What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-02-13 21:36:56 | Les hôpitaux hors ligne à travers la Roumanie après une attaque de ransomware sur la plate-forme Hospitals offline across Romania following ransomware attack on IT platform (lien direct) |
Quatre autres hôpitaux roumains ont été confirmés mardi pour avoir été affecté par une attaque de ransomware contre une plate-forme informatique, portant le total à 25 installations dont les données ont été cryptées.75 autres hôpitaux du pays à l'aide de la plate-forme ont été déconnectés d'Internet car les enquêteurs déterminent s'ils sont également touchés.Selon
Four more Romanian hospitals were confirmed on Tuesday to have been affected by a ransomware attack against an IT platform, bringing the total to 25 facilities whose data has been encrypted. Another 75 hospitals in the country using the platform have been disconnected from the internet as investigators determine if they too are impacted. According |
Ransomware | ★★ | |
 |
2024-02-13 21:14:57 | Bank of America admet la violation de données, le vendeur a piraté Bank Of America Admits Data Breach, Vendor Hacked (lien direct) |
Bank of America Corporation (BOFA), la deuxième plus grande institution bancaire aux États-Unis, avertit les clients d'une éventuelle violation de données qui pourrait avoir exposé des informations personnelles sensibles des clients participant à un plan de rémunération différé.
L'avis de violation de données déposé par le BOFA auprès du procureur général du Texas révèle que l'information personnellement identifiable du client (PII) exposée dans la rupture de sécurité comprend les noms de clients, les adresses, les numéros de sécurité sociale, les dates de naissance,et des informations financières, y compris les numéros de compte et de carte de crédit.
Apparemment, la violation des données a eu lieu le 3 novembre 2023 à Infosys McCamish Systems LLC («Infosys» ou «IMS»), qui est le vendeur de Bank of America \\.
Dans un Dépôt récent Auprès du procureur général du Maine, IMS a révélé que 57 028 clients avaient leurs données exposées dans l'incident.Pendant la cyberattaque, un parti non autorisé a pu accéder aux parties du réseau informatique d'IMS \\.
En apprenant la violation de la cybersécurité, IMS a mené une enquête avec l'aide de spécialistes de la criminalistique tiers.Il a informé Bank of America le 24 novembre 2023, que les données relatives à certains plans de rémunération différée desservis par la Banque peuvent avoir été affectés.Cependant, à aucun moment, le réseau interne de Bank of America \\ n'était compromis pendant la violation.
Le 1er février 2024, Infosys a envoyé des lettres de violation de données à toute personne affectée par le récent incident de sécurité des données, énumérant quelles informations qui leur appartenaient ont été compromises.
De même, Bank of America a également envoyé des lettres de violation de données aux consommateurs touchés le 6 février 2024, en les informant de la violation de la sécurité.
Bien qu'il ne soit pas au courant de toute utilisation abusive impliquant des informations sur les clients, Bank of America propose gratuitement un abonnement gratuit de deux ans au programme de protection contre le vol d'identité Experian \\, qui comprend la surveillance du crédit, le vol d'identitéServices d'assurance et de résolution de fraude, pour compenser l'incident.
En plus de cela, il est également conseillé aux clients de modifier les mots de passe et les épingles en ligne, de surveiller leurs comptes pour toute activité suspecte, de signaler immédiatement toute transaction non autorisée et de mettre également un gel ou une alerte de fraude sur leurs rapports de crédit.
Bank of America Vs.Lockbit
Le 4 novembre 2023, le Gang Lockbit de Ransomware aurait pris le crédit de l'attaque IMS, affirmant que ses opérateurs ont crypté plus de 2 000 systèmes pendant la violation.
L'opération Ransomware-as-a-Service (RAAS) de Lockbit a été révélée en septembre 2019 et a depuis attaqué de nombreuses institutions renommées, notamment le Royal Mail, l'Italian Internal Revenue Service, la principale société de voitures continentales et la société et la sociétéVille d'Oakland.
Bank of America Corporation (BofA), the second-largest banking institution in the U.S., is warning customers of a possible data breach that may have exposed sensitive personal information of customers participating in a deferred compensation plan. The notice of data breach filed by BofA with the Attorney General of Texas reveals that the customer’s personally identifiable information (PII) exposed in the security breach includes customer names, addresses, Social Security numbers, dates of birth, and financial information, including account and credit card numbers. Apparen |
Ransomware Data Breach | ★★ | |
 |
2024-02-13 19:55:36 | La société de location d'avion reconnaît la cyberattaque dans le dossier de la SEC Aircraft Leasing Company Acknowledges Cyberattack in SEC Filing (lien direct) |
Black Basta Ransomware a revendiqué la responsabilité, mais la société affirme que son enquête est en cours.
Black Basta ransomware claimed responsibility, but the company says its investigation is ongoing. |
Ransomware | ★★★ | |
 |
2024-02-13 17:35:00 | Southern Water informe les clients et les employés de violation de données Southern Water Notifies Customers and Employees of Data Breach (lien direct) |
La société britannique des services publics Southern Water a informé 5 à 10% de sa clientèle que leurs données personnelles ont été accessibles à la suite d'une attaque de ransomware en janvier
UK utilities firm Southern Water has informed 5-10% of its customer base that their personal data has been accessed following a ransomware attack in January |
Ransomware Data Breach | ★★ | |
|
2024-02-13 15:30:22 | BOFA avertit les clients de la fuite de données en violation tierce BofA Warns Customers of Data Leak in Third-Party Breach (lien direct) |
Une attaque contre un partenaire technologique revendiqué par Lockbit Ransomware a exposé des informations sensibles, y compris les numéros de sécurité sociale, de plus de 57 000 clients bancaires.
An attack on a technology partner claimed by LockBit ransomware exposed sensitive information, including Social Security numbers, of more than 57,000 banking customers. |
Ransomware | ★★ | |
 |
2024-02-13 14:41:50 | Classement Top malware de janvier 2024 : Lockbit3 en tête du classement des menaces de ransomware (lien direct) | Check Point® Software Technologies Ltd.- Classement Top malware de janvier 2024 : Lockbit3 en tête du classement des menaces de ransomware Les chercheurs ont identifié un important fournisseur de menaces en ligne appelé VexTrio, un intermédiaire clé pour les criminels du cyberespace. Parallèlement, LockBit3 est arrivé en tête du classement des groupes actifs de ransomware après une série d'attaques majeures en janvier. En France, Qbot est le malware le plus répandu. - Malwares | Ransomware Malware Threat | ★★ | |
 |
2024-02-13 11:28:40 | (Déjà vu) L'attaque des ransomwares frappe 100 hôpitaux roumains hors ligne Ransomware Attack Knocks 100 Romanian Hospitals Offline (lien direct) |
> Les hôpitaux roumains se tournent vers le stylo et le papier après une attaque de ransomware contre le système de gestion des soins de santé centralisé.
>Romanian hospitals turn to pen and paper after ransomware attack on centralized healthcare management system. |
Ransomware | ★★ | |
|
2024-02-13 10:20:06 | January 2024\'s Most Wanted Malware: Major VexTrio Broker Operation Uncovered and Lockbit3 Tops the Ransomware Threats (lien direct) | janvier 2024 \'s MALWOWIRS MORTS: Opération du courtier Vextrio majeur découvert et Lockbit3 est en tête des menaces de ransomware
Équipe de point Bycheck
-
mise à jour malveillant
/ /
affiche
January 2024\'s Most Wanted Malware: Major VexTrio Broker Operation Uncovered and Lockbit3 Tops the Ransomware Threats ByCheck Point Team - Malware Update / affiche |
Ransomware Malware | ★★ | |
 |
2024-02-13 07:32:08 | Bumblebee bourdonne en noir Bumblebee Buzzes Back in Black (lien direct) |
What happened Proofpoint researchers identified the return of Bumblebee malware to the cybercriminal threat landscape on 8 February 2024 after a four-month absence from Proofpoint threat data. Bumblebee is a sophisticated downloader used by multiple cybercriminal threat actors and was a favored payload from its first appearance in March 2022 through October 2023 before disappearing. In the February campaign, Proofpoint observed several thousand emails targeting organizations in the United States with the subject "Voicemail February" from the sender "info@quarlesaa[.]com" that contained OneDrive URLs. The URLs led to a Word file with names such as "ReleaseEvans#96.docm" (the digits before the file extension varied). The Word document spoofed the consumer electronics company Humane. Screenshot of the voicemail-themed email lure. Screenshot of the malicious Word document. The document used macros to create a script in the Windows temporary directory, for example "%TEMP%/radD7A21.tmp", using the contents of CustomDocumentProperties SpecialProps, SpecialProps1, SpecialProps2 and SpecialProps3. The macro then executed the dropped file using "wscript". Inside the dropped temporary file was a PowerShell command that downloads and executes the next stage from a remote server, stored in file “update_ver”: The next stage was another PowerShell command which in turn downloaded and ran the Bumblebee DLL. The Bumblebee configuration included: Campaign ID: dcc3 RC4 Key: NEW_BLACK It is notable that the actor is using VBA macro-enabled documents in the attack chain, as most cybercriminal threat actors have nearly stopped using them, especially those delivering payloads that can act as initial access facilitators for follow-on ransomware activity. In 2022, Microsoft began blocking macros by default, causing a massive shift in the landscape to attack chains that began using more unusual filetypes, vulnerability exploitation, combining URLs and attachments, chaining scripting files, and much more. Another noteworthy feature of this campaign is that the attack chain is significantly different from previously observed Bumblebee campaigns. Examples used in prior campaigns that distributed Bumblebee with the “NEW_BLACK” configuration included: Emails that contained URLs leading to the download of a DLL which, if executed, started Bumblebee. Emails with HTML attachments that leveraged HTML smuggling to drop a RAR file. If executed, it exploited the WinRAR vulnerability CVE-2023-38831 to install Bumblebee. Emails with zipped, password-protected VBS attachments which, if executed, used PowerShell to download and execute Bumblebee. Emails that contained zipped LNK files to download an executable file. If executed, the .exe started Bumblebee. Out of the nearly 230 Bumblebee campaigns identified since March 2022, only five used any macro-laden content; four campaigns used XL4 macros, and one used VBA macros. Attribution At this time Proofpoint does not attribute the activity to a tracked threat actor. The voicemail lure theme, use of OneDrive URLs, and sender address appear to align with previous TA579 activities. Proofpoint will continue to investigate and may attribute this activity to a known threat actor in the future. Proofpoint assesses with high confidence Bumblebee loader can be used as an initial access facilitator to deliver follow-on payloads such as ransomware. Why it matters Bumblebee\'s return to the threat landscape aligns with a surge of cybercriminal threat activity after a notable absence of many threat actors and malware. Recently, two threat actors-tax-themed actor TA576 and the sophisticated TA866-appeared once again in email campaign data after months-long gaps in activity. Post-exploitation operator TA582 and aviation and aerospace targeting ecrime actor TA2541 both reappeared in the threat landscape in late January after being absent since the end of November. Additionally, DarkGate malware reappeared | Ransomware Malware Vulnerability Threat | ★★ | |
|
2024-02-12 20:24:09 | US Govt.Offre des millions de primes pour trouver des acteurs de ransomware de ruche US Govt. Offers Millions in Bounties to Find Hive Ransomware Actors (lien direct) |
La décision du Département d'État complète une infrastructure de ruche le démontage des forces de l'ordre internationales.
The move by the State Department complements a Hive infrastructure takedown by international law enforcement. |
Ransomware | ★★ | |
 |
2024-02-12 18:42:00 | Rhysida ransomware fissué, outil de décryptage gratuit publié Rhysida Ransomware Cracked, Free Decryption Tool Released (lien direct) |
Les chercheurs en cybersécurité ont découvert une "vulnérabilité de mise en œuvre" qui a permis de reconstruire les clés de chiffrement et de décrypter les données verrouillées par le ransomware Rhysida.
Les résultats ont été publiés la semaine dernière par un groupe de chercheurs de l'Université de Kookmin et de la Corée Internet and Security Agency (KISA).
"Grâce à une analyse complète des ransomwares de Rhysida, nous avons identifié un
Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA). "Through a comprehensive analysis of Rhysida Ransomware, we identified an |
Ransomware Tool | ★★★ | |
 |
2024-02-12 18:07:41 | L'attaque des ransomwares perturbe les services dans 18 hôpitaux roumains Ransomware Attack Disrupts Services in 18 Romanian Hospitals (lien direct) |
> Par deeba ahmed
Le gang de cybercriminalité derrière l'attaque des ransomwares est inconnu.
Ceci est un article de HackRead.com Lire le post original: L'attaque des ransomwares perturbe les services dans 18 hôpitaux roumains
>By Deeba Ahmed The cybercrime gang behind the ransomware attack is unknown. This is a post from HackRead.com Read the original post: Ransomware Attack Disrupts Services in 18 Romanian Hospitals |
Ransomware | ★★★ | |
 |
2024-02-12 17:15:08 | Le concessionnaire en moteur à réaction aux principales compagnies aériennes révèle \\ 'Activité non autorisée \\' Jet engine dealer to major airlines discloses \\'unauthorized activity\\' (lien direct) |
tire une partie du système hors ligne alors que les documents Black Basta suggèrent que le pire Willis Lease Finance Corporation a admis aux régulateurs américains qu'il était devenu la proie d'un "incident de cybersécurité" après que les données soient prétendument volées au biz publiéesTo the Black Basta Ransomware Group \'s Dow Blog.…
Pulls part of system offline as Black Basta docs suggest the worst Willis Lease Finance Corporation has admitted to US regulators that it fell prey to a "cybersecurity incident" after data purportedly stolen from the biz was posted to the Black Basta ransomware group\'s leak blog.… |
Ransomware | ★★★ | |
 |
2024-02-12 16:01:03 | 12 février & # 8211;Rapport de renseignement sur les menaces 12th February – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyberLes meilleures attaques et violation de l'un des plus grands syndicats de Californie, des employés de service international Union internationale (SEIU), la section 1000, a confirmé une attaque de ransomware qui a entraîné des perturbations du réseau.Le gang de ransomware de Lockbit a assumé la responsabilité, affirmant [& # 8230;]
>For the latest discoveries in cyber research for the week of 12th February, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES One of the largest unions in California, Service Employees International Union (SEIU) Local 1000, has confirmed a ransomware attack that led to network disruption. The LockBit ransomware gang has assumed responsibility, claiming to […] |
Ransomware Threat | ★★★ | |
 |
2024-02-12 14:56:13 | BlackCat se cacherait derrière de faux sites web pour MAC (lien direct) | Les cybercriminels associés au groupe de ransomware BlackCat/ALPHV utiliseraient des faux sites web pour cibler les utilisateurs d'appareils Apple.... | Ransomware | ★★ | |
|
2024-02-12 11:30:00 | Les États-Unis offrent une récompense de 10 millions de dollars pour les leaders de ransomware de ruche US Offers $10m Reward for Hive Ransomware Leaders (lien direct) |
Le gouvernement américain a déclaré qu'il paierait jusqu'à 10 millions de dollars pour des informations menant à l'identification des dirigeants de Hive et jusqu'à 5 millions de dollars pour des informations menant à l'arrestation de tout affilié
The US government said it will pay up to $10m for information leading to the identification of Hive leaders, and up to $5m for information leading to the arrest of any affiliates |
Ransomware | ★★★ | |
|
2024-02-12 10:01:00 | Les États-Unis offrent 10 millions de dollars pour les informations menant à l'arrestation des leaders de Ransomware Hive U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders (lien direct) |
Le département d'État américain a & nbsp; annoncé & nbsp; récompenses monétaires allant jusqu'à 10 millions de dollars pour des informations sur les individus occupant des postes clés dans le cadre de l'opération de ransomware de ruche.
Il donne également 5 millions de dollars supplémentaires pour les détails qui pourraient conduire à l'arrestation et / ou à la condamnation de toute personne "conspirant de participer ou de tenter de participer à l'activité des ransomwares de ruche".
The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation. It is also giving away an additional $5 million for specifics that could lead to the arrest and/or conviction of any person "conspiring to participate in or attempting to participate in Hive ransomware activity." |
Ransomware | ★★ | |
 |
2024-02-12 08:49:09 | Tiers payant, CH Armentières… La situation au 12 février (lien direct) | Tandis que la PJ a ouvert une enquête sur le hack du tiers payant, l'hôpital d'Armentière a été touché par un ransomware. Bilan d'étape. | Ransomware Hack | ★★ | |
|
2024-02-12 08:02:39 | 4 étapes pour empêcher le compromis des e-mails des fournisseurs dans votre chaîne d'approvisionnement 4 Steps to Prevent Vendor Email Compromise in Your Supply Chain (lien direct) |
Supply chains have become a focal point for cyberattacks in a world where business ecosystems are increasingly connected. Email threats are a significant risk factor, as threat actors are keen to use compromised email accounts to their advantage. Every month, a staggering 80% of Proofpoint customers face attacks that originate from compromised vendor, third-party or supplier email accounts. Known as supplier account compromise, or vendor email compromise, these attacks involve threat actors infiltrating business communications between trusted partners so that they can launch internal and external attacks. Their ultimate goal might be to steal money, steal data, distribute malware or simply cause havoc. In this blog post, we\'ll explain how vendor emails are compromised and how you can stop these attacks. Finally, we\'ll tell you how Proofpoint can help. What\'s at stake Supply chain compromise attacks can be costly for businesses. IBM, in its latest Cost of a Data Breach Report, says that the average total cost of a cyberattack that involves supply chain compromise is $4.76 million. That is almost 12% higher than the cost of an incident that doesn\'t involve the supply chain. In addition to the financial implications, compromised accounts can lead to: Phishing scams that result in even more compromised accounts Reputational and brand damage Complex legal liabilities between business partners How does vendor email compromise occur? Supply chain compromise attacks are highly targeted. They can stretch out over several months. And typically, they are structured as a multistep process. The bad actor initiates the assault by gaining access to the email account of a vendor or supplier through various means. Phishing attacks are one example. Once the attacker gains access, they will lay low for an extended period to observe the vendor\'s email communications. During this time, the adversary will study the language and context of messages so that they can blend in well and avoid detection. Attackers might also use this observation period to establish persistence. They will create mail rules and infrastructure so that they can continue to receive and send messages even after the vendor has regained control of the account. Once they establish access and persistence, the attackers will begin to insert themselves into conversations within the supplier\'s company as well as with external partners and customers. By posing as the sender, the attacker takes advantage of established trust between parties to increase their chances of success. Overview of a vendor email compromise attack. Proofpoint has observed a growing trend of attackers targeting accounts within smaller businesses and using them to gain entry into larger companies. Threat actors often assume that small businesses have less protection than large companies. They see them as targets that can help them achieve a bigger payday. How to stop vendor email compromise If you want to defend against these attacks, it\'s critical to understand the methods behind them. Such a formidable problem requires a strategic and multilayered solution. The four broad steps below can help. Step 1: Know your suppliers Your first line of defense against these email attacks sounds simple, but it\'s challenging. It is the ability to intimately “know your supplier” and understand their security strategy. This requires more than a one-time vendor assessment. Your security teams will need to prioritize continuous monitoring of your company\'s business partnerships. On top of that knowledge, you need a thorough understanding of the access and privileges that your business grants to each vendor. Compromised accounts that have uncontrolled access may be able to exfiltrate sensitive data or upload malware like ransomware. So, when you know what your suppliers can (and can\'t) access, you can identify a data breach faster. Other steps, like requiring multifactor authentication (MFA) for vendor accounts, can | Ransomware Data Breach Malware Tool Threat Studies Prediction Cloud | ★★★ | |
 |
2024-02-12 07:39:31 | Les attaques de ransomwares obligent 100 hôpitaux roumains à se déconnecter Ransomware attack forces 100 Romanian hospitals to go offline (lien direct) |
100 hôpitaux de la Roumanie ont mis leurs systèmes hors ligne après qu'une attaque de ransomware a frappé son système de gestion des soins de santé.[...]
100 hospitals across Romania have taken their systems offline after a ransomware attack hit their healthcare management system. [...] |
Ransomware | ★★★ | |
|
2024-02-11 12:30:41 | Cyber-attaque au CHA d\'Armentières : les imprimantes réclament de l\'argent (lien direct) | Ce dimanche matin, 11 février, a été marqué par un événement inattendu au centre hospitalier d'Armentières, situé dans les Hauts-de-France. Les imprimantes de l'établissement ont commencé à cracher des demandes de rançon, signalant ainsi une cyber-attaque perpétrée par un groupe de ransomware bien c... | Ransomware | ★★★ | |
|
2024-02-09 22:50:04 | Les groupes de ransomwares réclament des succès sur Hyundai Motor Europe et une syndicat de Californie Ransomware Groups Claim Hits on Hyundai Motor Europe and a California Union (lien direct) |
Les cyberattaques non liées se sont toutes deux produites en janvier.
The unrelated cyberattacks both occurred in January. |
Ransomware | ★★ | |
|
2024-02-09 21:48:11 | MacOS ciblé par une nouvelle porte dérobée liée au ransomware Alphv MacOS Targeted by New Backdoor Linked to ALPHV Ransomware (lien direct) |
MacOS Data Exfiltration Malware fait la mise à jour de l'éditeur de code Visual Studio.
MacOS data exfiltration malware poses as an update for Visual Studio code editor. |
Ransomware Malware | ★★★ | |
 |
2024-02-09 13:46:14 | Les paiements de ransomwares ont atteint un record en 2023 & # 8211;Semaine en sécurité avec Tony Anscombe Ransomware payments hit a record high in 2023 – Week in security with Tony Anscombe (lien direct) |
Appelé une "année du bassin versant pour les ransomwares", 2023 a marqué un renversement de la baisse des paiements des ransomwares observés l'année précédente
Called a "watershed year for ransomware", 2023 marked a reversal from the decline in ransomware payments observed in the previous year |
Ransomware Studies | ★★★★ | |
|
2024-02-09 13:00:56 | Janvier 2024 \\’s MALWWare le plus recherché: Opération du courtier Vextrio majeur découvert et Lockbit3 est en tête des menaces de ransomware January 2024\\'s Most Wanted Malware: Major VexTrio Broker Operation Uncovered and Lockbit3 Tops the Ransomware Threats (lien direct) |
> Les chercheurs ont découvert un grand distributeur de cyber-menaces connu sous le nom de Vextrio, qui sert de courtier de trafic majeur pour les cybercriminels afin de distribuer un contenu malveillant.Pendant ce temps, Lockbit3 est en tête de la liste des groupes de ransomware actifs et de l'éducation était l'industrie la plus touchée dans le monde entier, notre dernier indice de menace mondial pour le janvier 2024, les chercheurs ont identifié un nouveau système de distribution de trafic omniprésent nommé Vextrio, qui a aidé plus de 60 affiliés via un réseau (TDS)de plus de 70 000 sites compromis.Pendant ce temps, Lockbit3 a été nommé le groupe de ransomware le plus répandu dans un classement nouvellement introduit dans l'indice, et l'éducation est restée l'industrie la plus touchée dans le monde.[& # 8230;]
>Researchers uncovered a large cyber threat distributor known as VexTrio, which serves as a major traffic broker for cybercriminals to distribute malicious content. Meanwhile, LockBit3 topped the list of active ransomware groups and Education was the most impacted industry worldwide Our latest Global Threat Index for January 2024 saw researchers identified a new pervasive traffic distribution system (TDS) named VexTrio, which has aided over 60 affiliates through a network of more than 70,000 compromised sites. Meanwhile, LockBit3 was named the most prevalent ransomware group in a newly introduced ranking in the Index, and Education remained the most impacted industry worldwide. […] |
Ransomware Malware Threat | ★★★ | |
|
2024-02-09 11:43:11 | Les nouveaux fichiers de volet de la rouille de la rouille volent des fichiers, liés à des groupes de ransomwares New Rust-Based macOS Backdoor Steals Files, Linked to Ransomware Groups (lien direct) |
> Par waqas
La porte dérobée imite une mise à jour de Visual Studio.
Ceci est un article de HackRead.com Lire la publication originale: Nouveaux fichiers de vole de secours MacOS basés sur la rouille, liés aux groupes de ransomwares
>By Waqas The backdoor impersonates a Visual Studio update. This is a post from HackRead.com Read the original post: New Rust-Based macOS Backdoor Steals Files, Linked to Ransomware Groups |
Ransomware | ★★★ | |
|
2024-02-09 10:53:35 | New Rustdoor MacOS malware usurpersion Visual Studio Update New RustDoor macOS malware impersonates Visual Studio update (lien direct) |
Une nouvelle mise à jour de malware MacOS basée sur la rouille en tant que mise à jour Visual Studio pour fournir un accès de porte dérobée aux systèmes compromis utilise une infrastructure liée au tristement célèbre gang de ransomware AlphV / BlackCat.[...]
A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang. [...] |
Ransomware Malware | ★★ | |
 |
2024-02-09 08:40:46 | US HC3 met en garde contre le ciblage agressif par les ransomwares Akira, les connexions possibles au groupe de pirate Conti US HC3 warns of aggressive targeting by Akira ransomware, possible connections to Conti hacker group (lien direct) |
Le centre de coordination de la cybersécurité du secteur de la santé (HC3) dans le Département américain de la santé & # 38;Services humains (HHS) émis ...
The Health Sector Cybersecurity Coordination Center (HC3) in the U.S. Department of Health & Human Services (HHS) issued... |
Ransomware | ★★ | |
|
2024-02-09 06:00:24 | Offensif et défensif: renforcer la sensibilisation à la sécurité avec deux approches d'apprentissage puissantes Offensive and Defensive: Build Security Awareness with Two Powerful Learning Approaches (lien direct) |
“Offensive” security awareness and “defensive” security awareness are two learning approaches that you can use to build a robust security culture in your company. They involve applying different strategies to educate your employees about threats and how they can respond to them safely. You may have heard the terms “offensive cybersecurity” and “defensive cybersecurity.” You use defensive tools and techniques to strengthen security vulnerabilities. And with offensive tools and techniques, you focus on identifying those vulnerabilities before attackers find them first. How do defensive and offensive approaches apply to security awareness? Here\'s a quick overview: With a defensive approach, users learn the fundamentals of security. With an offensive approach, users learn how to protect themselves and the business against future threats. Let\'s use a sports analogy here. You can actively learn to be a defensive goalie and block threats. Then, you can take your skills up a level and learn to score points with protective techniques. With Proofpoint Security Awareness, our industry-leading threat intelligence informs both approaches. We help people learn how to defend against current threats. And we give them the tools for taking offensive action against future threats. Live-action series about Insider Threats. (play video) Defensive security awareness: set the foundation We all have to start with the basics, right? With defensive security awareness, you teach people the fundamentals of security and set the stage for safe behavior. This training is often reactive. It enables people to respond to immediate threats and incidents as they arise. At Proofpoint, we believe in using behavioral science methodologies, like adaptive learning and contextual nudges. We combine this with a threat-driven approach, weaving trend analysis and insights about recent security breaches into our training. A personalized adaptive framework The adaptive learning framework is a personalized defensive approach to training. It recognizes that everyone learns differently; it is the opposite of a one-size-fits-all approach. You can teach security fundamentals in a way that is meaningful for each person based on what they know, what they might do and what they believe. This framework lets you drive behavior change with education that is tailored to each person\'s needs. That can include their professional role, industry, content style and native language. The learner can engage with a wide variety of styles and materials. And each training is tied to a specific learning objective. Adaptive learning recognizes that people learn best in short bursts that are spread over time. Our microlearning video modules are under three minutes, and our nano-learning videos are under one minute. These formats give people the flexibility to learn at their own pace. For instance, our “You\'re Now a Little Wiser” nano series offers bite-size training on topics such as data protection to help users learn about specific threats. Screenshots from a one-minute nano-learning video. Contextual nudges and positive reinforcement Training is essential if you want to build a robust security culture. But it is not enough to change behavior fully. Here is where contextual nudges play a vital role in helping to reinforce positive behavior habits once they are formed. These deliberate interventions are designed to shape how people behave. Nudges are rooted in a deep understanding of human behavior. They can move people toward making better decisions, often without them realizing it. They are gentle reminders that can guide people toward creating optimal outcomes. That, in turn, helps to foster a defensive security-conscious culture in your company. It is important to find the respectful balance of nudging people toward secure behaviors without being too intrusive or complex. For example, when a user fails a phishing simulation exercise, Proofpoint Security Awareness offers “Tea | Ransomware Malware Tool Vulnerability Threat Prediction | ★★★ | |
|
2024-02-09 02:57:07 | L'oncle Sam adoucit le pot avec 15 millions de dollars sur la prime sur les membres du gang Ransomware Hive Uncle Sam sweetens the pot with $15M bounty on Hive ransomware gang members (lien direct) |
Honneur parmi les voleurs sur le point d'être mis à l'épreuve Le gouvernement américain a placé une prime supplémentaire de 5 millions de dollars sur des membres de gangs de ransomware Hive & # 8211;sa deuxième récompense de ce type en un an.Et cela vient également un peu plus de 11 mois depuis que le FBI a déclaré qu'il avait fermé le réseau de l'organisation criminelle \\.…
Honor among thieves about to be put to the test The US government has placed an extra $5 million bounty on Hive ransomware gang members – its second such reward in a year. And it also comes a little over 11 months since the FBI said it had shut down the criminal organization\'s network.… |
Ransomware | ★★ | |
|
2024-02-08 19:27:28 | Les États-Unis offrent une récompense de 10 millions de dollars pour des informations sur les membres des gangs de ransomware Hive US offers $10 million reward for info on Hive ransomware gang members (lien direct) |
Le Département d'État américain a annoncé une récompense de 10 millions de dollars pour des informations conduisant à l'identification ou à l'emplacement des membres clés du gang de ransomware Hive.Les opérations du gang \\ ont été perturbés par le FBI il y a presque exactement un an, en fermant l'infrastructure du groupe Ransomware \\ après une opération de sept mois .Jeudi, le département d'État a déclaré qu'en
The U.S. State Department announced a $10 million reward for information leading to the identification or location of key members of the Hive ransomware gang. The gang\'s operations were disrupted by the FBI almost exactly one year ago, shutting the ransomware group\'s infrastructure after a seven-month operation. On Thursday, the State Department said that in |
Ransomware | ★★ | |
|
2024-02-08 18:55:39 | California Union confirme l'attaque des ransomwares à la suite de réclamations de verrouillage California union confirms ransomware attack following LockBit claims (lien direct) |
L'un des plus grands syndicats de Californie a confirmé cette semaine qu'il faisait face aux perturbations du réseau en raison d'un cyber-incident à la suite des allégations d'une attaque le mois dernier par un gang de ransomware notoire.Les employés du service Union internationale (SEIU) Local 1000 représente près de 100 000 employés de l'État en Californie dans plus de 2 000 chantiers dans le
One of the largest unions in California confirmed this week that it is dealing with network disruptions due to a cyber incident following claims of an attack last month by a notorious ransomware gang. Service Employees International Union (SEIU) Local 1000 represents nearly 100,000 state employees in California across more than 2,000 worksites in the |
Ransomware | ★★ | |
|
2024-02-08 15:16:15 | Hyundai Motor Europe frappé par Black Basta Ransomware Attack Hyundai Motor Europe hit by Black Basta ransomware attack (lien direct) |
La constructeur automobile Hyundai Motor Europe a subi une attaque noire de ransomware de Basta, les acteurs de la menace prétendant avoir volé trois téraoctets de données d'entreprise.[...]
Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. [...] |
Ransomware Threat | ★★★ | |
|
2024-02-08 13:36:38 | Acronis : Augmentation alarmante des cyberattaques, les PME et les MSP dans le collimateur (lien direct) | Augmentation alarmante des cyberattaques, les PME et les MSP dans le collimateur, selon Acronis. Le phishing et l'IA forment un couple toxique. 5 gangs de ransomware ont fait la majorité des victimes signalées / LockBit, CL0P, BlackCat / ALPHV, Play et 8Base - Malwares | Ransomware | ★★★ | |
|
2024-02-08 13:14:12 | Les funérailles auraient été annulées en raison d'une attaque de ransomware contre la ville autrichienne Funerals reportedly canceled due to ransomware attack on Austrian town (lien direct) |
La municipalité de Korneuburg en Autriche a déclaré qu'elle avait été frappée par une attaque de ransomware, conduisant à des funérailles qui auraient été annulées et que la mairie informant les résidents de son personnel ne peut être contactée que par téléphone.La petite ville des rives du Danube à quelques kilomètres au nord de Vienne a une population de moins de 13 000 habitants
The municipality of Korneuburg in Austria said it was hit by a ransomware attack, leading to funerals reportedly being canceled and the town hall informing residents its staff can only be reached via telephone. The small town on the banks of the Danube a few kilometers north of Vienna has a population of under 13,000 |
Ransomware | ★★ | |
 |
2024-02-08 13:00:00 | Rise sans précédent de la malvertisation comme précurseur de ransomware Unprecedented Rise of Malvertising as a Precursor to Ransomware (lien direct) |
Ransomware Malware | ★★ | ||
 |
2024-02-08 11:00:00 | Avez-vous toujours besoin d'une protection antivirus pour Windows en 2024? Do you still need antivirus protection for Windows in 2024? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The question of whether you need antivirus (AV) for Windows devices is always up for debate. The advancements and new technology have made the operating system (OS) more secure and reliable. Nevertheless, the effectiveness and lethality of cyber threats have increased as well. And every year, millions of Windows users fall victim to various digital perils. This article will discuss whether antivirus software is needed for Windows devices. You’ll discover how AVs work and the most common cyberattacks they can prevent. Moreover, we’ll review the benefits and drawbacks of built-in and third-party antivirus software. How does antivirus work? Scanning, removing, preventing – these are the 3 main stages of how an antivirus works. Once you install an AV, it scans every email, app, and file. During this process, it compares the results with its database. If something is off, the antivirus marks it as malware. Then, the AV either quarantines the malicious files or entirely obliterates them. And while all that is happening, a reliable antivirus runs smoothly in the background, preventing intruders from harming your devices and stealing your data. According to Datto’s global research, Windows device users should be the most concerned about their safety. Around 91% of gadgets that use this OS have been targeted by ransomware attacks. Nevertheless, none of the OS are entirely immune to various online perils. Whether using a Mac, Windows, or Android device, it’s better to be safe than sorry and use an AV. That way, you won’t put yourself, your devices, or your precious data at risk. What threats can a Windows antivirus prevent? As we briefly mentioned, a reliable antivirus can protect your device from online dangers. There are a few most common ones. Below, you’ll find them and what threat they pose: Viruses: These malicious programs multiply and spread from one computer to another. Viruses can attach themselves to programs and files, damage the system, and let other malware in. | Ransomware Malware Threat Mobile | ★★★ | |
|
2024-02-07 15:56:14 | Les paiements de crypto-monnaie de ransomware en 2023 ont atteint un sommet de 1,1 milliard de dollars Ransomware Cryptocurrency Payments in 2023 Hit All-Time-High of US$1.1Billion (lien direct) |
Ransomware les paiements de crypto-monnaie en 2023 ont atteint un sommet de tous les temps de 1,1 milliard de dollars
Après une baisse significative en 2022, l'augmentation de 94% l'année dernière démontre que les ransomwares sont une menace qui ne se déroule que pour s'aggraver.
-
rapports spéciaux
Ransomware Cryptocurrency Payments in 2023 Hit All-Time-High of US$1.1Billion After a significant decline in 2022, the 94% increase last year demonstrates that ransomware is a threat that is only set to worsen. - Special Reports |
Ransomware Threat | ★★ | |
|
2024-02-07 15:46:58 | Les paiements de ransomware en cryptomonnaies ont atteint un niveau record de 1,1 milliard de dollars en 2023 (lien direct) | Les paiements de ransomware en cryptomonnaies ont atteint un niveau record de 1,1 milliard de dollars en 2023 Malgré une baisse importante en 2022, la hausse de 94 % en 2023 démontre que la menace ransomwares risque de progresser - Investigations | Ransomware | ★★★ | |
 |
2024-02-07 14:32:19 | Attaques de ransomwares: tendances et industries la plupart ciblées Ransomware Attacks: Trends and Most Targeted Industries (lien direct) |
Ransomware | ★★ | ||
|
2024-02-07 14:17:45 | Day Internet plus sûr 2024: les dangers de l'IA non distingués & auml; tzen Safer Internet Day 2024: KI-Gefahren nicht unterschätzen (lien direct) |
anliche d'une autre journée Internet sûre Il est essentiel que le grand public pense davantage au paysage en développement des menaces de cybersécurité, y compris le rôle émergent de l'IA.Ce devrait être votre engagement pour une R & Auml numérique plus sécurisée;L'année dernière a montré à quel point les cyberattaques ont sophistiqué et H & Auml; UFIG qui visent non seulement les grandes entreprises, mais aussi sur les particuliers.L'augmentation des ransomwares, de la fraude au phishing, des campagnes de désinformation et des menaces contrôlées par l'IA montre qu'il existe un besoin urgent d'une agence de cybersécurité robuste; - rapports spéciaux / / | Ransomware | ★★ | |
|
2024-02-07 14:10:02 | Les paiements de ransomwares ont doublé à plus d'un milliard de dollars en 2023 Ransomware payments doubled to more than $1 billion in 2023 (lien direct) |
Les entreprises, les particuliers et les autres victimes d'attaques de ransomwares ont payé des pirates plus de 1,1 milliard de dollars en 2023 en échange de la libération de leurs données, selon de nouvelles recherches.Chainalysis - une firme de recherche de blockchain qui analyse les transactions effectuées par des gangs de ransomware, des affiliés et d'autres cybercriminels - libéré Un rapport ceci ceLe matin constatant que les paiements de rançon ont battu des dossiers
Companies, individuals and other victims of ransomware attacks paid hackers more than $1.1 billion in 2023 in exchange for unlocking their data, according to new research. Chainalysis - a blockchain research firm that analyzes transactions made by ransomware gangs, affiliates and other cybercriminals - released a report this morning finding that ransom payments broke records |
Ransomware | ★★★ | |
 |
2024-02-07 14:00:00 | Les paiements de ransomwares ont atteint un record de 1,1 milliard de dollars en 2023 Ransomware Payments Hit a Record $1.1 Billion in 2023 (lien direct) |
Après un ralentissement des paiements aux gangs de ransomwares en 2022, l'année dernière a vu les paiements de rançon totaux à leur plus haut niveau à ce jour, selon un nouveau rapport de la société de tracé de crypto-tracé Chainalysis.
After a slowdown in payments to ransomware gangs in 2022, last year saw total ransom payouts jump to their highest level yet, according to a new report from crypto-tracing firm Chainalysis. |
Ransomware | ★★ | |
|
2024-02-07 14:00:00 | Les paiements de ransomwares ont atteint 1 milliard de dollars de plus l'année dernière Ransomware Payments Hit $1bn All-Time High Last Year (lien direct) |
La surveillance de la chaîne de chaînes de transactions blockchain révèle que les paiements de ransomware ont atteint un record de 1 milliard de dollars en 2023
Chainalysis monitoring of blockchain transactions reveals ransomware payments hit a record $1bn in 2023 |
Ransomware | ★★ | |
|
2024-02-07 12:56:59 | Rançongiciel : une cyberattaque qui a coûté 27 millions d\'euros (lien direct) | En septembre 2023, Johnson Controls International a subi une attaque de ransomware d'une ampleur considérable, infligée par le groupe Dark Angels, entraînant le vol de 27 téraoctets de données précieuses. L'entreprise s'en remet toujours pas !... | Ransomware | ★★ | |
 |
2024-02-07 09:42:00 | South Staffs Water fait face à l'action de groupe sur l'attaque des ransomwares de Clop South Staffs Water faces group action over Clop ransomware attack (lien direct) |
En septembre 2023, Johnson Controls International a subi une attaque de ransomware d'une ampleur considérable, infligée par le groupe Dark Angels, entraînant le vol de 27 téraoctets de données précieuses. L'entreprise s'en remet toujours pas !... | Ransomware | ★★ | |
|
2024-02-07 01:43:06 | La fuite de données détectée par AHNLAB EDR (vs acteurs de menaces de ransomware) Data Leak Detected by AhnLab EDR (vs. Ransomware Threat Actors) (lien direct) |
Les acteurs de la menace de ransomware ont extorqué de l'argent après avoir pris le contrôle des organisations & # 8217;Réseaux internes, distribution des ransomwares, chiffrer les systèmes et maintenir la restauration du système pour rançon.Récemment, cependant, les acteurs de la menace cryptent non seulement les systèmes mais divulguent également des données internes et menacent de les exposer publiquement si la rançon n'est pas payée.Habituellement, ces acteurs de menace collectent des données, les compriment et les divulguent publiquement.Dans de tels processus, les acteurs de la menace utilisent de nombreux programmes d'utilité légitimes.Ces programmes permettent déjà un transfert stable de grande taille ...
Ransomware threat actors have been extorting money after taking control over organizations’ internal networks, distributing ransomware, encrypting systems, and holding system restoration for ransom. Recently, however, threat actors not only encrypts the systems but also leaks internal data and threatens to expose them publicly if the ransom is not paid. Usually, these threat actors collect data, compress them, and leak them publicly. In such processes, threat actors utilize many legitimate utility programs. These programs already allow stable transfer of large-sized... |
Ransomware Threat | ★★ | |
|
2024-02-06 15:45:10 | Équilibrez en selle alors que les rumeurs de paiement de rançon tourbillonnent EquiLend back in the saddle as ransom payment rumors swirl (lien direct) |
Toujours aucun mot sur la façon dont les intrus ont interrompu ou l'étendue complète de tout compromis de données possible Les systèmes de la société de technologie de financement de valeurs générales sont maintenant de retour en ligne après avoir annoncé une attaque de ransomware perturbatrice presqueIl y a deux semaines.…
Still no word on how the intruders broke in or the full extent of any possible data compromise Global securities finance tech company EquiLend\'s systems are now back online after announcing a disruptive ransomware attack nearly two weeks ago.… |
Ransomware | ★★★ | |
 |
2024-02-06 11:50:22 | Impact des ransomwares CL0P sur le paysage cyber-menace en 2023: une analyse de la cyber-tactique et de l'évolution des menaces au cours de l'année Impact of CL0P Ransomware on the Cyber Threat Landscape in 2023: An Analysis of Cyber Tactics and Threat Evolution Over the Year (lien direct) |
Dans le réseau complexe des menaces de cybersécurité, le groupe de ransomware CL0P a creusé une réputation ...
In the intricate web of cybersecurity threats, the CL0P ransomware group carved out a reputation... |
Ransomware Threat | ★★★ | |
|
2024-02-06 05:00:20 | Comment les cybercriminels augmentent-ils le privilège et se déplacent-ils latéralement? How Do Cybercriminals Escalate Privilege and Move Laterally? (lien direct) |
If you want to understand how cybercriminals cause business-impacting security breaches, the attack chain is a great place to start. The eight steps of this chain generalize how a breach progresses from start to finish. The most impactful breaches typically follow this pattern: Steps in the attack chain. In this blog post, we will simplify the eight steps of an attack into three stages-the beginning, middle and end. Our focus here will primarily be on the middle stage-info gathering, privilege escalation and lateral movement, which is often the most challenging part of the attack chain to see and understand. The middle steps are often unfamiliar territory, except for the most highly specialized security practitioners. This lack of familiarity has contributed to significant underinvestment in security controls required to address attacks at this stage. But before we delve into our discussion of the middle, let\'s address the easiest stages to understand-the beginning and the end. The beginning of the attack chain A cyberattack has to start somewhere. At this stage, a cybercriminal gains an initial foothold into a target\'s IT environment. How do they do this? Mainly through phishing. A variety of tactics are used here including: Stealing a valid user\'s login credentials Luring a user into installing malicious software, such as Remote Access Trojans (RATs) Calling the company\'s help desk to socially engineer the help desk into granting the attacker control over a user\'s account Much ink has been spilled about these initial compromise techniques. This is why, in part, the level of awareness and understanding by security and non-security people of this first stage is so high. It is fair to say that most people-IT, security and everyday users-have personally experienced attempts at initial compromise. Who hasn\'t received a phishing email? A great deal of investment goes into security tools and user training to stop the initial compromise. Think of all the security technologies that exist for that purpose. The list is very long. The end of the attack chain Similarly, the level of awareness and understanding is also very high around what happens at the end of the attack chain. As a result, many security controls and best practices have also been focused here. Everyone-IT, security and even everyday users-understands the negative impacts of data exfiltration or business systems getting encrypted by ransomware attackers. Stories of stolen data and ransomed systems are in the news almost daily. Now, what about the middle? The middle is where an attacker attempts to move from the initially compromised account(s) or system(s) to more critical business systems where the data that\'s worth exfiltrating or ransoming is stored. To most people, other than red teamers, pen testers and cybercriminals, the middle of the attack chain is abstract and unfamiliar. After all, regular users don\'t attempt to escalate their privileges and move laterally on their enterprise network! These three stages make up the middle of the attack chain: Information gathering. This includes network scanning and enumeration. Privilege escalation. During this step, attackers go after identities that have successively higher IT system privileges. Or they escalate the privilege of the account that they currently control. Lateral movement. Here, they hop from one host to another on the way to the “crown jewel” IT systems. Steps in the middle of the attack chain. Relatively few IT or security folks have experience with or a deep understanding of the middle of the attack chain. There are several good reasons for this: Most security professionals are neither red teamers, pen testers, nor cybercriminals. The middle stages are “quiet,” unlike initial compromise-focused phishing attacks or successful ransomware attacks, which are very “loud” by comparison. Unlike the front and back end of the attack chain, there has been little coverage about how these steps | Ransomware Malware Tool Vulnerability Threat | ★★★ |
To see everything:
Our RSS (filtrered)
