What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-04 16:17:10 | ESXiArgs Ransomware Attack Targets VMware Servers Worldwide (lien direct) | The vulnerability, tracked as CVE-2021-21974, is caused by a stack overflow issue in the OpenSLP... | Ransomware | ★★★★ | |
 |
2023-02-04 11:00:00 | New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (lien direct) | VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team (CERT) of France said in an advisory on Friday. VMware, in its own alert released at the time, described the issue as an | Ransomware | ★★★ | |
 |
2023-02-03 14:20:48 | Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide (lien direct) | Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware. [...] | Ransomware Vulnerability | ★★★ | |
 |
2023-02-03 08:30:00 | LockBit gang confirms Ion cyber attack as disruption continues (lien direct) | Pas de details / No more details | Ransomware | ★★★ | |
 |
2023-02-03 07:30:10 | LockBit claims responsibility for ION ransomware attack but US/UK hounds are sniffing (lien direct) | Crims put a February 4 deadline for software provider to pay up UK regulators are investigating a cyberattack against financial technology firm ION, while the LockBit ransomware gang has threatened to publish the stolen data on February 4 if the software provider doesn't pay up.… | Ransomware | ★★ | |
 |
2023-02-02 20:53:00 | Cyberattack on Fintech Firm Disrupts Derivatives Trading Globally (lien direct) | The Russia-linked LockBit ransomware group claims to be behind the attack that fouled automated transactions for dozens of clients of financial technology firm ION Group. | Ransomware | ★★★ | |
 |
2023-02-02 15:54:42 | QNAP warns of new bug prompting worries of potential Deadbolt ransomware exploitation (lien direct) |  QNAP is warning customers to update their devices after a vulnerability was discovered making thousands of devices susceptible to attack |
Ransomware Vulnerability | ★★ | |
 |
2023-02-02 15:02:26 | Ransomware attack halts London trading (lien direct) | Ion Markets, a financial data group crucial to the financial plumbing underlying the derivatives trading industry, has fallen prey to the cybercrime group Lockbit. The company has revealed that 42 clients have been affected by the attack, which has caused major disruption in its cleared derivatives division. Reports suggest that some clients have been unable […] | Ransomware | ★★★ | |
|
2023-02-02 13:57:35 | Ransomware gang attempts to extort UK school by posting files about at-risk children (lien direct) |  The Vice Society group apparently posted files that included safeguarding reports, which record information about at-risk students |
Ransomware | ★★ | |
 |
2023-02-02 12:00:00 | Cyber Insights 2023: Ransomware (lien direct) | >The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions. | Ransomware | ★★ | |
 |
2023-02-02 11:39:52 | Ransomware Gang Stole Customer Data, Arnold Clark Confirms (lien direct) | >Our CEO Brian Honan speaks to Data Breach Today at Information Security Media Group (ISMG) about the Arnold Clark Ransomware attack. Read More > | Ransomware Data Breach | ★ | |
 |
2023-02-02 10:02:17 | City Of London Traders Hit By Russia-Linked Cyberattack (lien direct) | Following an attack on a firm that is crucial to the British financial system by a ransomware group with Russian ties, trading in the City of London has fallen into disarray. A top official in the US Treasury Department said on Wednesday that the hack on a UK-based software company that disrupted some futures trading […] | Ransomware Hack | ★★ | |
|
2023-02-02 09:31:06 | Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk (lien direct) | With the proliferation of cyber attacks in all industries, organizations are beginning to grasp the growing significance of cyber risk and how this is an integral part of protecting and maintaining an efficient business. Ransomware is the single biggest cyber threat to global businesses; in fact, during the first half of 2022 alone, there were […] | Ransomware Threat | ★★ | |
 |
2023-02-02 09:30:00 | City of London on High Alert After Ransomware Attack (lien direct) | Critical trading software firm Ion is compromised | Ransomware | ★ | |
 |
2023-02-02 09:24:00 | (Déjà vu) Ransomware Roundup – Trigona Ransomware (lien direct) | In this week's Ransomware Roundup, FortiGuardLabs covers Trigona ransomware along with protection recommendations. Read the blog to find out more. | Ransomware | ★★ | |
|
2023-02-02 09:13:26 | Ransomware attack on ION Group impacts derivatives trading market (lien direct) | The LockBit ransomware gang has claimed responsibility for the cyberattack on ION Group, a UK-based software company whose products are used by financial institutions, banks, and corporations for trading, investment management, and market analytics. [...] | Ransomware | ★★ | |
|
2023-02-02 09:00:00 | Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms (lien direct) | An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage. | Ransomware Threat | APT 38 | ★★ |
|
2023-02-02 06:55:00 | Suspected LockBit ransomware attack causes havoc in City of London (lien direct) | Pas de details / No more details | Ransomware | ★ | |
|
2023-02-02 06:15:00 | Arnold Clark customer data was stolen in Play ransomware attack (lien direct) | Pas de details / No more details | Ransomware | ★ | |
 |
2023-02-02 01:00:00 | APT groups use ransomware TTPs as cover for intelligence gathering and sabotage (lien direct) | State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea's Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns.At the same time, some Chinese APTs that were traditionally targeting entities in Asia shifted their focus to European companies, while Iran-based groups that traditionally targeted Israeli companies started going after their foreign subsidiaries. At least one North Korean group that was focused on South Korea and Russia has started using English in its operations. All these operational changes suggest organizations and companies from Western countries are at increased risk from APT activity.To read this article in full, please click here | Ransomware Threat Medical | APT 38 | ★★ |
 |
2023-02-02 00:02:43 | (Déjà vu) ASEC Weekly Malware Statistics (January 23rd, 2023 – January 29th, 2023) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 23rd, 2023 (Monday) to January 29th, 2023 (Sunday). For the main category, downloader ranked top with 44.2%, followed by Infostealer with 34.3%, backdoor with 18.5%, ransomware with 2.6%, and CoinMiner with 0.4%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 24.0%. The malware is distributed via malware disguised... | Ransomware Malware | ★★ | |
|
2023-02-01 18:46:19 | \'Global markets\' impacted by ransomware attack on financial software company (lien direct) |  A ransomware attack on Dublin-based software company ION Group has impacted the trading of financial derivatives on international markets. ION Group describes itself as enabling “financial institutions, central banks and corporations to digitize and automate their most business critical processes.” A pop-up notice on its site on Wednesday warned that “a cybersecurity event” that struck [… |
Ransomware | ★★★ | |
|
2023-02-01 18:00:00 | Ransomware Attack Forces Closure of Nantucket Schools (lien direct) | The district's superintendent Elizabeth Hallett announced the decision in an email to parents | Ransomware | ★★★ | |
|
2023-02-01 17:12:21 | K-12 schools in Tucson, Nantucket respond to cyberattacks (lien direct) |  The disruptions to school networks in Arizona and Massachusetts follow a string of similar K-12 ransomware incidents |
Ransomware | ★★ | |
 |
2023-02-01 15:02:18 | Une chaîne de télévision attaquée par un ransomware (lien direct) | LockBit s'attribue la cyber attaque à l'encontre d'un groupe télévisuel. C'est la seconde fois que ce media tombe sous les coups de hackers !... | Ransomware | ★★ | |
|
2023-02-01 14:32:07 | Ransomware Leads to Nantucket Public Schools Shutdown (lien direct) | >Nantucket's public schools shut its doors to students and teachers after a data encryption and extortion attack on its computer systems. | Ransomware | ★★ | |
 |
2023-02-01 13:50:21 | Neustar Security Services is introducing UltraDDR (lien direct) | New DNS detection and response service safeguards user internet traffic and enforces enterprise acceptable use policies Neustar Security Services, a leading provider of cloud-based security services that enable global businesses to thrive online, is introducing UltraDDR (DNS Detection and Response), a recursive DNS-based protection service aimed at combatting network breaches, ransomware and phishing and supply chain compromise attacks, while enforcing enterprise acceptable use policies for its users. - Product Reviews | Ransomware Guideline | ★ | |
|
2023-02-01 13:38:40 | Arnold Clark customer data stolen in attack claimed by Play ransomware (lien direct) | Arnold Clark, self-described as Europe's largest independent car retailer, is notifying some customers that their personal information has been stolen in a December 23 cyberattack claimed by the Play ransomware group. [...] | Ransomware | ★★★ | |
 |
2023-02-01 11:00:00 | The top 8 Cybersecurity threats facing the automotive industry heading into 2023 (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Most, if not all, industries are evolving on a digital level heading into 2023 as we take the journey to edge computing. But the automotive industry is experiencing technological innovation on another level. A rise in the production of connected vehicles, new autonomous features, and software that enables cars to self-park and self-drive are great examples of the digital evolution taking the automotive industry by storm. According to the AT&T 2022 Cybersecurity Insights (CSI) Report, 75% of organizations plan to implement edge security changes to help mitigate the kind of risks that affect cars, trucks, fleets, and other connected vehicles and their makers. And for a good reason. These automotive features and advancements have offered cybercriminals an array of new opportunities when it comes to cyberattacks. There are several ways that threat actors are targeting the automotive industry, including tried and true methods and new attack vectors. In this article, you’ll learn about the top 8 cybersecurity threats facing the automotive industry heading into 2023 and what the industry can do to prevent threats. Automotive Cybersecurity threats As autos increasingly come with connectivity features, remote threats are more likely. A recent report revealed that 82% of attacks against the automotive industry (including consumer vehicles, manufacturers, and dealerships) were carried out remotely. Plus, half of all vehicle thefts involved keyless entry. Automakers, dealers, and consumers play a role in automotive cybersecurity. But as the industry continues to adopt connected technologies, it will become increasingly important that organizations take a proactive approach to cybersecurity. When it comes to automotive threats, there are countless methods that hackers use to steal vehicles and driver information and cause problems with the vehicle’s functioning. Let’s explore the top 8 cybersecurity threats facing the automotive industry this year. Keyless car theft As one of the most prominent threats, keyless car theft is a major concern for the automotive industry. Key fobs today give car owners the ability to lock and unlock their doors by standing near their vehicle and even start their car without the need for a physical key. Autos enabled with keyless start and keyless entry are prone to man-in-the-middle attacks that can intercept the data connection between the car and the key fob itself. Hackers take advantage of these systems to bypass authentication protocols by tricking the components into thinking they are in proximity. Then the attacker can open the door and start the vehicle without triggering any alarms. EV charging station exploitation Electric vehicles are becoming more popular as the globe transitions to environmental technologies. Charging stations allow EV owners to charge their vehicles in convenient locations such as public parking lots, parks, and even their own garages. When you charge an EV at a charging station, data transfers between the car, the charging station, and the company that owns the device. This data chain presents many ways threat actors can exploit an EV charging station. Malware, fraud, remote manipulation, and even disabling charging stations are all examples of ways hackers take advantage of EV infrastructure. Infotainment system attacks Modern cars require | Ransomware Malware Vulnerability Threat | ★★★ | |
|
2023-02-01 09:30:00 | Nearly 30,000 QNAP Devices Exposed Via New Bug (lien direct) | Vulnerability could be exploited by ransomware groups | Ransomware Vulnerability | ★★★ | |
|
2023-01-31 23:29:34 | TZW Ransomware Being Distributed in Korea (lien direct) | Through internal monitoring, the ASEC analysis team recently discovered the distribution of the TZW ransomware, which encrypts files before adding the “TZW” file extension to the original extension. This ransomware is being propagated with the version info marked as “System Boot Info”, disguising itself as a normal program file related to boot information. It was created in a .NET format and includes a loader and the actual ransomware data within it. It ultimately loads and executes the ransomware file through... | Ransomware | ★★ | |
 |
2023-01-31 20:04:22 | Ransomware Targets are Getting Larger and Paying More as Fewer Victims Are Paying the Ransom (lien direct) |
|
Ransomware | ★★★ | |
|
2023-01-31 19:00:45 | LockBit takes credit for November ransomware attack on Sacramento PBS station (lien direct) |  The LockBit ransomware group this week said it was responsible for a November ransomware attack on a public broadcasting affiliate in Sacramento, California. The high-profile cybercrime gang made the claim on the dark web site where it leaks victims’ data. The PBS station KVIE announced the attack on November 23, noting that some of its [… |
Ransomware | ★★★ | |
 |
2023-01-31 17:27:00 | Anomali Cyber Watch: KilllSomeOne Folders Invisible in Windows, Everything APIs Abuse Speeds Up Ransomware, APT38 Experiments with Delivery Vectors and Backdoors (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, Cryptocurrency, Data leak, Iran, North Korea, Phishing, Ransomware, and USB malware. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Chinese PlugX Malware Hidden in Your USB Devices?
(published: January 26, 2023)
Palo Alto researchers analyzed a PlugX malware variant (KilllSomeOne) that spreads via USB devices such as floppy, thumb, or flash drives. The variant is used by a technically-skilled group, possibly by the Black Basta ransomware. The actors use special shortcuts, folder icons and settings to make folders impersonating disks and a recycle bin directory. They also name certain folders with the 00A0 (no-break space) Unicode character thus hindering Windows Explorer and the command shell from displaying the folder and all the files inside it.
Analyst Comment: Several behavior detections could be used to spot similar PlugX malware variants: DLL side loading, adding registry persistence, and payload execution with rundll32.exe. Incidents responders can check USB devices for the presence of no-break space as a folder name.
MITRE ATT&CK: [MITRE ATT&CK] T1091 - Replication Through Removable Media | [MITRE ATT&CK] T1559.001 - Inter-Process Communication: Component Object Model | [MITRE ATT&CK] T1547.009 - Boot or Logon Autostart Execution: Shortcut Modification | [MITRE ATT&CK] T1574.002 - Hijack Execution Flow: Dll Side-Loading | [MITRE ATT&CK] T1036 - Masquerading | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information | [MITRE ATT&CK] T1564.001: Hidden Files and Directories | [MITRE ATT&CK] T1105 - Ingress Tool Transfer
Tags: detection:PlugX, detection:KilllSomeOne, USB, No-break space, file-type:DAT, file-type:EXE, file-type:DLL, actor:Black Basta, Windows
Abraham's Ax Likely Linked to Moses Staff
(published: January 26, 2023)
Cobalt Sapling is an Iran-based threat actor active in hacking, leaking, and sabotage since at least November 2020. Since October 2021, Cobalt Sapling has been operating under a persona called Moses Staff to leak data from Israeli businesses and government entities. In November 2022, an additional fake identity was created, Abraham's Ax, to target government ministries in Saudi Arabia. Cobalt Sapling uses their custom PyDCrypt loader, the StrifeWater remote access trojan, and the DCSrv wiper styled as ransomware.
Analyst Comment: A defense-in-depth approach can assist in creating a proactive stance against threat actors attempting to destroy data. Critical systems should be segregated from each other to minimize potential damage, with an |
Ransomware Malware Tool Threat Medical | APT 38 | ★★★ |
|
2023-01-31 14:01:13 | British government minister told council to keep quiet after ransomware attack (lien direct) |  An unnamed British government minister told the leader of Redcar and Cleveland Borough Council to keep quiet about the impact of a “catastrophic” ransomware attack two years ago, a parliamentary committee was told on Monday. The pressure from central government to not discuss the impact of the attack “caused us a lot of issues,” said [… |
Ransomware Guideline | ★★ | |
 |
2023-01-31 12:03:28 | Ransomware Payments Are Down (lien direct) | Chainalysis reports that worldwide ransomware payments were down in 2022. Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. As always, we have to caveat these findings by noting that the true totals are much higher, as there are cryptocurrency addresses controlled by ransomware attackers that have yet to be identified on the blockchain and incorporated into our data. When we published last year’s version of this report, for example, we had only identified $602 million in ransomware payments in 2021... | Ransomware | ★★★ | |
|
2023-01-31 08:04:00 | BrandPost: Is Your Organization Security Resilient? Here\'s How to Get There (lien direct) | Security resilience is top of mind for the vast majority of executives; 96% say its highly important to their business, according to the Cisco Security Outcomes Report, Volume 3.And with good reason: data breaches, ransomware, and other cyberattacks continue to plague organizations. In fact, the Cisco report found that 62% of organizations have experienced a security event that affected their resilience, including: 52% experienced a network or data breach 51% suffered a network or system outage 47% were affected by a ransomware event 46% reported a DDoS attack All these incidents are a big deal, many with negative impact: interrupted IT/communications, disrupted supply chain, impaired internal operations, lasting brand damage, loss of competitive advantage, and much more.To read this article in full, please click here | Ransomware | ★ | |
|
2023-01-30 22:00:28 | Ransomware attack on Indianapolis Housing Agency leaks sensitive info on 200,000 residents (lien direct) |  The Indianapolis Housing Agency is notifying more than 200,000 people that their information, including Social Security numbers and more, was leaked during a ransomware attack in that began in September. The federally-funded agency is responsible for providing housing to low-income tenants across Indianapolis. It did not respond to requests for comment in October when the [… |
Ransomware | ★★★ | |
 |
2023-01-30 17:00:00 | Ransomware du Nevada - en attente du prochain jackpot Web sombre Nevada Ransomware - Waiting For The Next Dark Web Jackpot (lien direct) |
Pas de details / No more details | Ransomware | ★★ | |
 |
2023-01-30 15:37:36 | 30th January – Threat Intelligence Report (lien direct) | >For the latest discoveries in cyber research for the week of 30th January, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHE The ALPHV/BlackCat Ransomware group has allegedly hacked Westmont Hospitality Group, one of the largest privately-held hospitality businesses in the world. They claim to have obtained access to 262GB of the company’s data. Check […] | Ransomware Threat | ★★ | |
 |
2023-01-30 12:00:00 | The Untold Story of a Crippling Ransomware Attack (lien direct) | More than two years ago, criminals crippled the systems of London's Hackney Council. It's still fighting to recover. | Ransomware | ★★ | |
|
2023-01-30 00:57:25 | (Déjà vu) ASEC Weekly Malware Statistics (January 16th, 2023 – January 22nd, 2023) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 16th, 2022 (Monday) to January 22nd, 2023 (Sunday). For the main category, Infostealer ranked top with 43.0%, followed by downloader with 30.06%, backdoor with 19.9%, ransomware with 3.8%, CoinMiner 2.4%, and baking malware with 0.3%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 20.3%. The malware is distributed... | Ransomware Malware | ★★ | |
|
2023-01-27 23:59:06 | Uncle Sam slaps $10m bounty on Hive while Russia ban-hammers FBI, CIA (lien direct) | New meaning to sweetening the pot Uncle Sam has put up a $10 million reward for intel on Hive ransomware criminals' identities and whereabouts, while Russia has blocked the FBI and CIA websites, along with the Rewards for Justice site offering the bounty.… | Ransomware | ★★ | |
|
2023-01-27 20:45:09 | Ransomware experts laud Hive takedown but question impact without arrests (lien direct) |  The Justice Department’s splashy announcement of the takedown of the Hive ransomware group’s infrastructure on Thursday was reminiscent of other recent high-profile operations against the scourge of ransomware. But the details of the operation set it apart from other ransomware group takedowns in recent years. FBI Director Christopher Wray said agents with the FBI's Tampa [… |
Ransomware | ★★ | |
 |
2023-01-27 12:49:55 | Ransomware : le FBI a piraté les hackers derrière l\'attaque d\'Altice (lien direct) |  Les pirates derrière le ransomware Hive ont subi un sérieux revers. Le FBI est en effet parvenu à pénétrer dans l'infrastructure du gang pour couper leur source de revenus. |
Ransomware | ★★★ | |
|
2023-01-27 10:43:00 | Global ransomware giant, Hive, shut down by FBI (lien direct) | Global ransomware giant, Hive, shut down by FBI - Malware Update | Ransomware | ★★ | |
|
2023-01-27 10:23:47 | Le FBI fait tomber Hive : le commentaire de Tenable (lien direct) | Ce jeudi, des informations ont circulé selon lesquelles le FBI avait secrètement piraté et perturbé un gang de ransomware prolifique appelé Hive, une manœuvre qui a permis au bureau d'empêcher le groupe de collecter plus de 130 millions de dollars en demandes de ransomware auprès de plus de 300 victimes. Le commentaire de Satnam Narang, Senior Staff Research Engineer, Tenable. "Les actions entreprises par les agences américaines pour perturber de l'intérieur le fonctionnement du groupe de (...) - Malwares | Ransomware | ★ | |
|
2023-01-27 10:15:00 | Global Action "Dismantles" Hive Ransomware Group (lien direct) | FBI distributes hundreds of decryption keys to victims | Ransomware | ★★ | |
|
2023-01-27 08:05:53 | Malicious Actors in Dark Web: December 2022 Ransomware Landscape (lien direct) | Ransomware is one of the more common cyberattack types in the news. Behind the scenes... | Ransomware | ★★ | |
|
2023-01-27 03:16:00 | FBI takes down Hive ransomware group in an undercover operation (lien direct) | The US Department of Justice (DOJ) along with international partners have taken down the Hive ransomware group. The operation that began in July 2022 resulted in the FBI penetrating Hive's computer networks, capturing its decryption keys, and offering them to victims worldwide, preventing victims from having to pay the $130 million in ransom demanded, DOJ said in a release on Thursday. “Last night, the Justice Department dismantled an international ransomware network responsible for extorting and attempting to extort hundreds of millions of dollars from victims in the United States and around the world,” Attorney General Merrick B. Garland said in the release. To read this article in full, please click here | Ransomware | ★★ |
To see everything:
Our RSS (filtrered)
