What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-09 12:53:08 | MEDUSA Cybercrime Gang prend le crédit pour une autre attaque contre la municipalité américaine Medusa cybercrime gang takes credit for another attack on US municipality (lien direct) |
Le MEDUSA Ransomware Group affirme qu'il est responsable d'une attaque contre une agence gouvernementale au Texas. & NBSP;Le district d'évaluation du comté de Tarrant - qui détermine la valeur des propriétés à des fins fiscales dans la région de Fort Worth - a confirmé à la future nouvelle enregistrée il y a deux semaines qu'il a été victime d'une attaque de ransomware. & Nbsp;Sur
The Medusa ransomware group says it is responsible for an attack on a government agency in Texas. The Tarrant County Appraisal District - which determines property values for tax purposes in the Fort Worth area - confirmed to Recorded Future News two weeks ago that it was a victim of a ransomware attack. On |
Ransomware | ★★ | |
 |
2024-04-09 10:18:23 | Deuxième groupe de ransomwares extorquant le changement de santé Second Ransomware Group Extorting Change Healthcare (lien direct) |
> RansomHub extorque les soins de santé des changements, menaçant de publier des données volées dans une attaque de ransomware Blackcat de février 2024.
>RansomHub is extorting Change Healthcare, threatening to release data stolen in a February 2024 BlackCat ransomware attack. |
Ransomware Medical | ★★ | |
 |
2024-04-09 10:00:00 | La menace cachée à la vue: analyse des attaques sous-textuelles dans les communications numériques The Hidden Threat in Plain Sight: Analyzing Subtextual Attacks in Digital Communications (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In our always-online world, we\'re facing a new kind of cyber threat that\'s just as sneaky as it is harmful: subtextual attacks. These aren\'t your run-of-the-mill security breaches; they\'re cunningly crafted messages that may look harmless—but they actually carry a dangerous payload within them. Join me as we take a closer look at this under-the-radar, but still dangerous, threat. We\'ll explore how these deceptive messages can sneak past our defenses, trick people into taking unwanted actions, and steal sensitive information without ever tripping an alarm. The Rise of Subtextual Attacks Unlike traditional cyber attacks, which are often direct and identifiable, subtextual attacks rely on subtlety and deception. Attackers craft messages that on the surface appear harmless or unrelated to any malicious activity. However, embedded within these communications are instructions, links, or information that can compromise security, manipulate behavior, or extract sensitive data. And not only is big data paramount in advertising and other avenues, but it’s also like keeping everything in your wallet—it’s convenient, helpful even, but signals to attackers that you’re indeed willing to put all your eggs in one basket when it comes to communications. These attacks exploit the nuances of language and context and require a sophisticated understanding of human communication and digital interaction patterns. For instance, a seemingly benign email might include a specific choice of words or phrases that, when interpreted correctly, reveal a hidden command or a disguised link to a malicious site. Psychological Manipulation Through Subtext Subtextual attacks also leverage psychological manipulation, influencing individuals to act in ways that compromise security or divulge confidential information. By understanding the psychological triggers and behavioral patterns of targets, attackers craft messages that subtly guide the recipient\'s actions. For instance, an attacker might use social engineering techniques combined with subtextual cues to convince a user to bypass normal security protocols. An email that seems to come from a trusted colleague or superior, containing subtle suggestions or cues, can be more effective in eliciting certain actions than a direct request or command. Attackers can also exploit the principle of urgency or scarcity, embedding subtle cues in communications that prompt the recipient to act quickly, bypassing their usual critical thinking or security procedures. The Evolution of Digital Forensics To combat the growing rise of subtextual attacks, the field of digital forensics has evolved significantly over the past decade. Initially focused on recovering and analyzing electronic information to investigate crime, digital forensics now incorporates advanced linguistic analysis, data pattern recognition, and machine learning to detect hidden threats. Modern digital forensic tools can analyze vast qua | Ransomware Tool Vulnerability Threat Medical | ★★ | |
 |
2024-04-08 20:49:32 | Round 2: Modifier les soins de santé ciblés dans la deuxième attaque de ransomware Round 2: Change Healthcare Targeted in Second Ransomware Attack (lien direct) |
RansomHub, qui est supposé avoir un certain lien avec ALPHV, a volé 4 To de données sensibles de la société de soins de santé assiégée.
RansomHub, which is speculated to have some connection to ALPHV, has stolen 4TB of sensitive data from the beleaguered healthcare company. |
Ransomware Medical | ★★ | |
|
2024-04-08 19:32:02 | \\ 'ils mentent \\': Palau nie les allégations de Ransomware Gang au cours de la cyberattaque récente \\'They\\'re lying\\': Palau denies claims by ransomware gang over recent cyberattack (lien direct) |
Le gouvernement de Palau a nié plusieurs nouvelles affirmations par un gang de ransomware que les deux parties étaient en contact à la suite d'une attaque le mois dernier. & NBSP;Le gang de ransomware de Dragonforce a officiellement publié des Palao sur son site de fuite dimanche, menaçant de publier des données volées au gouvernement de l'île de la nation \\ en trois jours. & Nbsp;Le groupe a répondu à un
The government of Palau denied several new claims by a ransomware gang that the two sides were in contact following an attack last month. The DragonForce ransomware gang officially posted Palau to its leak site on Sunday, threatening to publish data stolen from the island-nation\'s government in three days. The group responded to a |
Ransomware | ★★ | |
 |
2024-04-08 16:53:00 | La baisse des attaques des ransomwares en 2024 et ce que cela signifie The Drop in Ransomware Attacks in 2024 and What it Means (lien direct) |
L'industrie & nbsp; les ransomwares ont bondi en 2023 & NBSP; car il a vu une augmentation alarmante de 55,5% des victimes du monde entier, atteignant une échelle de 5 070. & NBSP; Mais 2024 commence à montrer une image très différente. & NBSP; Alors que les chiffres sont en flèche au quatrième trimestre 2023 avec 1309 cas., au premier trimestre 2024, l'industrie du ransomware était tombée à 1 048 cas.Il s'agit d'une diminution de 22% des attaques de ransomwares par rapport au T4 2023.
Chiffre
The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023. Figure |
Ransomware | ★★★ | |
 |
2024-04-08 15:09:15 | Faits saillants hebdomadaires, 8 avril 2024 Weekly OSINT Highlights, 8 April 2024 (lien direct) |
Last week\'s OSINT reporting reveals several key trends emerge in the realm of cybersecurity threats. Firstly, there is a notable diversification and sophistication in attack techniques employed by threat actors, ranging from traditional malware distribution through phishing emails to advanced methods like DLL hijacking and API unhooking for evading detection. Secondly, the threat landscape is characterized by the presence of various actors, including state-sponsored groups like Earth Freybug (a subset of APT41) engaging in cyberespionage and financially motivated attacks, as well as cybercrime actors orchestrating malware campaigns such as Agent Tesla and Rhadamanthys. Thirdly, the targets of these attacks span across different sectors and regions, with organizations in America, Australia, and European countries facing significant threats. Additionally, the emergence of cross-platform malware like DinodasRAT highlights the adaptability of threat actors to target diverse systems, emphasizing the need for robust cybersecurity measures across all platforms. Overall, these trends underscore the dynamic and evolving nature of cyber threats, necessitating continuous vigilance and proactive defense strategies from organizations and cybersecurity professionals. **1. [Latrodectus Loader Malware Overview](https://sip.security.microsoft.com/intel-explorer/articles/b4fe59bf)** Latrodectus is a new downloader malware, distinct from IcedID, designed to download payloads and execute arbitrary commands. It shares characteristics with IcedID, indicating possible common developers. **2. [Earth Freybug Cyberespionage Campaign](https://sip.security.microsoft.com/intel-explorer/articles/327771c8)** Earth Freybug, a subset of APT41, engages in cyberespionage and financially motivated attacks since at least 2012. The attack involved sophisticated techniques like DLL hijacking and API unhooking to deploy UNAPIMON, evading detection and enabling malicious commands execution. **3. [Agent Tesla Malware Campaign](https://sip.security.microsoft.com/intel-explorer/articles/cbdfe243)** Agent Tesla malware targets American and Australian organizations through phishing campaigns aimed at stealing email credentials. Check Point Research identified two connected cybercrime actors behind the operation. **4. [DinodasRAT Linux Version Analysis](https://sip.security.microsoft.com/intel-explorer/articles/57ab8662)** DinodasRAT, associated with the Chinese threat actor LuoYu, is a cross-platform backdoor primarily targeting Linux servers. The latest version introduces advanced evasion capabilities and is installed to gain additional footholds in networks. **5. [Rhadamanthys Information Stealer Malware](https://sip.security.microsoft.com/intel-explorer/articles/bf8b5bc1)** Rhadamanthys utilizes Google Ads tracking to distribute itself, disguising as popular software installers. After installation, it injects into legitimate Windows files for data theft, exploiting users through deceptive ad redirects. **6. [Sophisticated Phishing Email Malware](https://sip.security.microsoft.com/intel-explorer/articles/abfabfa1)** A phishing email campaign employs ZIP file attachments leading to a series of malicious file downloads, culminating in the deployment of PowerShell scripts to gather system information and download further malware. **7. [AceCryptor Cryptors-as-a-Service (CaaS)](https://sip.security.microsoft.com/intel-explorer/articles/e3595388)** AceCryptor is a prevalent cryptor-as-a-service utilized in Rescoms campaigns, particularly in European countries. Threat actors behind these campaigns abuse compromised accounts to send spam emails, aiming to obtain credentials for further attacks. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to ge | Ransomware Spam Malware Tool Threat Cloud | APT 41 | ★★★ |
|
2024-04-08 14:04:13 | Le gouvernement britannique a exhorté à monter sur le pied avant \\ 'avec des ransomwares au lieu d'absorber les coups de poing \\' UK government urged to get on \\'forward foot\\' with ransomware instead of \\'absorbing the punches\\' (lien direct) |
Les responsables de Westminster sont invités à mettre plus d'argent derrière les opérations pour perturber les gangs de ransomware à la suite d'un nombre croissant d'attaques ayant un large éventail de services. & NBSP;L'objectif actuel du gouvernement britannique pour lutter contre la crise des ransomwares - encourageant les organisations à améliorer leur cybersécurité et à se préparer à récupérer rapidement
Officials in Westminster are being urged to put more money behind operations to disrupt ransomware gangs in the wake of a growing number of attacks impacting a wide range of services. The British government\'s current focus for tackling the ransomware crisis - encouraging organizations to improve their cybersecurity, and to prepare to recover quickly |
Ransomware | ★★ | |
 |
2024-04-08 13:00:09 | Changer les soins de santé fait face à un deuxième dilemme de ransomware des semaines après l'attaque d'ALPHV Change Healthcare faces second ransomware dilemma weeks after ALPHV attack (lien direct) |
Les théories abondent sur qui est vraiment responsable Change Healthcare serait extorqué par un deuxième gang de ransomwares, quelques semaines seulement après s'être remis d'une attaque alphv.…
Theories abound over who\'s truly responsible Change Healthcare is allegedly being extorted by a second ransomware gang, mere weeks after recovering from an ALPHV attack.… |
Ransomware Medical | ★★ | |
 |
2024-04-08 10:38:41 | En miroir de la NIS2, l\'ANSSI américaine s\'interroge sur les ransomwares (lien direct) | Chargée d'établir un cadre de signalement des attaques par ransomware, la CISA en questionne encore de multiples aspects. | Ransomware | ★★★ | |
|
2024-04-08 06:28:13 | Chef de l'unité de cyber-espion israélienne exposée ... par sa propre erreur de confidentialité Head of Israeli cyber spy unit exposed ... by his own privacy mistake (lien direct) |
plus: un autre gouvernement local entravé par les ransomwares;Énorme augmentation des logiciels malveillants infostabilité;et les vulns critiques en bref protéger votre vie privée en ligne est difficile.Si dur, en fait, que même un grand espion israélien qui a réussi à rester incognito pendant 20 ans s'est retrouvé exposé après une erreur de base.…
PLUS: Another local government hobbled by ransomware; Huge rise in infostealing malware; and critical vulns In Brief Protecting your privacy online is hard. So hard, in fact, that even a top Israeli spy who managed to stay incognito for 20 years has found himself exposed after one basic error.… |
Ransomware Malware | ★★★ | |
|
2024-04-05 19:48:48 | Panera pain alimente les soupçons des ransomwares avec silence Panera Bread Fuels Ransomware Suspicions With Silence (lien direct) |
La chaîne de restaurants n'a pas fourni d'informations sur ce qui a conduit à une panne informatique généralisée, et les clients et les employés demandent des réponses.
The restaurant chain hasn\'t provided any information regarding what led to a widespread IT outage, and customers and employees are asking for answers. |
Ransomware | ★★ | |
|
2024-04-05 19:15:19 | Tentative de piratage sur New York continue une vague de cyberattaques contre les gouvernements municipaux Attempted hack on NYC continues wave of cyberattacks against municipal governments (lien direct) |
2024 a déjà vu des dizaines de gouvernements locaux critiqués par des incidents de ransomwares et des cyberattaques, limitant les services de millions de personnes aux États-Unis.Le dernier incident de haut niveau concerne New York, qui a été contraint de retirer un site Web de paie de la ville hors ligne et de le retirer de la vue du public après avoir traité un incident de phishing.
2024 has already seen dozens of local governments slammed by ransomware incidents and cyberattacks, limiting services for millions of people across the United States. The latest high-profile incident involves New York City, which was forced to take a city payroll website offline and remove it from public view after dealing with a phishing incident. |
Ransomware Hack | ★★ | |
 |
2024-04-05 17:59:20 | La semaine en ransomware - 5 avril 2024 - Machines virtuelles attaquées The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack (lien direct) |
Les attaques de ransomware ciblant VMware ESXi et d'autres plates-formes de machines virtuelles font des ravages parmi l'entreprise, provoquant une perturbation et une perte de services généralisées.[...]
Ransomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services. [...] |
Ransomware | ★★ | |
 |
2024-04-05 17:25:00 | Alphv intensifie le blanchiment du changement de santé des soins de santé ALPHV steps up laundering of Change Healthcare ransom payments (lien direct) |
> Alors que le groupe de ransomwares se déplace pour cacher ses 22 millions de dollars, son encoche d'affiliation est à la hauteur après avoir été affaibli en paiement.
>As the ransomware group moves to hide its $22 million, its affiliate notchy is laying low after reportedly being stiffed on payment. |
Ransomware Medical | ★★ | |
 |
2024-04-05 13:00:05 | Protéger le maillon le plus faible: comment les erreurs humaines peuvent mettre une entreprise en risque Protecting the weakest link: how human errors can put a company in risk (lien direct) |
> selon & # 8220; le rapport mondial des risques 2022 & # 8221;95% des problèmes de cybersécurité proviennent des erreurs humaines.Le logiciel de point de contrôle met en évidence les mesures essentielles que les entreprises doivent mettre en œuvre pour assurer leur protection.Dans l'ère numérique d'aujourd'hui, la cybersécurité est devenue une priorité pour les entreprises, car les cyberattaques peuvent endommager leur économie et leur réputation.Selon Check Point, 71% des entreprises ont été victimes d'attaques de ransomwares en 2023, avec un paiement moyen de 4,35 millions de dollars.Les employés sont le premier lien de la chaîne de cybersécurité et le point d'entrée le plus vulnérable.Les statistiques brossent un tableau d'étournage de l'impact de l'erreur humaine dans la cybersécurité.Selon [& # 8230;]
>According to “The Global Risks Report 2022” 95% of cybersecurity issues originate from human errors. Check Point Software highlights essential measures that companies must implement to ensure their protection. In today’s digital age, cybersecurity has become a priority for businesses, as cyber attacks can damage their economy and reputation. According to Check Point, 71% of businesses were victims of ransomware attacks in 2023, with an average payout of $4.35 million. Employees are the first link in the cybersecurity chain and the most vulnerable entry point. Statistics paint a starling picture of the impact of human error in cybersecurity. According to […] |
Ransomware | ★★ | |
|
2024-04-05 09:52:22 | Panera Bread d'une semaine d'une semaine provoquée par une attaque de ransomware Panera Bread week-long IT outage caused by ransomware attack (lien direct) |
La récente panne de Panera Bread \\ d'une semaine a été causée par une attaque de ransomware, selon des personnes familières avec la question et les e-mails vus par BleepingComputer.[...]
Panera Bread\'s recent week-long outage was caused by a ransomware attack, according to people familiar with the matter and emails seen by BleepingComputer. [...] |
Ransomware | ★★★ | |
 |
2024-04-05 06:00:25 | Amélioration de la détection et de la réponse: plaider en matière de tromperies Improving Detection and Response: Making the Case for Deceptions (lien direct) |
Let\'s face it, most enterprises find it incredibly difficult to detect and remove attackers once they\'ve taken over user credentials, exploited hosts or both. In the meantime, attackers are working on their next moves. That means data gets stolen and ransomware gets deployed all too often. And attackers have ample time to accomplish their goals. In July 2023, the reported median dwell time was eight days. That\'s the time between when an attacker accesses their victim\'s systems and when the attack is either detected or executed. Combine that data point with another one-that attackers take only 16 hours to reach Active Directory once they have landed-and the takeaway is that threats go undetected for an average of seven days. That\'s more than enough time for a minor security incident to turn into a major business-impacting breach. How can you find and stop attackers more quickly? The answer lies in your approach. Let\'s take a closer look at how security teams typically try to detect attackers. Then, we can better understand why deceptions can work better. What is the problem with current detection methods? Organizations and their security vendors have evolved when it comes to techniques for detecting active threats. In general, detection tools have focused on two approaches-finding files or network traffic that are “known-bad” and detecting suspicious or risky activity or behavior. Often called signature-based detection, finding “known-bad” is a broadly used tool in the detection toolbox. It includes finding known-bad files like malware, or detecting traffic from known-bad IPs or domains. It makes you think of the good old days of antivirus software running on endpoints, and about the different types of network monitoring or web filtering systems that are commonplace today. The advantage of this approach is that it\'s relatively inexpensive to build, buy, deploy and manage. The major disadvantage is that it isn\'t very effective against increasingly sophisticated threat actors who have an unending supply of techniques to get around them. Keeping up with what is known-bad-while important and helpful-is also a bit like a dog chasing its tail, given the infinite internet and the ingenuity of malicious actors. The rise of behavior-based detection About 20 years ago, behavioral-based detections emerged in response to the need for better detection. Without going into detail, these probabilistic or risk-based detection techniques found their way into endpoint and network-based security systems as well as SIEM, email, user and entity behavior analytics (UEBA), and other security systems. The upside of this approach is that it\'s much more nuanced. Plus, it can find malicious actors that signature-based systems miss. The downside is that, by definition, it can generate a lot of false positives and false negatives, depending on how it\'s tuned. Also, the high cost to build and operate behavior-based systems-considering the cost of data integration, collection, tuning, storage and computing-means that this approach is out of reach for many organizations. This discussion is not intended to discount the present and future benefits of newer analytic techniques such as artificial intelligence and machine learning. I believe that continued investments in behavior-based detections can pay off with the continued growth of security data, analytics and computing power. However, I also believe we should more seriously consider a third and less-tried technique for detection. Re-thinking detection Is it time to expand our view of detection techniques? That\'s the fundamental question. But multiple related questions are also essential: Should we be thinking differently about what\'s the best way to actively detect threats? Is there a higher-fidelity way to detect attackers that is cost-effective and easy to deploy and manage? Is there another less-tried approach for detecting threat actors-beyond signature-based and behavior-based methods-that can dra | Ransomware Malware Tool Vulnerability Threat | ★★ | |
|
2024-04-04 22:29:05 | Sexi Ransomware désire les hyperviseurs VMware dans la campagne en cours SEXi Ransomware Desires VMware Hypervisors in Ongoing Campaign (lien direct) |
Une variante BABUK a été impliquée dans au moins quatre attaques contre les serveurs VMware ESXi au cours des six dernières semaines, dans un cas exigeant 140 millions de dollars d'une entreprise de centre de données chilien.
A Babuk variant has been involved in at least four attacks on VMware EXSi servers in the last six weeks, in one case demanding $140 million from a Chilean data center company. |
Ransomware | ★★★ | |
|
2024-04-04 21:07:53 | \\ 'Une attaque contre la réputation de Palau \\': les responsables se demandent qui était vraiment derrière l'incident du ransomware \\'An attack on the reputation of Palau\\': officials question who was really behind ransomware incident (lien direct) |
Les employés du gouvernement sur l'île de Palau sont entrés en œuvre le 14 mars et ont démarré leurs ordinateurs comme n'importe quel autre jour.Mais lorsque les écrans Windows ne se chargeraient pas, ils l'ont appelé. & Nbsp;Ils ont rapidement découvert deux notes de rançon distinctes: une sur une feuille de papier dans l'imprimante du gang de ransomware de verrouillage
Government employees on the island of Palau came into work on March 14 and booted up their computers like any other day. But when the Windows screens wouldn\'t load they called up IT. They quickly discovered two separate ransom notes: one on a sheet of paper in the printer from the LockBit ransomware gang |
Ransomware | ★★ | |
 |
2024-04-04 16:30:00 | Lockbit se précipite après le retrait, repopule le site de fuite avec de vieilles violations LockBit Scrambles After Takedown, Repopulates Leak Site with Old Breaches (lien direct) |
Un rapport micro tendance montre une baisse claire du nombre d'infections réelles associées au ransomware de verrouillage suivant l'opération Cronos
A Trend Micro report shows a clear drop in the number of actual infections associated with the LockBit ransomware following Operation Cronos |
Ransomware Prediction | ★★ | |
|
2024-04-04 16:00:00 | Systèmes informatiques du comté de Jackson frappés par une attaque de ransomware Jackson County IT Systems Hit By Ransomware Attack (lien direct) |
Un état d'urgence a été déclaré, causé par des incohérences opérationnelles à travers les infrastructures numériques
A state of emergency was declared, caused by operational inconsistencies across digital infrastructure |
Ransomware | ★★ | |
 |
2024-04-04 15:06:24 | Les menaces de ransomware en Asie-Pacifique dépendent du pays et du secteur, explique Rapid7 Asia-Pacific Ransomware Threats Depend on Country and Sector, Says Rapid7 (lien direct) |
Les agents de cybersécurité ont été avertis d'examiner les menaces de ransomware spécifiques auxquelles sont confrontés leur pays et leur industrie, tout en fermant les voies communes utilisées par des courtiers à accès qualifié.
Cyber security operatives have been warned to look at the specific ransomware threats facing their country and industry, while closing down common pathways being used by skilled access brokers. |
Ransomware | ★★ | |
 |
2024-04-04 13:23:08 | New Red Ransomware Group (Red Cryptoapp) expose les victimes sur Wall of Shame New Red Ransomware Group (Red CryptoApp) Exposes Victims on Wall of Shame (lien direct) |
> Par waqas
Un nouveau groupe de ransomwares, Red CryptoApp (Red Ransomware Group), fait bouger les choses.Contrairement à d'autres, ils humilient les victimes en publiant leurs noms sur un «mur de honte».Découvrez comment Red Cryptoapp cible les victimes, quelles industries sont en danger et comment vous protéger.
Ceci est un article de HackRead.com Lire la publication originale: New Red Ransomware Group (Red Cryptoapp) expose les victimes sur Wall of Shame
>By Waqas A new ransomware group, Red CryptoApp (Red Ransomware Group), is shaking things up. Unlike others, they humiliate victims by publishing their names on a "wall of shame." Learn how Red CryptoApp targets victims, what industries are at risk, and how to protect yourself. This is a post from HackRead.com Read the original post: New Red Ransomware Group (Red CryptoApp) Exposes Victims on Wall of Shame |
Ransomware | ★★ | |
|
2024-04-04 12:00:00 | Leicester Council confirme les documents confidentiels divulgués dans l'attaque des ransomwares Leicester Council Confirms Confidential Documents Leaked in Ransomware Attack (lien direct) |
Le conseil municipal de Leicester a confirmé qu'environ 25 documents sensibles ont été divulgués en ligne, y compris des informations d'identité personnelle, à la suite des réclamations du gang de la rançon Inc
Leicester City Council confirmed around 25 sensitive documents have been leaked online, including personal ID information, following claims by the Inc Ransom gang |
Ransomware | ★★ | |
|
2024-04-04 11:56:12 | Le conseil municipal de Leicester confirme l'attaque des ransomwares après la fuite de documents confidentiels Leicester City Council confirms ransomware attack after confidential documents leaked (lien direct) |
Le conseil municipal de Leicester en Angleterre a confirmé que le cyber-incident du mois dernier était une attaque de ransomware après avoir été informé que les criminels derrière l'incident avaient téléchargé des documents volés sur leur site d'extorsion Web sombre.Inc Ransom avait affirmé être à l'origine de l'attaque plus tôt cette semaine, ce qui a incité le directeur stratégique de Leicester \\, Richard Sword,
Leicester City Council in England has confirmed that last month\'s cyber incident was a ransomware attack after being made aware that the criminals behind the incident had uploaded stolen documents to their dark web extortion site. INC Ransom had claimed to be behind the attack earlier this week, prompting Leicester\'s strategic director, Richard Sword, |
Ransomware | ★★ | |
|
2024-04-04 11:47:34 | Latrodectus: ces octets d'araignée comme la glace Latrodectus: This Spider Bytes Like Ice (lien direct) |
Proofpoint\'s Threat Research team joined up with the Team Cymru S2 Threat Research team, in a collaborative effort to provide the information security community with a comprehensive view of the threat activity described. Key takeaways Proofpoint first observed new malware named Latrodectus appear in email threat campaigns in late November 2023. While use of Latrodectus decreased in December 2023 through January 2024, Latrodectus use increased in campaigns throughout February and March 2024. It was first observed in Proofpoint data being distributed by threat actor TA577 but has been used by at least one other threat actor, TA578. Latrodectus is an up-and-coming downloader with various sandbox evasion functionality. While similar to IcedID, Proofpoint researchers can confirm it is an entirely new malware, likely created by the IcedID developers. Latrodectus shares infrastructure overlap with historic IcedID operations. While investigating Latrodectus, researchers identified new, unique patterns in campaign IDs designating threat actor use in previous IcedID campaigns. Overview Proofpoint identified a new loader called Latrodectus in November 2023. Researchers have identified nearly a dozen campaigns delivering Latrodectus, beginning in February 2024. The malware is used by actors assessed to be initial access brokers (IABs). Latrodectus is a downloader with the objective of downloading payloads and executing arbitrary commands. While initial analysis suggested Latrodectus was a new variant of IcedID, subsequent analysis confirmed it was a new malware most likely named Latrodectus, based on a string identified in the code. Based on characteristics in the disassembled sample and functionality of the malware, researchers assess the malware was likely written by the same developers as IcedID. This malware was first observed being distributed by TA577, an IAB known as a prolific Qbot distributor prior to the malware\'s disruption in 2023. TA577 used Latrodectus in at least three campaigns in November 2023 before reverting to Pikabot. Since mid-January 2024, researchers observed it being used almost exclusively by TA578 in email threat campaigns. Campaign details TA577 TA577 was only observed using Latrodectus in three campaigns, all occurring in November 2023. Notably, a campaign that occurred on 24 November 2023 deviated from previously observed TA577 campaigns. The actor did not use thread hijacking, but instead used contained a variety of different subjects with URLs in the email body. The URLs led to the download of a JavaScript file. If executed, the JavaScript created and ran several BAT files that leveraged curl to execute a DLL and ran it with the export “scab”. Figure 1: Example TA577 campaign delivering Latrodectus. On 28 November 2023, Proofpoint observed the last TA577 Latrodectus campaign. The campaign began with thread hijacked messages that contained URLs leading to either zipped JavaScript files or zipped ISO files. The zipped JavaScript file used curl to download and execute Latrodectus. The zipped ISO file contained a LNK file used to execute the embedded DLL, Latrodectus. Both attack chains started the malware with the export “nail”. TA578 Since mid-January 2024, Latrodectus has been almost exclusively distributed by TA578. This actor typically uses contact forms to initiate a conversation with a target. In one campaign observed on 15 December 2023, Proofpoint observed TA578 deliver the Latrodectus downloader via a DanaBot infection. This December campaign was the first observed use of TA578 distributing Latrodectus. On 20 February 2024, Proofpoint researchers observed TA578 impersonating various companies to send legal threats about alleged copyright infringement. The actor filled out a contact form on multiple targets\' websites, with text containing unique URLs and included in the URI both the domain of the site that initiated the contact form (the target), and the name of the impersonated company (to further the legitimacy | Ransomware Malware Tool Threat Prediction | ★★★ | |
|
2024-04-04 10:49:40 | Ransomware Gang a fait voler les résidents \\ 'Données confidentielles, le conseil municipal britannique admet Ransomware gang did steal residents\\' confidential data, UK city council admits (lien direct) |
La rançon Inc apparaît comme une menace croissante, car certains ex-affiliés de Lockbit / AlphV obtiennent de nouveaux concerts Le conseil municipal de Leicester admet enfin que son "cyber-incident" a été effectué par un gang de ransomware et que ces données étaientvolés, des heures après que les criminels ont forcé sa main.…
INC Ransom emerges as a growing threat as some ex-LockBit/ALPHV affiliates get new gigs Leicester City Council is finally admitting its "cyber incident" was carried out by a ransomware gang and that data was stolen, hours after the criminals forced its hand.… |
Ransomware Threat | ★★ | |
|
2024-04-03 22:11:10 | Lockbit Ransomware Takedown frappe profondément dans la viabilité de la marque \\ LockBit Ransomware Takedown Strikes Deep Into Brand\\'s Viability (lien direct) |
Près de trois mois après l'opération Cronos, il est clair que le gang ne rebondit pas de l'action innovante d'application de la loi.Les opérateurs RAAS sont en avis et les entreprises devraient faire attention.
Nearly three months after Operation Cronos, it\'s clear the gang is not bouncing back from the innovative law-enforcement action. RaaS operators are on notice, and businesses should pay attention. |
Ransomware | ★★★ | |
|
2024-04-03 17:10:56 | Comté de Jackson en état d'urgence après une attaque de ransomware Jackson County in state of emergency after ransomware attack (lien direct) |
Le comté de Jackson, Missouri, est en état d'urgence après qu'une attaque de ransomware a enlevé des services de comté mardi.[...]
Jackson County, Missouri, is in a state of emergency after a ransomware attack took down some county services on Tuesday. [...] |
Ransomware | ★★ | |
|
2024-04-03 15:32:17 | Sophos révèle que les attaques de ransomwares visent désormais des sauvegardes Sophos Reveals Ransomware Attacks Are Now Targeting Backups (lien direct) |
> Par waqas
Le stockage d'une sauvegarde de vos données est une décision judicieuse, mais avez-vous envisagé de garder une sauvegarde de votre sauvegarde?
Ceci est un article de HackRead.com Lire le post original: Sophos révèleLes attaques de ransomware ciblent désormais les sauvegardes
>By Waqas Storing a backup of your data is a wise decision, but have you considered keeping a backup of your backup? This is a post from HackRead.com Read the original post: Sophos Reveals Ransomware Attacks Are Now Targeting Backups |
Ransomware | ★★ | |
|
2024-04-03 12:01:15 | Comté du Missouri frappé par les ransomwares Missouri County Hit by Ransomware (lien direct) |
> Jackson County, Missouri, révèle \\ 'des perturbations significatives \' aux systèmes informatiques, dit l'attaque des ransomwares probablement en faute.
>Jackson County, Missouri, discloses \'significant disruptions\' to IT systems, says ransomware attack likely at fault. |
Ransomware | ★★ | |
|
2024-04-03 10:30:00 | Abus RDP présents dans 90% des violations des ransomwares RDP Abuse Present in 90% of Ransomware Breaches (lien direct) |
Sophos révèle des niveaux «sans précédent» de compromis RDP dans les attaques de ransomwares en 2023
Sophos reveals “unprecedented” levels of RDP compromise in ransomware attacks in 2023 |
Ransomware | ★★ | |
|
2024-04-03 02:00:00 | Ransomware, comptes bancaires indésirables: les cybermenaces prolifèrent au Vietnam Ransomware, Junk Bank Accounts: Cyber Threats Proliferate in Vietnam (lien direct) |
Une réussite économique en Asie, au Vietnam, voient plus de fabrication et plus d'investissement commercial.Mais avec cela, une augmentation significative de la cybercriminalité.
An economic success story in Asia, Vietnam is seeing more manufacturing and more business investment. But with that comes a significant uptick in cybercrime as well. |
Ransomware | ★★ | |
 |
2024-04-02 23:59:50 | Le comté du Missouri déclare l'état d'urgence au milieu d'une attaque de ransomware présumée Missouri county declares state of emergency amid suspected ransomware attack (lien direct) |
La panne se produit le jour même en tant qu'élections spéciales, mais les bureaux des élections restent ouverts.
Outage occurs on same day as special election, but elections offices remain open. |
Ransomware | ★★ | |
|
2024-04-02 17:32:25 | Le comté de Missouri, qui abrite Kansas City Missouri county home to Kansas City says suspected ransomware attack affecting tax payments (lien direct) |
L'un des plus grands comtés du Missouri a confirmé mardi qu'il faisait face à une attaque de ransomware présumée affectant les paiements d'impôts et les biens en ligne, les licences de mariage et les recherches de détenus.Jackson County - qui compte 715 000 résidents et qui abrite une partie de Kansas City - a déclaré qu'elle avait "identifié des perturbations importantes au sein de son
One of the largest counties in Missouri confirmed on Tuesday that it is dealing with a suspected ransomware attack affecting tax payments and online property, marriage licenses and inmate searches. Jackson County - which has 715,000 residents and is home to part of Kansas City - said it has “identified significant disruptions within its |
Ransomware | ★★ | |
|
2024-04-02 12:00:00 | Les cyberattaques produisaient une perturbation physique en augmentation Cyberattacks Wreaking Physical Disruption on the Rise (lien direct) |
Les groupes de ransomware ont entré dans la fabrication d'autres parties du secteur OT en 2023, et quelques attaques ont causé des dommages à huit et neuf chiffres.Mais le pire n'est pas encore venu en 2024.
Ransomware groups tore into manufacturing other parts of the OT sector in 2023, and a few attacks caused eight- and nine-figure damages. But worse is yet to come in 2024. |
Ransomware Industrial | ★★★ | |
|
2024-04-02 08:41:20 | Le concessionnaire de bateaux MarineMax confirme la violation des données Boat Dealer MarineMax Confirms Data Breach (lien direct) |
> MarineMax confirme une violation de données à la suite d'une récente attaque de ransomware, les attaquants affirmant avoir obtenu 180 000 fichiers.
>MarineMax confirms suffering a data breach as a result of a recent ransomware attack, with the attackers claiming to have obtained 180,000 files. |
Ransomware Data Breach | ★★★ | |
|
2024-04-02 05:00:00 | Les menaces de cybersécurité s'intensifient au Moyen-Orient pendant le Ramadan Cybersecurity Threats Intensify in the Middle East During Ramadan (lien direct) |
Comment les équipes de sécurité de la région fortifient leurs défenses au milieu de tacs à court - et ont augmenté les campagnes DDOS, phishing et ransomwares - pendant le mois sacré musulman.
How security teams in the region fortify their defenses amid short-staffing - and increased DDoS, phishing, and ransomware campaigns - during the Muslim holy month. |
Ransomware | ★★ | |
|
2024-04-01 19:09:57 | \\ 'Organisation de cybercriminalité \\' a volé les données des clients et des employés, dit le géant de la navigation \\'Cybercrime organization\\' stole customer and employee data, boating giant says (lien direct) |
Les pirates ont pu accéder aux données des serveurs de l'un des plus grands vendeurs de bateaux du monde au cours d'une attaque le mois dernier, a confirmé la société.Marinemax a déposé lundi un rapport mis à jour aux régulateurs de la Securities and Exchange Commission avertissant que les informations sur les clients et les employés ont été volées au cours de l'incident.Le ransomware de Rhysida
Hackers were able to access data from the servers of one of the world\'s largest boat sellers during an attack last month, the company confirmed. MarineMax filed an updated report to regulators at the Securities and Exchange Commission on Monday warning that customer and employee information was stolen during the incident. The Rhysida ransomware |
Ransomware | ★★ | |
|
2024-04-01 16:50:00 | Détecter les logiciels malveillants à base de fenêtres grâce à une meilleure visibilité Detecting Windows-based Malware Through Better Visibility (lien direct) |
Malgré une pléthore de solutions de sécurité disponibles, de plus en plus d'organisations sont victimes de ransomwares et d'autres menaces.Ces menaces continues ne sont pas juste un inconvénient qui nuise aux entreprises et aux utilisateurs finaux - ils endommagent l'économie, mettent en danger des vies, détruisent les entreprises et mettent en danger la sécurité nationale.Mais si ce n'était pas assez & # 8211;La Corée du Nord semble être & nbsp; en utilisant les revenus de Cyber
Despite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. These continued threats aren\'t just an inconvenience that hurt businesses and end users - they damage the economy, endanger lives, destroy businesses and put national security at risk. But if that wasn\'t enough – North Korea appears to be using revenue from cyber |
Ransomware Malware | ★★ | |
|
2024-04-01 14:00:00 | Collaboration nécessaire pour lutter contre les ransomwares Collaboration Needed to Fight Ransomware (lien direct) |
Une approche mondiale proactive et collaborative de la cybersécurité, et pas seulement dans les partenariats public / privé, est la clé de la lutte contre les gangs de ransomware de plus en plus professionnels.
A global proactive and collaborative approach to cybersecurity, not just in public/private partnerships, is key to fighting back against increasingly professional ransomware gangs. |
Ransomware | ★★ | |
|
2024-04-01 13:51:22 | Faits saillants hebdomadaires, 1er avril 2024 Weekly OSINT Highlights, 1 April 2024 (lien direct) |
Last week\'s OSINT reporting reveals an array of cyber threats marked by sophisticated attack tactics and diverse targets. From malvertising campaigns deploying stealers like Rhadamanthys to the first known attack campaign targeting AI workloads, threat actors exhibit a range of attack vectors targeting both individuals and organizations. Notably, the evolution of malware such as Vultur and StrelaStealer highlights a continual arms race between attackers and defenders, with adversaries demonstrating adaptability and persistence in their pursuit of data theft and system compromise. The targeting of specific platforms like WordPress sites and email clients underscores the threat to online ecosystems, while the widespread impact across industries emphasizes the need for robust cybersecurity measures and constant vigilance against evolving threats. 1. [Go Malvertising Campaign with Rhadamanthys Stealer](https://security.microsoft.com/intel-explorer/articles/e6d270fc): A malvertising campaign had utilized a Go language loader to deploy the Rhadamanthys stealer, targeting users through a fake PuTTY homepage ad at the top of Google search results. The loader, closely linked to the malvertising infrastructure, had retrieved the payload, Rhadamanthys, which had been executed by the parent process PuTTY.exe, indicating a coordinated attack by the same threat actor. 2. [Active Attack Campaign Exploiting Ray Framework Vulnerability](https://security.microsoft.com/intel-explorer/articles/e4cd5bc2): An ongoing active attack campaign had exploited a critical vulnerability in the Ray open-source AI framework, known as ShadowRay (CVE-2023-48022), impacting thousands of companies globally. Attackers had exploited this vulnerability to take control of computing resources, steal sensitive data, and conduct cryptocurrency mining operations, demonstrating the severity of the issue and its widespread impact across industries. 3. [Evolution of Android Banking Malware Vultur](https://security.microsoft.com/intel-explorer/articles/3f7c3599): Authors behind the Android banking malware Vultur had enhanced its capabilities, including remote interaction with victim devices and encryption of C2 communication, showcasing continual development to evade detection and carry out malicious actions with greater sophistication. 4. [Agent Tesla Phishing Email Infection Chain](https://security.microsoft.com/intel-explorer/articles/5ffaa8a4): SpiderLabs had identified a phishing email leading to an infection chain deploying Agent Tesla, utilizing obfuscation, packing techniques, and polymorphic behavior to evade detection and ensure stealthy execution, posing challenges for traditional antivirus systems. 5. [Sign1 Malware Campaign Exploiting WordPress Sites](https://security.microsoft.com/intel-explorer/articles/063f7fac): Sucuri and GoDaddy Infosec had discovered the Sign1 malware campaign infecting over 2,500 WordPress sites, injecting malicious code into custom HTML widgets to redirect visitors to scam sites, demonstrating the threat to website integrity and visitor security. 6. [StrelaStealer Email Client Targeting Malware](https://security.microsoft.com/intel-explorer/articles/82785858): StrelaStealer, a malware targeting email clients to steal login data, had launched large-scale email campaigns impacting over 100 organizations, particularly targeting high-tech industries. The malware\'s evolving infection chain and updated payloads had underscored its adaptability and the challenge it had posed to security analysts and products. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this summa | Ransomware Spam Malware Tool Vulnerability Threat Mobile Cloud | ★★ | |
|
2024-04-01 10:00:00 | AI - le bon, le mauvais et effrayant AI - The Good, Bad, and Scary (lien direct) |
AI and machine learning (ML) optimizes processes by making recommendations for optimizing productivity, reducing cycles, and maximizing efficiency. AI also optimizes human capital by performing mundane & repetitive tasks 24x7 without the need for rest and minimizing human errors. There are numerous benefits as to how AI can benefit society. As much as AI can propel human progress forward, it can be consequential to our own detriment without proper guidance. We need to understand the risks and challenges that comes with AI. Growing your knowledge in the new era of AI will help you and your organization evolve. AI can be a battlefield of good and evil. There’s the power to do good and the power to do evil. Here are some examples on the Good, Bad, and Scary of AI. Good Cybersecurity - Detect and respond to cyber-attacks with automation capabilities at machine speed and predict behavioral anomalies and defend against cyber threats before an actual attack occurs Banking & Finance – Detect and prevent fraud, manage risks, enable personalized services, and automate financial-decision processing Healthcare – Optimize patient interactions, develop personalized treatment plans, attain better patient experience, improve patient data accuracy, and reduce misfiled patient records Manufacturing – Predict maintenance, detect defects and quality issues, enhance productivity, generate product & component designs, and optimize inventory & demand forecasting Retail – Secure self-checkout that helps loss prevention, optimize retail operations & supply chain, and enhance customer experiences Smart cities & IoT – Manage traffic of autonomous vehicles & self-driving, manage energy consumption, optimize water usage, and streamline waste management through real-time sensor data Telecom – Predict network congestion and proactively reroute traffic to avoid outages Bad Cybercriminals – Leverage AI-powered tools and social engineering to steal identities, generate ransomware attacks, perform targeted national state attacks, and destroy national critical infrastructure Computing resources – Require heavy power supply, Thermal Design Power (TDP), Graphics Processing Unit (GPU), and Random Access Memory (RAM) Environmental impact - Impact of intensive computing resources have on carbon footprint and environment Energy cost – Rise in electric power usage and water for cooling and increasing computational costs translates into carbon emissions Bias & Discrimination - Propagate biases as a result of bad training data, incomplete data, and poorly trained AI model Inequality – Widen the gap between the rich and poor and increase inequality in society Privacy – Loss of data privacy from insecure AI systems, unencrypted data sources, and misuse & abuse Skills loss - Reduce human critical thinking skills to uncover root issues, solve complex problems, and ability to write at college level and professionally Scary Job loss and displacement - Replace humans with robots across every sector to perform highly skilled professional jobs Overreliance on AI – Rely heavily on AI to make important decisions like electing medical procedures, making life or death decisions, or choosing political candidates Dominance of AI - Potential ability of AI to surpass human intelligence and take control Monopoly by tech – a select number of tech companies could monopolize the economy and have undue influence over the social construct of our daily lives from buying patterns to everyday decision-making Deepfakes – Generate deepfakes with manipulated videos and images to influence discussions on social media and online forums Propaganda & Disinformation – Deploy human a | Ransomware Tool Prediction Medical | ★★★ | |
|
2024-03-29 18:58:38 | Les leçons du démontage de Lockbit Lessons From the LockBit Takedown (lien direct) |
Le démontage des forces de l'ordre vraiment satisfaisante du géant des ransomwares montre la valeur de la collaboration - et de la riposte.
The truly satisfying law enforcement takedown of the ransomware giant shows the value of collaborating - and fighting back. |
Ransomware Legislation | ★★ | |
|
2024-03-29 12:58:05 | Ransomware Gang Fuaks volé les données sur les patients de la santé écossaise dans l'offre d'extorsion Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid (lien direct) |
Les cyber-extormistes ont publié sur leurs données sur les patients sensibles de Blog Darkweb volées au NHS Dumfries et Galloway, qui fait partie du système de santé écossais, dans le but d'exiger de l'argent du Conseil de santé local.Le service a annoncé plus tôt ce mois
Cyber extortionists have published to their darkweb blog sensitive patient data stolen from NHS Dumfries and Galloway, part of the Scottish healthcare system, in a bid to demand money from the local health board. The service announced earlier this month it was the target of “a focused and ongoing cyber attack,” and that while |
Ransomware Medical | ★★ | |
 |
2024-03-29 11:03:14 | Leçons d'une attaque de ransomware contre la bibliothèque britannique Lessons from a Ransomware Attack against the British Library (lien direct) |
Vous pourriez penser que les bibliothèques sont un peu ennuyeuses, mais Cette auto-analyse d'une attaque de ransomware et d'extorsion en 2023 contre la bibliothèque britannique est tout sauf.
You might think that libraries are kind of boring, but this self-analysis of a 2023 ransomware and extortion attack against the British Library is anything but. |
Ransomware | ★★★ | |
|
2024-03-29 11:01:38 | La violation des données de l'assureur pour la santé du Massachusetts a un impact sur 2,8 millions Massachusetts Health Insurer Data Breach Impacts 2.8 Million (lien direct) |
> Harvard Pilgrim Health Care indique que les informations personnelles de plus de 2,8 millions de personnes ont été volées dans une attaque de ransomware vieille d'un an.
>Harvard Pilgrim Health Care says the personal information of over 2.8 million individuals was stolen in a year-old ransomware attack. |
Ransomware Data Breach | ★★ | |
|
2024-03-28 18:22:02 | Harvard Pilgrim Health Network met à jour le total de la violation des données à près de 2,9 millions Harvard Pilgrim health network updates data breach total to nearly 2.9 million (lien direct) |
Harvard Pilgrim Health Care a déclaré que le nombre de personnes touchées par une attaque de ransomware au printemps dernier est plus grande que celle initiale.La société d'assurance maladie de la Nouvelle-Angleterre a été attaquée par un gang de ransomware encore non identifié le 17 avril 2023, limitant le service pendant des jours.La société a soumis plusieurs lettres de notification de violation différentes aux régulateurs dans
Harvard Pilgrim Health Care said the number of people affected by a ransomware attack last spring is larger than originally stated. The New England health insurance firm was attacked by a still-unidentified ransomware gang on April 17, 2023, limiting service for days. The company has submitted multiple different breach notification letters to regulators in |
Ransomware Data Breach | ★★★ | |
|
2024-03-28 14:50:51 | Les États-Unis mettent 10 millions de dollars sur la prime sur les membres du gang ransomware Blackcat US Puts Up $10M Bounty on BlackCat Ransomware Gang Members (lien direct) |
Les fédéraux offrent de l'argent pour les informations pour les aider à réprimer les cyberattaques du groupe Ransomware-as-a-Service \\ contre les infrastructures critiques américaines.
Feds are offering cash for information to help them crack down on the ransomware-as-a-service group\'s cyberattacks against US critical infrastructure. |
Ransomware | ★★★ |
To see everything:
Our RSS (filtrered)
