What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-11 17:54:28 | Congress Mulls Ban on Big Ransom Payouts (lien direct) | A bill introduced this week would regulate ransomware response by the country's critical financial sector. | Ransomware | ||
 |
2021-11-11 16:45:00 | #BHEU: 5 Ways to Approach Ransomware Negotiations (lien direct) | How should organizations react when forced into a ransomware negotiation? | Ransomware | ||
 |
2021-11-11 11:04:00 | Magniber ransomware gang now exploits Internet Explorer flaws in attacks (lien direct) | The Magniber ransomware gang is now using two Internet Explorer vulnerabilities and malicious advertisements to infect users and encrypt their devices. [...] | Ransomware | ||
 |
2021-11-11 10:33:43 | Don\'t get held to ransom – cause, prevention, recovery (lien direct) | Ransomware is one of the top earners of the dark economy, lining the coffers of cybercriminals. Expected to generate over $265bn USD in revenue for bad actors within the next decade, ransomware continues to pose an acute threat to businesses. It's no wonder then that cybercriminals have commoditised their skills in ransomware as a service to maximise their return on investment. They understand how to build a successful business from […] | Ransomware Threat | ||
 |
2021-11-11 09:00:00 | Hacking season: Why Cyber Monday presents a cyber security nightmare (lien direct) | As âBring Your Own Deviceâ (BYOD) drives digital convergence of our personal and professional lives, Black Friday scams targeting personal inboxes can easily spill over into corporate environments. This, coupled with an increased incidence of ransomware attacks over public holidays, is giving defenders plenty to think about this holiday season. | Ransomware | ||
|
2021-11-11 08:54:03 | New bill sets ransomware attack response rules for US financial orgs (lien direct) | New legislation introduced this week by US lawmakers aims to set ransomware attack response "rules of road" for US financial institutions. [...] | Ransomware | ||
 |
2021-11-11 03:50:08 | TrickBot Operators Partner with Shatak Attackers for Conti Ransomware (lien direct) | The operators of TrickBot trojan are collaborating with the Shathak threat group to distribute their wares, ultimately leading to the deployment of Conti ransomware on infected machines. "The implementation of TrickBot has evolved over the years, with recent versions of TrickBot implementing malware-loading capabilities," Cybereason security analysts Aleksandar Milenkoski and Eli Salem said in a | Ransomware Threat Guideline | ||
|
2021-11-11 01:30:00 | Navigating The Threat Landscape 2021 – From Ransomware to Botnets (lien direct) | Though we are recovering from the worst pandemic, cyber threats have shown no sign of downshifting, and cybercriminals are still not short of malicious and advanced ways to achieve their goals. The Global Threat Landscape Report indicates a drastic rise in sophisticated cyberattacks targeting digital infrastructures, organizations, and individuals in 2021. Threats can take different forms with | Ransomware Threat | ||
 |
2021-11-11 00:00:00 | Multinational Bank Manages Threats and Prevents Ransomware with AI/ML Powered FortiGate IPS (lien direct) | The financial sector is a key target for cyber criminals, who are becoming increasingly sophisticated. Learn how FortiGate IPS migration enhanced this multinational bank's overall security posture by protecting against threats and rising ransomware attacks.
|
Ransomware | ||
 |
2021-11-10 17:48:43 | These industries were the most affected by the past year of ransomware attacks (lien direct) | After what has been a year of averaging more than a thousand ransomware attacks per day, NordLocker said that data released by hackers shows an unexpected industry at the top. | Ransomware | ||
 |
2021-11-10 16:07:38 | RPC Firewall Dubbed \'Ransomware Kill Switch\' Released to Open Source (lien direct) | Today at Black Hat London, Zero Networks announced the release of its RPC firewall – also dubbed the 'ransomware kill switch' – into open source. The tool provides granular control over RPC, capable of blocking the use of lateral movement hacker tools and stopping almost all ransomware in its tracks. | Ransomware Tool | ||
 |
2021-11-10 16:00:00 | Anomali Cyber Watch: GitLab Vulnerability Exploited In The Wild, Mekotio Banking Trojan Returns, Microsoft Exchange Vulnerabilities Exploited Again and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Babuk, Braktooth, Linux, Gamaredon, Magecart and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released
(published: November 5, 2021)
A proof-of-concept (PoC) tool to test for the recently revealed BrakTooth flaws in Bluetooth devices, and the researchers who discovered them have released both the test kit and full exploit code for the bugs. On Thursday, CISA urged manufacturers, vendors and developers to patch or employ workarounds. On Monday, the University of Singapore researchers updated their table of affected devices, after the chipset vendors Airoha, Mediatek and Samsung reported that some of their devices are vulnerable.
Analyst Comment: Users are urged to patch or employ workarounds as soon as possible.
Tags: Bluetooth, BrakTooth, Exploit, Vulnerability
CVE-2021-43267: Remote Linux Kernel Heap Overflow | TIPC Module Allows Arbitrary Code Execution
(published: November 4, 2021)
Researchers at SentinelOne have identified a vulnerability in the TIPC Module, part of the Linux Kernel. The Transparent Inter-Process Communication (TIPC) module is a protocol that is used for cluster-wide operation and is packaged as part of most major Linux distributions. The vulnerability, designated as “CVE-2021-43267”, is a heap overflow vulnerability that could be exploited to execute code within the kernel.
Analyst Comment: TIPC users should ensure their Linux kernel version is not between 5.10-rc1 and 5.15.
Tags: Linux, TIPC, Vulnerabiltity
Ukraine Links Members Of Gamaredon Hacker Group To Russian FSB
(published: November 4, 2021)
The Ukrainian Secret Service claims to have identified five members of the threat group, Gamaredon. The group, who Ukraine are claiming to be operated by the Russian Federal Security Service (FSB), are believed to be behind over 5,000 attacks against Ukraine. These attacks usually consist of malicious documents and using a template injection vulnerability, the group has targeted government, public and private entities.
Analyst Comment: Users should be careful that a file is sent via a known and trusted sender, that individual should be contacted to verify the authenticity of the attachment prior to opening. Thus, any such file attachment sent by unknown senders should be viewed with the utmost scrutiny, and the attachments should be avoided and properly reported to appropriate personnel. Users should be careful when viewing documents that ask for macros to be enabled.
MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204
Tags: Gamaredon, Malicious Documents, Russia, Ukraine, Template Injection
|
Ransomware Data Breach Malware Tool Vulnerability Threat | ||
|
2021-11-10 10:52:26 | TrickBot teams up with Shatak phishers for Conti ransomware attacks (lien direct) | A threat actor tracked as Shatak (TA551) recently partnered with the ITG23 gang (aka TrickBot and Wizard Spider) to deploy Conti ransomware on targeted systems. [...] | Ransomware Threat | ||
 |
2021-11-09 18:46:51 | (Déjà vu) THREAT ANALYSIS REPORT: From Shatak Emails to the Conti Ransomware (lien direct) |
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Ransomware Threat | ||
 |
2021-11-09 18:35:29 | Clop gang exploiting CVE-2021-35211 RCE in SolarWinds Serv-U in recent attack (lien direct) | The Clop ransomware gang is exploiting CVE-2021-35211 vulnerability in SolarWinds Serv-U to compromise corporate networks. Threat actors always look for new ways to compromise target networks, Clop ransomware gang (aka TA505, FIN11) is exploiting CVE-2021-35211 SolarWinds Serv-U vulnerability to breach businesses’ infrastructures and deploy its ransomware. The flaw is a remote code execution vulnerability that […] | Ransomware Vulnerability Threat | ||
|
2021-11-09 18:06:33 | 12 New Flaws Used in Ransomware Attacks in Q3 (lien direct) | The Q3 2021 report revealed a 4.5% increase in CVEs associated with ransomware and a 3.4% increase in ransomware families compared with Q2 2021. | Ransomware | ||
|
2021-11-09 17:57:30 | Ransomware attacks are increasingly exploiting security vulnerabilities (lien direct) | The number of security flaws associated with ransomware rose from 266 to 278 last quarter, according to security firm Ivanti. | Ransomware | ||
|
2021-11-09 16:17:31 | US amps up war on ransomware with charges against REvil attackers (lien direct) | One person fingered for the July 2021 attack against Kaseya is in custody, while the other individual is still at large. | Ransomware | ||
 |
2021-11-09 15:33:00 | US charges Ukrainian and Russian nationals over ransomware attacks (lien direct) | Authorities say they have recovered $6 million in proceeds in ransomware crackdown. | Ransomware | ||
|
2021-11-09 13:50:36 | The Ransom Disclosure Act and Defending Against Complex RansomOps (lien direct) |
On October 5, U.S. Senator Elizabeth Warren (D-Mass.) introduced the Ransom Disclosure Act. She framed it as something that could help the U.S. government learn more about how ransomware operations work. |
Ransomware | ||
|
2021-11-09 12:53:25 | Internationa law enforcement arrested REvil ransomware affiliates in Romania and Kuwait (lien direct) | Romanian police arrested two alleged Sodinokibi/REvil ransomware affiliates accused to have orchestrated attacks against thousands of victims. Romanian law enforcement agencies have arrested two alleged Sodinokibi/REvil ransomware affiliates on November 4, that are accused of having conducted attacks against thousands of victims. The arrests are the result of an international operation carried out in cooperation […] | Ransomware | ||
 |
2021-11-09 11:00:00 | A New Cybersecurity Executive Order Puts the Heat on Critical Infrastructure Suppliers (lien direct) | Ransomware. Five years ago, the cybersecurity community knew that term well, although among others it was far from dinner table conversation. Times have changed. Since early 2020, ransomware has hit a slew of headlines. People inside and outside of the security industry are talking about it, and many have experienced the ransomware pain firsthand. The […] | Ransomware | ||
|
2021-11-09 09:54:21 | Clop gang exploiting SolarWinds Serv-U flaw in ransomware attacks (lien direct) | The Clop ransomware gang, also tracked as TA505 and FIN11, is exploiting a SolarWinds Serv-U vulnerability to breach corporate networks and ultimately encrypt its devices. [...] | Ransomware Vulnerability | ||
|
2021-11-09 09:15:45 | Medical software firm urges password resets after ransomware attack (lien direct) | Medatixx, a German medical software vendor whose products are used in over 21,000 health institutions, urges customers to change their application passwords following a ransomware attack that has severely impaired its entire operations. [...] | Ransomware | ||
|
2021-11-09 08:41:00 | US to Charge Suspects Over Kaseya Ransomware Attack (lien direct) | CNN said two suspects will face charges relating to the deployment of ransomware known as REvil in the incident | Ransomware | ||
|
2021-11-09 08:17:46 | US DoS offers a reward of up to $10M for leaders of REvil ransomware gang (lien direct) | The U.S. government offers up to $10 million for identifying or locating leaders in the REvil/Sodinokibi ransomware operation The Department of State offers up to $10 million for information that can lead to the identification or location of individuals in key leadership positions in the REvil/Sodinokibi ransomware operation. The US government also offers $5 million […] | Ransomware Guideline | ||
|
2021-11-09 06:21:00 | Ukrainian REvil affiliate charged with Ransomware Attack on Kaseya (lien direct) | The US DoJ has charged a REvil ransomware affiliate that is suspected to have orchestrated the attack on Kaseya MSP platform in July. The US Department of Justice has charged a REvil ransomware affiliate for orchestrating the ransomware attacks on Kaseya MSP platform that took place in July 4. The suspect is 22-year old Ukrainian national Yaroslav […] | Ransomware | ||
|
2021-11-09 05:05:52 | Unique Challenges to Cyber-Security in Healthcare and How to Address Them (lien direct) | No business is out of danger of cyberattacks today. However, specific industries are particularly at risk and a favorite of attackers. For years, the healthcare industry has taken the brunt of ransomware attacks, data breaches, and other cyberattacks.
Why is the healthcare industry particularly at risk for a cyberattack? What are the unique challenges to cybersecurity in healthcare, and how can |
Ransomware | ||
 |
2021-11-09 02:05:21 | REvil Ransom Arrest, $6M Seizure, and $10M Reward (lien direct) | The U.S. Department of Justice said today it arrested a Ukrainian man who deployed ransomware on behalf of the REvil ransomware gang, a Russian cybercriminal collective that has extorted hundreds of millions from victim organizations. The DOJ also said it had seized $6.1 million in cryptocurrency sent to another REvil affiliate, and that the State Department is now offering up to $10 million for information leading to the arrest of any key leaders of REvil. | Ransomware Guideline | ||
 |
2021-11-09 00:55:14 | The Biggest Ransomware Bust Yet Might Actually Make an Impact (lien direct) | By arresting one alleged hacker associated with REVil and seizing millions from another, the US has made clear that ransomware comes with a cost. | Ransomware | ||
 |
2021-11-08 22:37:49 | Kaseya ransomware suspect nabbed in Poland, $6m seized from absent colleague (lien direct) | Suspects nabbed, millions seized, in ransomware busts across the globe. | Ransomware | ||
|
2021-11-08 22:27:42 | Europol arrests three suspects possibly involved in major ransomware activities (lien direct) | Europol announced new arrests during its "Operation GoldDust." The suspects may have been heavily involved in the Sodinokibi/REvil and GandCrab ransomware activities. | Ransomware | ||
|
2021-11-08 21:46:59 | Zero Trust Race is On: Do You Have the Right Engine? (lien direct) |
The shift to a Zero Trust security model has become a top priority for many organizations, driven by record levels of ransomware attacks and a rapidly expanding attack surface stemming from the move to remote work and accelerated cloud adoption. |
Ransomware | ||
|
2021-11-08 21:38:08 | U.S. Charges Ukrainian Hacker for Kaseya Attack; Seizes $6 Million from REvil Gang (lien direct) | The U.S. government on Monday charged a Ukrainian suspect, arrested in Poland last month, with deploying REvil ransomware to target multiple businesses and government entities in the country, including perpetrating the attack against software company Kaseya, marking the latest action to crack down on the cybercrime group and curb further attacks.
According to unsealed court documents, |
Ransomware | ||
|
2021-11-08 20:33:29 | Ransomware attack disrupted store operations in the Netherlands and Germany (lien direct) | Electronics retail giant MediaMarkt was hit by a ransomware attack that disrupted store operations in the Netherlands and Germany. Electronics retail giant MediaMarkt was a victim of a ransomware attack that forced the company to shut down its IT infrastructure to contain the threat and disrupted store operations in the Netherlands and Germany. Media Markt is a […] | Ransomware Threat | ||
|
2021-11-08 19:47:28 | U.S. Charges Two Suspected Major Ransomware Operators (lien direct) | Two suspected criminal hackers have been charged in the United States in connection with a wave of ransomware attacks, including one that led to the temporary shutdown of the world's largest meat processor and another that snarled businesses around the globe on the Fourth of July weekend, U.S. | Ransomware | ||
|
2021-11-08 19:41:04 | Suspected REvil Ransomware Affiliates Arrested in Global Takedown (lien direct) | Romanian law enforcement authorities have announced the arrest of two individuals for their roles as affiliates of the REvil ransomware family, dealing a severe blow to one of the most prolific cybercrime gangs in history.
The suspects are believed to have orchestrated more than 5,000 ransomware attacks and extorted close to $600,000 from victims, according to Europol. The arrests, which |
Ransomware | ||
|
2021-11-08 19:11:32 | U.S. offers $10 million reward for leaders of REvil ransomware (lien direct) | The U.S. is offering up to $10 million for identifying or locating leaders in the REvil (Sodinokibi) ransomware operation, including $5 million leading to the arrest of affiliates. [...] | Ransomware Guideline | ||
|
2021-11-08 18:41:38 | US Treasury Sanctions Crypto Exchange in Anti-Ransomware Crackdown (lien direct) | The U.S. government's aggressive anti-ransomware crackdown is showing no signs of slowing down with the Treasury Department announcing sanctions against a cryptocurrency exchange and new multi-million-dollar rewards for information on the REvil ransomware group. | Ransomware | ||
|
2021-11-08 16:45:37 | Europol Announces Arrests of 7 People Linked to REvil, GandCrab Ransomware (lien direct) | Europol on Monday announced that law enforcement agencies in several countries have arrested a total of seven people allegedly linked to REvil and GandCrab ransomware operations. | Ransomware | ||
|
2021-11-08 14:57:32 | Operation Cyclone targets Clop Ransomware affiliates (lien direct) | Operation Cyclone – Six alleged affiliates with the Clop ransomware operation were arrested in an international joint law enforcement operation led by Interpol. Interpol announced the arrest of six alleged affiliates with the Clop ransomware operation as part of an international joint law enforcement operation codenamed Operation Cyclone. Law enforcement authorities from South Korea, Ukraine, […] | Ransomware | ||
|
2021-11-08 13:26:45 | (Déjà vu) US sanctions Chatex cryptoexchange used by ransomware gangs (lien direct) | The US Treasury Department announced today sanctions against the Chatex cryptocurrency exchange for helping ransomware gangs evade sanctions and facilitating ransom transactions. [...] | Ransomware | ||
|
2021-11-08 13:18:02 | US seizes $6 million from REvil ransomware, arrest Kaseya hacker (lien direct) | The United States Department of Justice today has announced charges against a REvil ransomware affiliate responsible for the attack against the Kaseya MSP platform on July 2nd and seizing more than $6 million from another REvil partner. [...] | Ransomware | ||
|
2021-11-08 12:44:32 | Six Arrested for Roles in Clop Ransomware Operation (lien direct) | Six individuals allegedly associated with the Clop ransomware operation were arrested in a global law enforcement operation, Interpol announced. Authorities in South Korea, Ukraine, and the United States, under Interpol's coordination, were involved in the 30-month investigation dubbed Operation Cyclone. | Ransomware | ||
 |
2021-11-08 11:30:00 | REvil associates arrested in international ransomware crackdown (lien direct) | Pas de details / No more details | Ransomware | ||
|
2021-11-08 09:55:00 | Interpol Hunts for Remaining Clop Ransomware Members (lien direct) | Operation Cyclone led to several arrests in June | Ransomware | ||
|
2021-11-08 09:51:57 | REvil ransomware affiliates arrested in Romania and Kuwait (lien direct) | Romanian law enforcement authorities have arrested two suspects believed to be Sodinokibi/REvil ransomware affiliates, allegedly responsible for infecting thousands of victims. [...] | Ransomware | ||
|
2021-11-08 09:27:49 | (Déjà vu) MediaMarkt hit by Hive ransomware, initial $240 million ransom (lien direct) | Electronics retail giant MediaMarkt has suffered a Hive ransomware with an initial ransom demand of $240 million, causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany. [...] | Ransomware | ||
|
2021-11-08 09:27:49 | Electronics retail giant MediaMarkt hit by ransomware attack (lien direct) | Electronics retail giant MediaMarkt has suffered a ransomware attack causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany. [...] | Ransomware | ||
 |
2021-11-08 07:58:13 | Cybersecurity firms provide threat intel for Clop ransomware group arrests (lien direct) | The crackdown was codenamed Operation Cyclone. | Ransomware Threat |
To see everything:
Our RSS (filtrered)
