reste la région la plus touchée, avec 59 % des près de 1 000 attaques de ransomware enregistrées sur des " shame sites " du ransomware - Malwares | Ransomware Studies | ★★★ | |
|
2024-04-16 21:12:45 | L'ancien responsable du cyber house blanc dit que l'interdiction de paiement des ransomwares Ex-White House cyber official says ransomware payment ban is a ways off (lien direct) |
> Kemba Walden, l'ancien directeur national du cyber, a déclaré qu'une interdiction de paiement de rançon est l'objectif ultime.
>Kemba Walden, the former acting national cyber director, said that a ransom payment ban is the ultimate goal. |
Ransomware | ★★ | |
|
2024-04-16 20:45:38 | Le corps de la pêche de l'Atlantique confirme le cyber-incident après une infraction au gang ransomware de 8 basses Atlantic fisheries body confirms cyber incident after 8Base ransomware gang claims breach (lien direct) |
> Kemba Walden, l'ancien directeur national du cyber, a déclaré qu'une interdiction de paiement de rançon est l'objectif ultime.
>Kemba Walden, the former acting national cyber director, said that a ransom payment ban is the ultimate goal. |
Ransomware | ★★ | |
|
2024-04-16 20:18:19 | Le Congrès se répercute contre UnitedHealth Group après une attaque de ransomware Congress rails against UnitedHealth Group after ransomware attack (lien direct) |
> Les législateurs de la Chambre soutiennent que la consolidation croissante dans le secteur des soins de santé a créé des vulnérabilités aux cyberattaques.
>House lawmakers argue that growing consolidation in the health care sector has created vulnerabilities to cyberattacks. |
Ransomware Vulnerability | ★★ | |
|
2024-04-16 19:33:34 | Le secteur de l'alimentation et de l'agriculture a frappé avec plus de 160 attaques de ransomwares l'année dernière Food and agriculture sector hit with more than 160 ransomware attacks last year (lien direct) |
> Les législateurs de la Chambre soutiennent que la consolidation croissante dans le secteur des soins de santé a créé des vulnérabilités aux cyberattaques.
>House lawmakers argue that growing consolidation in the health care sector has created vulnerabilities to cyberattacks. |
Ransomware | ★★★ | |
 |
2024-04-16 19:09:01 | Changer le nouveau Ransomware Nightmare de Healthcare \\ va de mal en pis Change Healthcare\\'s New Ransomware Nightmare Goes From Bad to Worse (lien direct) |
Un gang cybercriminal appelé RansomHub prétend vendre des informations très sensibles sur les patients de Change Healthcare à la suite d'une attaque de ransomware par un autre groupe en février.
A cybercriminal gang called RansomHub claims to be selling highly sensitive patient information stolen from Change Healthcare following a ransomware attack by another group in February. |
Ransomware Medical | ★★ | |
 |
2024-04-16 18:00:00 | Couverture des menaces de netskope: ransomware de fourmis maléfique Netskope Threat Coverage: Evil Ant Ransomware (lien direct) |
> Résumé Netskope Threat Labs a récemment analysé une nouvelle souche de ransomware nommée Evil Ant.Evil Ant Ransomware est un logiciel malveillant basé sur Python compilé à l'aide de Pyinstaller qui cherche à crypter tous les fichiers stockés sur les dossiers personnels et les lecteurs externes de la victime.Cette souche de ransomware nécessite la continuité du traitement du chiffrement jusqu'à la récupération du fichier.Redémarrer, fermer ou mettre fin au [& # 8230;]
>Summary Netskope Threat Labs recently analyzed a new ransomware strain named Evil Ant. Evil Ant ransomware is a Python-based malware compiled using PyInstaller that looks to encrypt all files stored on the victim’s personal folders and external drives. This ransomware strain requires process continuity from encryption until file recovery. Rebooting, shutting down, or ending the […] |
Ransomware Malware Threat | ★★ | |
|
2024-04-16 15:45:34 | Ransomware Attack a coûté à UnitedHealth 872 millions de dollars;Total s'attendait à dépasser 1 milliard de dollars Ransomware attack has cost UnitedHealth $872 million; total expected to surpass $1 billion (lien direct) |
> Résumé Netskope Threat Labs a récemment analysé une nouvelle souche de ransomware nommée Evil Ant.Evil Ant Ransomware est un logiciel malveillant basé sur Python compilé à l'aide de Pyinstaller qui cherche à crypter tous les fichiers stockés sur les dossiers personnels et les lecteurs externes de la victime.Cette souche de ransomware nécessite la continuité du traitement du chiffrement jusqu'à la récupération du fichier.Redémarrer, fermer ou mettre fin au [& # 8230;]
>Summary Netskope Threat Labs recently analyzed a new ransomware strain named Evil Ant. Evil Ant ransomware is a Python-based malware compiled using PyInstaller that looks to encrypt all files stored on the victim’s personal folders and external drives. This ransomware strain requires process continuity from encryption until file recovery. Rebooting, shutting down, or ending the […] |
Ransomware | ★★ | |
 |
2024-04-16 12:59:00 | Changer les soins de santé \\'s Ransomware coûte que les coûts de 1 milliard de dollars jusqu'à présent Change Healthcare\\'s ransomware attack costs edge toward $1B so far (lien direct) |
Le premier aperçu de l'attaque Financials révèle d'énormes douleurs UnitedHealth, société mère de Ransomware-Beeged Change Healthcare, indique que les coûts totaux de la tenue de la cyberattaque de février pour le premier trimestre civil de 2024 se situe actuellement à 872 $ à 872 $.millions.… | Ransomware Medical | ★★ | |
|
2024-04-16 10:53:04 | Omni Hotels dit des informations personnelles volées dans une attaque de ransomware Omni Hotels Says Personal Information Stolen in Ransomware Attack (lien direct) |
> Omni Hotels affirme que les informations sur les clients ont été compromises dans une cyberattaque affirmée par le groupe de ransomware de l'équipe de Daixin.
>Omni Hotels says customer information was compromised in a cyberattack claimed by the Daixin Team ransomware group. |
Ransomware | ★★ | |
|
2024-04-16 10:24:54 | UnitedHealth: Change Healthcare Cyberattack a provoqué une perte de 872 millions de dollars UnitedHealth: Change Healthcare cyberattack caused $872 million loss (lien direct) |
UnitedHealth Group a déclaré un impact de 872 millions de dollars sur ses bénéfices du premier trimestre en raison de l'attaque des ransomwares perturbant le système de santé américain depuis février.[...]
UnitedHealth Group reported an $872 million impact on its Q1 earnings due to the ransomware attack disrupting the U.S. healthcare system since February. [...] |
Ransomware Medical | ★★★ | |
 |
2024-04-15 20:47:50 | Crowdstrike Falcon Next-Gen SIEM dévoile une détection avancée de ransomware ciblant les environnements VMware ESXi CrowdStrike Falcon Next-Gen SIEM Unveils Advanced Detection of Ransomware Targeting VMware ESXi Environments (lien direct) |
Crowdsstrike Falcon & Reg;La nouvelle génération SIEM permet aux entreprises de rechercher, d'enquêter et de chasser les menaces, y compris la détection de ransomware avancés ciblant VMware ESXi l'accès initial à l'infrastructure ESXi est généralement acquis par un mouvement latéral en utilisant des informations d'identification valides cibler et déploier des ransomwares dans les environnements ESXI pour augmenter leImpact et échelle de leurs attaques, qui [& # 8230;]
CrowdStrike Falcon® Next-Gen SIEM enables companies to search, investigate and hunt down threats, including detection of advanced ransomware targeting VMware ESXi Initial access to the ESXi infrastructure1 is typically gained through lateral movement using valid credentials eCrime actors target and deploy ransomware in ESXi environments to increase the impact and scale of their attacks, which […] |
Ransomware | ★★★ | |
 |
2024-04-15 15:15:00 | Faits saillants hebdomadaires, 15 avril 2024 Weekly OSINT Highlights, 15 April 2024 (lien direct) |
## Snapshot Last week\'s OSINT reporting reveals a landscape of diverse cyber threats characterized by sophisticated attack tactics and adaptable threat actors. One key trend was the increasing use of artificial intelligence (AI) by cybercriminals, including AI-powered malvertising on social media platforms and suspected LLM-generated content in a malware campaign targeting German organizations. Additionally, several OSINT articles reported on the trend of exploiting popular platforms like YouTube and GitHub to distribute malware. Threat actors demonstrate a keen understanding of user behavior, leveraging enticing content and fake webpages to lure victims into downloading malicious payloads, highlighting the importance of proactive defense strategies to mitigate evolving threats effectively. ## Description 1. **[German Organizations Targeted with Rhadamanthys Malware](https://security.microsoft.com/intel-explorer/articles/119bde85):** Proofpoint identifies TA547 launching an email campaign targeting German organizations with Rhadamanthys malware, representing a shift in techniques for the threat actor. The campaign involves impersonating a German retail company in emails containing password-protected ZIP files containing LNK files triggering PowerShell scripts to load Rhadamanthys into memory, bypassing disk writing. The incorporation of suspected LLM-generated content into the attack chain provides insight into how threat actors are leveraging LLM-generated content in malware campaigns. 2. **[Russian-Language Cybercrime Operation Leveraging Fake Web3 Gaming Projects](https://security.microsoft.com/intel-explorer/articles/0cdc08b5):** The Insikt Group uncovers a large-scale Russian-language cybercrime operation distributing infostealer malware through fake Web3 gaming projects targeting both macOS and Windows users. Threat actors entice users with the potential for cryptocurrency earnings, distributing malware like Atomic macOS Stealer (AMOS), Stealc, Rhadamanthys, or RisePro upon visiting imitation Web3 gaming projects\' webpages. 3. **[AI-Powered Malvertising Campaigns on Social Media](https://security.microsoft.com/intel-explorer/articles/1e1b0868):** Bitdefender discusses the use of artificial intelligence (AI) by cybercriminals in malvertising campaigns on social media platforms, impersonating popular AI software to distribute stealers like Rilide, Vidar, IceRAT, and Nova Stealer. These campaigns target European users through fake AI software webpages on Facebook, organized by taking over existing accounts and boosting page popularity through engaging content. 4. **[Exploitation of YouTube Channels for Infostealer Distribution](https://security.microsoft.com/intel-explorer/articles/e9f5e219):** AhnLab identifies a trend where threat actors exploit YouTube channels to distribute Infostealers like Vidar and LummaC2, disguising them as cracked versions of legitimate software. Attackers hijack popular channels with hundreds of thousands of subscribers, distributing malicious links through video descriptions and comments, highlighting concerns about the potential reach and impact of distributed malware. 5. **[VenomRAT Distribution via Phishing Email with Malicious SVG Files](https://security.microsoft.com/intel-explorer/articles/98d69c76):** FortiGuard Labs reveals a threat actor distributing VenomRAT and other plugins through phishing emails containing malicious Scalable Vector Graphics (SVG) files. The email attachment downloads a ZIP file containing an obfuscated Batch file, subsequently loading VenomRAT using ScrubCrypt to maintain a connection with a command and control (C2) server and install plugins on victims\' environments. 6. **[Malware Distribution through GitHub Repositories Manipulation](https://security.microsoft.com/intel-explorer/articles/4d0ffb2c):** Checkmarx reports a cybercriminal attack campaign manipulating GitHub\'s search functionality to distribute malware through repositories. Attackers create repositories with popular names and topics, hiding malicious code withi | Ransomware Spam Malware Tool Threat Prediction | ★★ | |
|
2024-04-15 12:35:00 | Chipmaker Giant Nexperia confirme la cyberattaque au milieu des réclamations du groupe ransomware Chipmaker Giant Nexperia Confirms Cyber-Attack Amid Ransomware Group Claims (lien direct) |
Nexperia a confirmé que ses serveurs informatiques étaient accessibles par les attaquants, le groupe Ransomware Dunghill prétendant avoir volé des conceptions de puces et d'autres documents sensibles
Nexperia confirmed its IT servers were accessed by attackers, with the Dunghill ransomware group claiming to have stolen chip designs and other sensitive documents |
Ransomware | ★★ | |
|
2024-04-15 12:18:08 | La société de semi-conducteurs appartenant à des Chinois Nexperia a frappé par une attaque de ransomware Chinese-owned semiconductor company Nexperia hit by ransomware attack (lien direct) |
Nexperia a confirmé que ses serveurs informatiques étaient accessibles par les attaquants, le groupe Ransomware Dunghill prétendant avoir volé des conceptions de puces et d'autres documents sensibles
Nexperia confirmed its IT servers were accessed by attackers, with the Dunghill ransomware group claiming to have stolen chip designs and other sensitive documents |
Ransomware | ★★ | |
|
2024-04-15 12:00:01 | Chipmaker Nexperia confirme la violation après la fuite de gangs de ransomware qui divulgue Chipmaker Nexperia confirms breach after ransomware gang leaks data (lien direct) |
Le fabricant de puces néerlandais Nexperia a confirmé à la fin de la semaine dernière que les pirates ont violé son réseau en mars 2024 après qu'un gang de ransomware ait divulgué des échantillons de données prétendument volées.[...]
Dutch chipmaker Nexperia confirmed late last week that hackers breached its network in March 2024 after a ransomware gang leaked samples of allegedly stolen data. [...] |
Ransomware | ★★ | |
 |
2024-04-15 11:16:11 | 15 avril & # 8211;Rapport de renseignement sur les menaces 15th April – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyberLes principales attaques et violation du géant de l'optique japonaise Hoya Corporation ont été victimes d'une attaque de ransomware qui a eu un impact sur sa principale infrastructure informatique et diverses divisions commerciales.Hunters International Ransomware Gang a revendiqué la responsabilité de l'attaque et [& # 8230;]
>For the latest discoveries in cyber research for the week of 15th April, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Japanese optics giant Hoya Corporation has been a victim of a ransomware attack that impacted its major IT infrastructure and various business divisions. Hunters International ransomware gang claimed responsibility for the attack and […] |
Ransomware Threat | ★★ | |
|
2024-04-15 11:01:54 | Daixin Ransomware Gang affirme une attaque sur les hôtels Omni Daixin ransomware gang claims attack on Omni Hotels (lien direct) |
Le gang de ransomware de l'équipe de Daixin a revendiqué une récente cyberattaque sur Omni Hotels & Resorts et menace désormais de publier des clients sensibles si une rançon n'est pas payée.[...]
The Daixin Team ransomware gang claimed a recent cyberattack on Omni Hotels & Resorts and is now threatening to publish customers\' sensitive information if a ransom is not paid. [...] |
Ransomware | ★★ | |
 |
2024-04-15 10:00:28 | Utilisation du constructeur de verrouillage pour générer des ransomwares ciblés Using the LockBit builder to generate targeted ransomware (lien direct) |
Les chercheurs de Kaspersky revisitent le constructeur Lockbit 3.0 divulgué et partagent des informations sur un incident réel impliquant une variante de ransomware ciblée personnalisée créée avec ce constructeur.
Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder. |
Ransomware | ★★ | |
|
2024-04-13 10:30:00 | Roku Breach frappe 567 000 utilisateurs Roku Breach Hits 567,000 Users (lien direct) |
Plus: Apple prévient les utilisateurs d'iPhone des attaques de logiciels espions, la CISA émet une directive d'urgence sur une violation de Microsoft et un pirate de ransomware enchevêtrement avec un gestionnaire de RH non impressionné nommé Beth.
Plus: Apple warns iPhone users about spyware attacks, CISA issues an emergency directive about a Microsoft breach, and a ransomware hacker tangles with an unimpressed HR manager named Beth. |
Ransomware Mobile | ★★ | |
 |
2024-04-12 15:44:26 | Étude Sophos: 94% des victimes de ransomwares ont leurs sauvegardes ciblées par les attaquants Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted By Attackers (lien direct) |
La recherche a révélé que les criminels peuvent exiger une rançon plus élevée lorsqu'ils compromettent les données de sauvegarde d'une organisation dans une attaque de ransomware.Découvrez les conseils d'experts en sécurité sur la façon de protéger correctement votre sauvegarde.
Research has found that criminals can demand higher ransom when they compromise an organisation\'s backup data in a ransomware attack. Discover advice from security experts on how to properly protect your backup. |
Ransomware Studies | ★★★ | |
|
2024-04-11 14:15:24 | Le géant de l'optique Hoya a frappé avec une demande de ransomware de 10 millions de dollars Optics giant Hoya hit with $10 million ransomware demand (lien direct) |
Une récente cyberattaque sur Hoya Corporation a été réalisée par l'opération de ransomware \\ 'Hunters International \', qui exigeait une rançon de 10 millions de dollars pour un décrypteur de dossier et de ne pas publier des fichiers volés pendant l'attaque.[...]
A recent cyberattack on Hoya Corporation was conducted by the \'Hunters International\' ransomware operation, which demanded a $10 million ransom for a file decryptor and not to release files stolen during the attack. [...] |
Ransomware | ★★★ | |
 |
2024-04-11 13:00:00 | Les paiements de ransomwares atteignent un haut tous les temps, mais ce n'est pas toute l'histoire Ransomware payouts hit all-time high, but that\\'s not the whole story (lien direct) |
> Les paiements de ransomwares ont atteint un sommet de 1,1 milliard de dollars en 2023, après une forte baisse du total des paiements en 2022. Certains facteurs qui peuvent avoir contribué à la baisse en 2022 étaient le conflit ukrainautorités judiciaires.En 2023, cependant, les paiements de ransomwares sont revenus à [& # 8230;]
>Ransomware payments hit an all-time high of $1.1 billion in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities. In 2023, however, ransomware payouts came roaring back to […] |
Ransomware | ★★ | |
 |
2024-04-11 10:00:55 | Dragonforce Ransomware - ce que vous devez savoir DragonForce Ransomware - What You Need To Know (lien direct) |
Que se passe-t-il?Une souche relativement nouvelle de ransomwares appelée DragonForce a fait la une des journaux après une série d'attaques de haut niveau.Comme de nombreux autres groupes de ransomwares, Dragonforce tente d'extorquer de l'argent de ses victimes de deux manières - verrouiller les entreprises de leurs ordinateurs et de leurs données par le cryptage, et exfiltrant les données de systèmes compromis avec la menace de le libérer à d'autres via le Web Dark.Jusqu'à présent, si normal.Comment Dragonforce est-il arrivé à l'importance?La première attaque de ransomware connue de DragonForce était contre la loterie de l'Ohio.Dans ce cas, Dragonforce s'est vanté qu'il avait ...
What\'s going on? A relatively new strain of ransomware called DragonForce has making the headlines after a series of high-profile attacks. Like many other ransomware groups, DragonForce attempts to extort money from its victims in two ways - locking companies out of their computers and data through encryption, and exfiltrating data from compromised systems with the threat of releasing it to others via the dark web. So far, so normal. How did DragonForce come to prominence? DragonForce\'s earliest known ransomware attack was against the Ohio Lottery . In that case, DragonForce boasted it had... |
Ransomware Threat | ★★ | |
 |
2024-04-11 06:23:43 | FAQS de l'état de l'État 2024 du rapport Phish, partie 1: Le paysage des menaces FAQs from the 2024 State of the Phish Report, Part 1: The Threat Landscape (lien direct) |
In this two-part blog series, we will address many of the frequently asked questions submitted by attendees. In our first installment, we address questions related to the threat landscape. Understanding the threat landscape is paramount in crafting a human-centric security strategy. That\'s the goal behind our 10th annual State of the Phish report. When you know what threats are out there and how people are interacting with them, you can create a modern cybersecurity strategy that puts the complexity of human behavior and interaction at the forefront. Our report was launched a month ago. Since then, we\'ve followed up with a few webinars to discuss key findings from the report, including: Threat landscape findings: Over 1 million phishing threats involved EvilProxy, which bypasses multifactor authentication (MFA). Yet, 89% of security pros still believe that MFA provides complete protection against account takeover. BEC threat actors benefit from generative AI. Proofpoint detected and stopped over 66 million targeted business email compromise (BEC) attacks per month on average in 2023. User behavior and attitude findings: 71% of surveyed users took at least one risky action, and 96% of them knew that those actions were associated with risk. 58% of those risky actions were related to social engineering tactics. 85% of security pros believed that most employees know they are responsible for security. Yet nearly 60% of employees either weren\'t sure or disagreed. These findings inspired hundreds of questions from audiences across the world. What follows are some of the questions that repeatedly came up. Frequently asked questions What are the definitions of BEC and TOAD? Business email compromise (BEC) essentially means fraud perpetrated through email. It can take many forms, such as advance fee fraud, payroll redirection, fraudulent invoicing or even extortion. BEC typically involves a deception, such as the spoofing of a trusted third party\'s domain or the impersonation of an executive (or literally anyone the recipient trusts). BEC is hard to detect because it is generally pure social engineering. In other words, there is often no credential harvesting portal or malicious payload involved. Threat actors most often use benign conversation to engage the victim. Once the victim is hooked, attackers then convince that person to act in favor of them, such as wiring money to a specified account. Similarly, telephone-oriented attack delivery (TOAD) attacks also use benign conversations. But, in this case, a threat actor\'s goal is to motivate the victim to make a phone call. From there, they will walk their target through a set of steps, which usually involve tricking the victim into giving up their credentials or installing a piece of malware on their computer. TOAD attacks have been associated with high-profile malware families known to lead to ransomware, as well as with a wide variety of remote access tools like AnyDesk that provide the threat actors direct access to victims\' machines. The end goal might still be fraud; for example, there have been cases where payment was solicited for “IT services” or software (Norton LifeLock). But the key differentiator for TOAD, compared with BEC, is the pivot out of the email space to a phone call., is the pivot out of the email space to the phone. What is the difference between TOAD and vishing? TOAD often starts with an email and requires victims to call the fraudulent number within that email. Vishing, on the other hand, generally refers to fraudulent solicitation of personally identifiable information (PII) and may or may not involve email (it could result from a direct call). Some TOAD attempts may fall into this category, but most perpetrators focus on getting software installed on a victim\'s machine. How do you see artificial intelligence (AI) affecting phishing? What are security best practices to help defend against these novel phishing attacks? AI allows threat actors to tighten up grammatical and s | Ransomware Malware Tool Threat Cloud Technical | ★★★ | |
|
2024-04-10 20:26:45 | Les universités du Nouveau-Mexique, l'Oklahoma répondent aux attaques de ransomwares Universities in New Mexico, Oklahoma respond to ransomware attacks (lien direct) |
In this two-part blog series, we will address many of the frequently asked questions submitted by attendees. In our first installment, we address questions related to the threat landscape. Understanding the threat landscape is paramount in crafting a human-centric security strategy. That\'s the goal behind our 10th annual State of the Phish report. When you know what threats are out there and how people are interacting with them, you can create a modern cybersecurity strategy that puts the complexity of human behavior and interaction at the forefront. Our report was launched a month ago. Since then, we\'ve followed up with a few webinars to discuss key findings from the report, including: Threat landscape findings: Over 1 million phishing threats involved EvilProxy, which bypasses multifactor authentication (MFA). Yet, 89% of security pros still believe that MFA provides complete protection against account takeover. BEC threat actors benefit from generative AI. Proofpoint detected and stopped over 66 million targeted business email compromise (BEC) attacks per month on average in 2023. User behavior and attitude findings: 71% of surveyed users took at least one risky action, and 96% of them knew that those actions were associated with risk. 58% of those risky actions were related to social engineering tactics. 85% of security pros believed that most employees know they are responsible for security. Yet nearly 60% of employees either weren\'t sure or disagreed. These findings inspired hundreds of questions from audiences across the world. What follows are some of the questions that repeatedly came up. Frequently asked questions What are the definitions of BEC and TOAD? Business email compromise (BEC) essentially means fraud perpetrated through email. It can take many forms, such as advance fee fraud, payroll redirection, fraudulent invoicing or even extortion. BEC typically involves a deception, such as the spoofing of a trusted third party\'s domain or the impersonation of an executive (or literally anyone the recipient trusts). BEC is hard to detect because it is generally pure social engineering. In other words, there is often no credential harvesting portal or malicious payload involved. Threat actors most often use benign conversation to engage the victim. Once the victim is hooked, attackers then convince that person to act in favor of them, such as wiring money to a specified account. Similarly, telephone-oriented attack delivery (TOAD) attacks also use benign conversations. But, in this case, a threat actor\'s goal is to motivate the victim to make a phone call. From there, they will walk their target through a set of steps, which usually involve tricking the victim into giving up their credentials or installing a piece of malware on their computer. TOAD attacks have been associated with high-profile malware families known to lead to ransomware, as well as with a wide variety of remote access tools like AnyDesk that provide the threat actors direct access to victims\' machines. The end goal might still be fraud; for example, there have been cases where payment was solicited for “IT services” or software (Norton LifeLock). But the key differentiator for TOAD, compared with BEC, is the pivot out of the email space to a phone call., is the pivot out of the email space to the phone. What is the difference between TOAD and vishing? TOAD often starts with an email and requires victims to call the fraudulent number within that email. Vishing, on the other hand, generally refers to fraudulent solicitation of personally identifiable information (PII) and may or may not involve email (it could result from a direct call). Some TOAD attempts may fall into this category, but most perpetrators focus on getting software installed on a victim\'s machine. How do you see artificial intelligence (AI) affecting phishing? What are security best practices to help defend against these novel phishing attacks? AI allows threat actors to tighten up grammatical and s | Ransomware | ★★ | |
 |
2024-04-10 17:42:30 | Le gang de Medusa frappe à nouveau, frappe près de 300 propriétaires de Fort Worth Medusa Gang Strikes Again, Hits Nearly 300 Fort Worth Property Owners (lien direct) |
Bien qu'une agence municipale assure au public que peu de gens sont touchés, des centaines ont leurs données rançonnées pour 100 000 $ par le gang de ransomware.
Though a municipal agency assures the public that few are affected, hundreds have their data held ransom for $100,000 by the ransomware gang. |
Ransomware | ★★★ | |
|
2024-04-10 15:00:12 | Après avoir échoué une attaque de ransomware, les pirates ont volé des données sur 533k de personnes de la Wisconsin Insurance Company After failed ransomware attack, hackers stole data on 533k people from Wisconsin insurance company (lien direct) |
L'une des plus grandes compagnies d'assurance maladie du Wisconsin a déclaré que les pirates qui avaient lancé une attaque de ransomware défaillante étaient toujours en mesure de voler des trox d'informations sensibles sur plus d'un demi-million de personnes.Dans des avis sur son site Web et avec les régulateurs, Group Health Cooperative du South Central Wisconsin (GHC-SCW) a déclaré que son équipe informatique a découvert
One of the largest health insurance companies in Wisconsin said hackers that launched a failed ransomware attack were still able to steal troves of sensitive information on more than half a million people. In notices on its website and with regulators, Group Health Cooperative of South Central Wisconsin (GHC-SCW) said its IT team discovered |
Ransomware Data Breach | ★★ | |
|
2024-04-10 13:00:24 | Changements de paysages d'attaque et de secteurs au T1 2024 avec une augmentation de 28% des cyberattaques à l'échelle mondiale Shifting Attack Landscapes and Sectors in Q1 2024 with a 28% increase in cyber attacks globally (lien direct) |
> Augmentation récurrente des cyberattaques: le premier trimestre 2024 a connu une augmentation marquée de 28% du nombre moyen de cyberattaques par organisation à partir du dernier trimestre de 2023, bien qu'une augmentation de 5% de la fonction d'attaques soutenues par l'industrie soutenue: le fournisseur de matérielL'industrie a connu une augmentation substantielle de 37% de cyberattaques en glissement annuel, alors que le secteur de l'éducation / de la recherche, du gouvernement / militaire et de la santé a maintenu ses pistes en tant que secteurs les plus attaqués du premier trimestre 2024, contrastant les variances régionales: la région de l'Afrique a connu une augmentation notable de 20% dansLes cyberattaques, par opposition à l'Amérique latine, qui ont signalé une diminution de 20% des ransomwares en YOY continue de monter: l'Europe [& # 8230;]
>Recurring increase in cyber attacks: Q1 2024 saw a marked 28% increase in the average number of cyber attacks per organization from the last quarter of 2023, though a 5% increase in Q1 YoY Sustained Industry Attacks focus: The Hardware Vendor industry saw a substantial rise of 37% cyber attacks YoY, as the Education/Research, Government/Military and Healthcare sector maintained their leads as the most heavily attacked sectors in Q1 2024 Contrasting Regional Variances: The Africa region saw a notable 20% increase in cyber attacks, as opposed to Latin America, which reported a 20% decrease YoY Ransomware continues to surge: Europe […] |
Ransomware Medical | ★★★ | |
|
2024-04-10 11:23:55 | (Déjà vu) March 2024\'s Most Wanted Malware: Hackers Discover New Infection Chain Method to Deliver Remcos (lien direct) | mars 2024 \\ est le malware le plus recherché: les pirates découvrent une nouvelle méthode de chaîne d'infection pour livrer des remcos
Les chercheurs ont découvert une nouvelle méthode de déploiement des remcos de Troie (rat) d'accès à distance, contournant les mesures de sécurité communes pour obtenir un accès non autorisé aux victimes \\ '.Pendant ce temps, Blackbasta est entré dans les trois premiers des groupes de ransomwares les plus recherchés et les communications ont sauté à la troisième place dans les industries les plus exploitées
-
mise à jour malveillant
March 2024\'s Most Wanted Malware: Hackers Discover New Infection Chain Method to Deliver Remcos Researchers have discovered a new method of deploying the Remote Access Trojan (RAT) Remcos, bypassing common security measures to gain unauthorised access to victims\' devices. Meanwhile, Blackbasta entered the top three of the most wanted ransomware groups and Communications jumped into third place in the most exploited industries - Malware Update |
Ransomware Malware | ★★ | |
 |
2024-04-10 10:00:00 | Les risques de sécurité du chat Microsoft Bing AI pour le moment The Security Risks of Microsoft Bing AI Chat at this Time (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. AI has long since been an intriguing topic for every tech-savvy person, and the concept of AI chatbots is not entirely new. In 2023, AI chatbots will be all the world can talk about, especially after the release of ChatGPT by OpenAI. Still, there was a past when AI chatbots, specifically Bing’s AI chatbot, Sydney, managed to wreak havoc over the internet and had to be forcefully shut down. Now, in 2023, with the world relatively more technologically advanced, AI chatbots have appeared with more gist and fervor. Almost every tech giant is on its way to producing large Language Model chatbots like chatGPT, with Google successfully releasing its Bard and Microsoft and returning to Sydney. However, despite the technological advancements, it seems that there remains a significant part of the risks that these tech giants, specifically Microsoft, have managed to ignore while releasing their chatbots. What is Microsoft Bing AI Chat Used for? Microsoft has released the Bing AI chat in collaboration with OpenAI after the release of ChatGPT. This AI chatbot is a relatively advanced version of ChatGPT 3, known as ChatGPT 4, promising more creativity and accuracy. Therefore, unlike ChatGPT 3, the Bing AI chatbot has several uses, including the ability to generate new content such as images, code, and texts. Apart from that, the chatbot also serves as a conversational web search engine and answers questions about current events, history, random facts, and almost every other topic in a concise and conversational manner. Moreover, it also allows image inputs, such that users can upload images in the chatbot and ask questions related to them. Since the chatbot has several impressive features, its use quickly spread in various industries, specifically within the creative industry. It is a handy tool for generating ideas, research, content, and graphics. However, one major problem with its adoption is the various cybersecurity issues and risks that the chatbot poses. The problem with these cybersecurity issues is that it is not possible to mitigate them through traditional security tools like VPN, antivirus, etc., which is a significant reason why chatbots are still not as popular as they should be. Is Microsoft Bing AI Chat Safe? Like ChatGPT, Microsoft Bing Chat is fairly new, and although many users claim that it is far better in terms of responses and research, its security is something to remain skeptical over. The modern version of the Microsoft AI chatbot is formed in partnership with OpenAI and is a better version of ChatGPT. However, despite that, the chatbot has several privacy and security issues, such as: The chatbot may spy on Microsoft employees through their webcams. Microsoft is bringing ads to Bing, which marketers often use to track users and gather personal information for targeted advertisements. The chatbot stores users\' information, and certain employees can access it, which breaches users\' privacy. - Microsoft’s staff can read chatbot conversations; therefore, sharing sensitive information is vulnerable. The chatbot can be used to aid in several cybersecurity attacks, such as aiding in spear phishing attacks and creating ransomware codes. Bing AI chat has a feature that lets the chatbot “see” what web pages are open on the users\' other tabs. The chatbot has been known to be vulnerable to prompt injection attacks that leave users vulnerable to data theft and scams. Vulnerabilities in the chatbot have led to data le | Ransomware Tool Vulnerability | ChatGPT | ★★ |
|
2024-04-09 16:54:00 | Cl0p \\'s Ransomware Rampage - Mesures de sécurité pour 2024 CL0P\\'s Ransomware Rampage - Security Measures for 2024 (lien direct) |
2023 CL0P Growth & NBSP;
Émergeant début 2019, CL0P a été présenté pour la première fois comme une version plus avancée de son prédécesseur le ransomware \\ 'Cryptomix \', provoqué par son propriétaire Ransomware CL0P, une organisation de cybercriminalité.Au fil des ans, le groupe est resté actif avec des campagnes importantes de 2020 à 2022. Mais en 2023, le gang de ransomware CL0P s'est amené à de nouveaux sommets et est devenu l'un des
2023 CL0P Growth Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the \'CryptoMix\' ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 to 2022. But in 2023 the CL0P ransomware gang took itself to new heights and became one of the |
Ransomware | ★★ | |
|
2024-04-09 15:16:07 | Genios de la société de base de données allemande confirme l'attaque des ransomwares German database company Genios confirms ransomware attack (lien direct) |
GBI Genios, une société de base de données utilisé par de nombreuses organisations de médias en Allemagne, a annoncé mardi que ses serveurs n'étaient pas disponibles «en raison d'une attaque de pirate massive».Dans un article sur LinkedIn, Genios a déclaré que l'incident était une attaque de ransomware et a mis en garde: "Malheureusement, nous devons assumer une panne pendant plusieurs jours."«Nos options de communication sont
GBI Genios, a database company used by numerous media organizations in Germany, announced on Tuesday its servers were unavailable “due to a massive hacker attack.” In a post on LinkedIn, Genios said the incident was a ransomware attack and cautioned, “unfortunately we have to assume an outage for several days.” “Our communication options are |
Ransomware | ★★ | |
|
2024-04-09 14:03:25 | Les chercheurs découvrent un nouveau gang de ransomware \\ 'muliaka \\' attaquant des entreprises russes Researchers discover new ransomware gang \\'Muliaka\\' attacking Russian businesses (lien direct) |
Un gang de ransomware auparavant inconnu a attaqué les entreprises russes avec des logiciels malveillants basés sur le code source divulgué du groupe de piratage Conti.Le gang, que les chercheurs de la société de cybersécurité basée à Moscou F.A.C.C.T.ont surnommé «muliaka» ou eau boueuse en anglais, a laissé des traces minimales de ses attaques mais a probablement été active depuis
A previously unknown ransomware gang has been attacking Russian businesses with malware based on the leaked source code from the Conti hacking group. The gang, which researchers at the Moscow-based cybersecurity company F.A.C.C.T. have dubbed “Muliaka," or Muddy Water in English, has left minimal traces from its attacks but has likely been active since |
Ransomware Malware | ★★ | |
|
2024-04-09 14:00:00 | Cadres, directives et ampli;Les primes à elles seules ont vaincu les ransomwares de vaincre Frameworks, Guidelines & Bounties Alone Won\\'t Defeat Ransomware (lien direct) |
Nous avons besoin de plus que des approches de «bricolage» des menaces qui atteignent clairement le niveau des problèmes de sécurité nationale.
We need more than "do-it-yourself" approaches to threats that clearly rise to the level of national security issues. |
Ransomware | ★★ | |
|
2024-04-09 13:04:47 | Panzura, LLC a annoncé la disponibilité de la détection et du sauvetage de Panzura Panzura, LLC announced the availability of Panzura Detect and Rescue (lien direct) |
Panzura lance une solution de détection et de récupération des ransomwares en temps réel
La détection et le sauvetage de Panzura offrent une détection des menaces de ransomware à proximité et une récupération rapide guidée par des experts, permettant aux entreprises de prendre une position proactive contre la menace croissante de ransomware
-
revues de produits
Panzura Launches Near Real-Time Ransomware Detection and Recovery Solution Panzura Detect and Rescue offers near real-time ransomware threat detection and expert-guided rapid recovery, allowing businesses to take a proactive stance against the mounting threat of ransomware - Product Reviews |
Ransomware Threat | ★★ | |
|
2024-04-09 13:00:24 | Mars 2024 \\'s Mostware le plus recherché: les pirates découvrent une nouvelle méthode de la chaîne d'infection pour livrer des remcos March 2024\\'s Most Wanted Malware: Hackers Discover New Infection Chain Method to Deliver Remcos (lien direct) |
> Les chercheurs ont découvert une nouvelle méthode de déploiement des remcos de Troie (rat) d'accès à distance, contournant les mesures de sécurité communes pour obtenir un accès non autorisé aux victimes \\ '.Pendant ce temps, Blackbasta est entré dans les trois premiers des groupes de ransomwares les plus recherchés et les communications ont sauté à la troisième place dans les industries les plus exploitées que notre dernier indice de menace mondial pour les chercheurs de mars 2024 a révélé des pirates en utilisant des fichiers de disque dur virtuel (VHD) pour déployer un accès à distance Trojan (Rat) remcos.Pendant ce temps, Lockbit3 est resté le groupe de ransomwares le plus répandu en mars malgré le retrait des forces de l'ordre en février, bien que sa fréquence sur les 200 points de contrôle ait surveillé les ransomwares [& # 8230;]
>Researchers have discovered a new method of deploying the Remote Access Trojan (RAT) Remcos, bypassing common security measures to gain unauthorized access to victims\' devices. Meanwhile, Blackbasta entered the top three of the most wanted ransomware groups and Communications jumped into third place in the most exploited industries Our latest Global Threat Index for March 2024 saw researchers reveal hackers utilizing Virtual Hard Disk (VHD) files to deploy Remote Access Trojan (RAT) Remcos. Meanwhile, Lockbit3 remained the most prevalent ransomware group in March despite the law enforcement takedown in February, although its frequency on the 200 Check Point monitored ransomware […] |
Ransomware Malware Threat Legislation | ★★ |
To see everything:
Our RSS (filtrered)
