Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
![globalsecuritymag.webp](./Ressources/img/globalsecuritymag.webp) |
2022-10-27 12:40:28 |
L\'emploi des outils de détection et de réponse à incident reste sous-estimé dans le secteur des finances (lien direct) |
Selon une étude de Trend Micro, près de 2 entreprises sur 5 du secteur des services financiers n'utilisent pas d'outils de détection et de réponse à incident au niveau du réseau (40 %) ou au niveau des terminaux (39 %). Trend Micro Incorporated, entreprise japonaise parmi les leaders mondiaux en matière de cybersécurité, présente un nouveau volet de son étude 'Everything is connected : uncovering the ransomware threat from global supply chains'. Ce dernier porte sur l'évaluation des entreprises de leur (...)
-
Investigations |
Ransomware
Threat
Guideline
|
|
|
![SecurityWeek.webp](./Ressources/img/SecurityWeek.webp) |
2022-10-27 10:46:52 |
Industrial Ransomware Attacks: New Groups Emerge, Manufacturing Pays Highest Ransom (lien direct) |
Industrial organizations continue to be a top target for ransomware attacks, and reports published by cybersecurity companies this week reveal some recent trends.
|
Ransomware
|
|
|
![Mandiant.webp](./Ressources/img/Mandiant.webp) |
2022-10-27 10:00:00 |
Cyber Security Forecast 2023 avec Sandra Joyce, responsable mandiant de l'intelligence mondiale Cyber Security Forecast 2023 with Sandra Joyce, Mandiant Head of Global Intelligence (lien direct) |
Il est difficile de croire que 2022 se terminera bientôt.Surtout dans l'industrie de la cybersécurité, nous avons tendance à être tellement concentrés sur l'ici et maintenant que nous pouvons oublier de penser aux batailles que nous attendons de combattre dans un avenir proche.
Les adversaires sont toujours une longueur d'avance sur les défenseurs, donc penser à l'avance et être préparé est particulièrement important.Pour nous aider à comprendre ce que nous devrions nous préparer en 2023, nous nous sommes tournés vers Sandra Joyce, chef mandiant de l'intelligence mondiale.
Url vidéo distante
Sandra a beaucoup de grandes idées sur les quatre grands, les ransomwares et plus, mais il faut plus qu'un seul
It\'s hard to believe 2022 will be coming to an end soon. Especially in the cyber security industry, we tend to be so focused on the here and now that we can forget to think about the battles we expect to be fighting in the near future.
Adversaries are always one step ahead of defenders, so thinking ahead and being prepared is particularly important. To help us get a sense of what we should be preparing for in 2023, we turned to Sandra Joyce, Mandiant Head of Global Intelligence.
Remote video URL
Sandra has a lot of great insights about the Big Four, ransomware and more, but it takes more than a single |
Ransomware
|
|
★★
|
![itsecurityguru.webp](./Ressources/img/itsecurityguru.webp) |
2022-10-27 09:48:28 |
Medibank Admits That All Customer Data Was Exposed (lien direct) |
As reported by Medibank, an Australian health insurance giant, every one of its customers had their personal information accessed by ransomware actors-which happened a few days after Medibank had downplayed the aftermath of a recent breach. In a newly issued statement, Medibank admitted that the threat actors might have compromised all of its customers' personal […]
|
Ransomware
Threat
|
|
|
![Blog.webp](./Ressources/img/Blog.webp) |
2022-10-27 00:16:33 |
(Déjà vu) ASEC Weekly Malware Statistics (October 17th, 2022 – October 23rd, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 17th, 2022 (Monday) to October 23rd (Sunday). For the main category, info-stealer ranked top with 52.7%, followed by downloader with 37.0%, backdoor with 8.8%, ransomware with 1.0%, and banking malware with 0.5%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 23.4%. It is an info-stealer that leaks...
|
Ransomware
Malware
|
|
|
![Darktrace.webp](./Ressources/img/Darktrace.webp) |
2022-10-27 00:00:00 |
When speedy attacks aren\'t enough: Prolonging Quantum Ransomware (lien direct) |
Whilst Quantum Ransomware has been characterized by speedy and efficient attacks, Darktrace recently detected a surprising incident where the group used a long dwell time to achieve their goals. This blog explores the effect of this group's change in strategy and DETECT/Network's coverage over the event. |
Ransomware
|
|
|
![MalwarebytesLabs.webp](./Ressources/img/MalwarebytesLabs.webp) |
2022-10-26 23:45:00 |
US agencies issue warning about DAIXIN Team ransomware (lien direct) |
>Categories: NewsCategories: RansomwareTags: DAIXIN
Tags: FBI
Tags: CISA
Tags: HHS
Tags: ransomware team
Tags: DAIXIN Team
Tags: ransomware
The FBI, CISA, and HSH have issued a joint advisory about a new threat to healthcare organizations
(Read more...)
|
Ransomware
Threat
|
|
★★
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-10-26 17:00:00 |
Vice Society Ransomware Campaigns Continue to Impact US Education Sector (lien direct) |
In several cases, the group did not deploy ransomware and performed extortion using stolen data |
Ransomware
|
|
|
![itsecurityguru.webp](./Ressources/img/itsecurityguru.webp) |
2022-10-26 15:40:39 |
Hive Group Admits to Leaking Data in Tata Power Ransomware Attack (lien direct) |
Reports have said that the Hive ransomware-as-a-service (RaaS) group has claimed responsibility for the cyber-attack against Tata Power disclosed by the company on October 14 and believed to have occurred on October 3. “The company has taken steps to retrieve and restore the systems. All critical operational systems are functioning,” the Mumbai-based company said at the time. Security researcher […]
|
Ransomware
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-10-26 15:00:00 |
Hive Ransomware Group Leaks Data Stolen in Tata Power Cyber-Attack (lien direct) |
The leak reportedly affected several of Tata's 12 million customers and included various PII |
Ransomware
|
|
|
![The_Hackers_News.webp](./Ressources/img/The_Hackers_News.webp) |
2022-10-26 13:43:00 |
Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector (lien direct) |
A cybercrime group known as Vice Society has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors.
The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the group avoids deploying ransomware in some cases and rather likely carries out extortion using |
Ransomware
Threat
|
|
|
![Dragos.webp](./Ressources/img/Dragos.webp) |
2022-10-26 13:00:00 |
Dragos Industrial Ransomware Analysis: Q3 2022 (lien direct) |
>Ransomware continues to be one of the most threatening financial and operational risks to industrial organizations worldwide during the third...
The post Dragos Industrial Ransomware Analysis: Q3 2022 first appeared on Dragos. |
Ransomware
|
|
★★★★
|
![no_ico.webp](./Ressources/img/no_ico.webp) |
2022-10-26 11:03:08 |
Hive Group Admits to Tata Power Ransomware Attack (lien direct) |
It has been reported that Hive ransomware group has claimed responsibility for a cyber attack disclosed by Tata Power this month. A subsidiary of the multinational conglomerate Tata Group, Tata Power is India’s largest integrated power company based in Mumbai. |
Ransomware
|
|
|
![no_ico.webp](./Ressources/img/no_ico.webp) |
2022-10-26 10:11:13 |
(Déjà vu) COMMENT: CISA Warns Health Organisations Of Targeted Ransomware Attack by Daixin Hackers (lien direct) |
It has been reported that U.S. cybersecurity and intelligence agencies have published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country. The alert was published Friday by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health […] |
Ransomware
|
|
|
![globalsecuritymag.webp](./Ressources/img/globalsecuritymag.webp) |
2022-10-26 09:44:15 |
Est-il judicieux de désactiver son antivirus quand on joue en ligne ? (lien direct) |
Les ransomware et l'hameçonnage représentent actuellement les plus grandes menaces de cybersécurité. Il est donc encore plus important de choisir le bon logiciel de protection PC. Certains vous diront que les gamers ont intérêt à désactiver leur antivirus pour une meilleure expérience de jeu. En effet, certains programmes antivirus sont réputés ralentir la rapidité de jeu, mais désactiver un antivirus, c'est exposer le système à des risques et l'utilisateur à des cyberattaques. Mieux vaut donc toujours (...)
-
Points de Vue |
Ransomware
|
|
|
![Trend.webp](./Ressources/img/Trend.webp) |
2022-10-26 00:00:00 |
Addressing Ransomware in Hospitals & Medical Devices (lien direct) |
Ransomware attacks have been on the rise in recent years, and hospitals are increasingly becoming targets. In many cases, these attacks can have devastating consequences, disrupting vital services and putting patients' lives at risk. |
Ransomware
|
|
|
![The_Hackers_News.webp](./Ressources/img/The_Hackers_News.webp) |
2022-10-25 19:28:00 |
Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company (lien direct) |
The Hive ransomware-as-a-service (RaaS) group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago.
The incident is said to have occurred on October 3, 2022. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme.
This allegedly comprises |
Ransomware
Threat
|
|
|
![Anomali.webp](./Ressources/img/Anomali.webp) |
2022-10-25 16:53:00 |
Anomali Cyber Watch: Daixin Team Ransoms Healthcare Sector, Earth Berberoka Breaches Casinos for Data, Windows Affected by Bring-Your-Own-Vulnerable-Driver Attacks, and More (lien direct) |
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, DDoS, Infostealers, Iran, Ransomware, and Russia. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Alert (AA22-294A) #StopRansomware: Daixin Team
(published: October 21, 2022)
Daixin Team is a double-extortion ransomware group that has been targeting US businesses, predominantly in the healthcare sector. Since June 2022, Daixin Team has been encrypting electronic health record services, diagnostics services, imaging services, and intranet services. The group has exfiltrated personal identifiable information and patient health information. Typical intrusion starts with initial access through virtual private network (VPN) servers gained by exploitation or valid credentials derived from prior phishing. They use SSH and RDP for lateral movement and target VMware ESXi systems with ransomware based on leaked Babuk Locker source code.
Analyst Comment: Network defenders should keep organization’s VPN servers up-to-date on security updates. Enable multifactor authentication (MFA) on your VPN server and other critical accounts (administrative, backup-related, and webmail). Restrict the use of RDP, SSH, Telnet, virtual desktop and similar services in your environment.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Account Manipulation - T1098 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Remote Service Session Hijacking - T1563 | [MITRE ATT&CK] Use Alternate Authentication Material - T1550 | [MITRE ATT&CK] Exfiltration Over Web Service - T1567 | [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: actor:Daixin Team, malware-type:Ransomware, PHI, SSH, RDP, Rclone, Ngrok, target-sector:Health Care NAICS 62, ESXi, VMware, Windows
Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool
(published: October 21, 2022)
Symantec detected a new custom data exfiltration tool used in a number of BlackByte ransomware attacks. This infostealer, dubbed Exbyte, performs anti-sandbox checks and proceeds to exfiltrate selected file types to a hardcoded Mega account. BlackByte ransomware-as-a-service operations were first uncovered in February 2022. The group’s recent attacks start with exploiting public-facing vulnerabilities of ProxyShell and ProxyLogon families. BlackByte removes Kernel Notify Routines to bypass Endpoint Detection and Response (EDR) products. The group uses AdFind, AnyDesk, Exbyte, NetScan, and PowerView tools and deploys BlackByte 2.0 ransomware payload.
Analyst Comment: It is crucial that your company ensures that servers are |
Ransomware
Malware
Tool
Vulnerability
Threat
Medical
|
APT 38
|
|
![Fortinet.webp](./Ressources/img/Fortinet.webp) |
2022-10-25 13:44:00 |
5 Ransomware Protection Strategies for 2023 (lien direct) |
Ransomware continues to be a top threat CISOs are concerned about. Read more about effective ransomware mitigation strategies and how you can protect your organization. |
Ransomware
Threat
|
|
|
![SecurityAffairs.webp](./Ressources/img/SecurityAffairs.webp) |
2022-10-25 11:44:24 |
Hive ransomware gang starts leaking data allegedly stolen from Tata Power (lien direct) |
>The Hive ransomware gang, which claimed the responsibility for the Tata Power data breach, started leaking data. On October 14, Tata Power, India's largest power generation company, announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company. The company confirmed that the security breach impacted “some of […]
|
Ransomware
Threat
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-10-25 09:45:00 |
Ukraine Warns of Cuba Ransomware Campaign (lien direct) |
Financially motivated affiliate appears to be to blame |
Ransomware
|
|
|
![globalsecuritymag.webp](./Ressources/img/globalsecuritymag.webp) |
2022-10-25 08:41:02 |
Mimecast dévoile son étude sur le coût total des ransomwares et leurs impacts sur les responsables informatiques en France (lien direct) |
Mimecast, la solution de cybersécurité cloud opérant pour les mails, les données et le web dévoile sa nouvelle étude faisant l'état des lieux du coût des ransomware et de leurs impacts sur les DSI en France. 87% des répondants déclarent que le nombre de cyberattaques contre leur entreprise a augmenté depuis l'année dernière ou est resté le même 40% de responsables informatiques estiment que les attaques par ransomware ont un impact négatif sur leur santé mentale. 51% des attaques subies engendrent (...)
-
Investigations |
Ransomware
|
|
|
![CSO.webp](./Ressources/img/CSO.webp) |
2022-10-25 08:31:00 |
BrandPost: How to Bridge the Ransomware Security Gap (lien direct) |
It is hard to believe how far ransomware has evolved since its origins in the early 1980s. Today's big game ransomware attacks - which threaten everything from critical infrastructure, major corporations, hospitals, and schools - trace their roots to a UK doctor who shook down AIDS researchers with a bootloader virus (delivered on floppy disks) that locked down their computers and demanded cash. Since then, attacks and targets have only become bigger and more sophisticated.In fact, according to recent reports, ransomware attacks increased by 80% in the first half of 2022 compared to the first half of 2021. Today's attackers are breaking into networks, spending time enumerating and reconning victims, positioning ransomware on as many devices as possible, and then staging it to execute and encrypt all at once. The impacts can be devastating and costly, as illustrated by incidents like the Colonial Pipeline episode.To read this article in full, please click here |
Ransomware
|
|
|
![globalsecuritymag.webp](./Ressources/img/globalsecuritymag.webp) |
2022-10-25 08:10:02 |
Pour se remettre d\'un ransomware, Pure Storage conseille de miser sur la récupération rapide et l\'immutabilité des données (lien direct) |
Malgré les efforts de l'ensemble du secteur de la cybersécurité, des gouvernements et des entreprises, les attaques par ransomware continuent d'être non seulement un problème majeur, mais aussi un phénomène quasi inévitable. Les entreprises françaises sont parmi les plus visées au monde par ce type d'attaque qui ne cesse d'évoluer, selon une récente étude qui révèle que la France est le 4e pays le plus exposé aux attaques par ransomware, derrière les Etats-Unis, le Canada et le Royaume-Uni en 2022. Faire (...)
-
Points de Vue |
Ransomware
|
|
|
![](./Ressources/img/) |
2022-10-25 08:00:00 |
Quarterly Report: Incident Response Trends in Q3 2022 (lien direct) |
Ransomware and pre-ransomware engagements make up 40 percent of threats seen this quarterBy Caitlin Huey.For the first time since compiling these reports, Cisco Talos Incident Response saw an equal number of ransomware and pre-ransomware engagements, making up nearly 40 percent of threats this quarter. It can be difficult to determine what constitutes a pre-ransomware attack if ransomware never executes and encryption does not take place. However, Talos IR assesses that the combination of Cobalt Strike and credential-harvesting tools like Mimikatz, paired with enumeration and discovery techniques, indicates a high likelihood that ransomware is the final objective. This quarter featured a variety of publicly available tools and scripts hosted on GitHub repositories or other third-party websites to support operations across multiple stages of the attack lifecycle. This activity coincides with a general increase in the use of other dual-use tools, such as the legitimate red-teaming tool Brute Ratel and the recently discovered Manjusaka and Alchimist attack frameworks. TargetingAttackers targeted the education sector the most of any vertical this quarter, closely followed by the financial services, government, and energy sectors, respectively. For the first time since Q4 2021, telecommunications was not the top-targeted vertical. While the reason for the education sector being more frequently targeted this quarter is unknown, this is a popular time |
Ransomware
Tool
Vulnerability
Threat
Guideline
|
|
|
![CrowdStrike.webp](./Ressources/img/CrowdStrike.webp) |
2022-10-25 07:31:05 |
CrowdStrike Falcon Platform Achieves 100% Ransomware Prevention with Zero False Positives, Wins AAA Enterprise Advanced Security Award from SE Labs (lien direct) |
The CrowdStrike Falcon® platform achieved 100% protection accuracy and 100% legitimacy accuracy with zero false positives, winning SE Labs' first-ever endpoint detection and response (EDR) ransomware detection and protection test The Falcon platform detected and blocked 100% of ransomware files during testing, which involved both direct attacks with 270 ransomware variations and deep attack tactics, […] |
Ransomware
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2022-10-25 04:49:21 |
Hive claims ransomware attack on Tata Power, begins leaking data (lien direct) |
Hive ransomware group has claimed responsibility for a cyber attack disclosed by Tata Power this month. In data leak screenshots seen by BleepingComputer, Hive operators are seen leaking data it claims to have stolen from Tata Power, indicating the ransom negotiations failed. [...] |
Ransomware
|
|
|
![Blog.webp](./Ressources/img/Blog.webp) |
2022-10-25 00:52:47 |
(Déjà vu) ASEC Weekly Malware Statistics (October 10th, 2022 – October 16th, 2022) (lien direct) |
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 10th, 2022 (Monday) to October 16th, 2022 (Sunday). For the main category, downloader ranked top with 44.4%, followed by info-stealer with 41.7%, backdoor with 12.5%, ransomware with 0.9%, and CoinMiner with 0.5%. Top1. SmokeLoader Smokeloader is infostealer / downloader malware that is distributed via exploit kits. This week, it ranked first place...
|
Ransomware
Malware
|
|
|
![Blog.webp](./Ressources/img/Blog.webp) |
2022-10-25 00:43:50 |
Rapidly Evolving Magniber Ransomware (lien direct) |
The Magniber ransomware has recently been evolving rapidly. From changing its file extension, injection and to UAC bypassing techniques, the Magniber ransomware has been rapidly changing to bypass the detection of anti-malware software. This article summarizes the evolution of the Magniber ransomware in the last few months based on the analysis that had been previously performed. Table 1 shows the major characteristics of the distributed Magniber ransomware files by date. It had been distributed as five different file extensions (msi,...
|
Ransomware
|
|
|
![mcafee.webp](./Ressources/img/mcafee.webp) |
2022-10-25 00:38:53 |
Ransomware Masquerading as Microsoft Update Targets Home Computers (lien direct) |
>
A new ransomware threat is currently sweeping its way across home computers. And what's making it extra tricky is that...
|
Ransomware
Threat
|
|
|
![kovrr.webp](./Ressources/img/kovrr.webp) |
2022-10-25 00:00:00 |
Importance des modèles de risque validés par l'assurance pour quantifier le temps de cyber-risque, les modèles de risque de haute qualité deviennent de plus en plus précis en raison de la validation et de l'étalonnage continus. Importance of Insurance-Validated Risk Models to Quantify Cyber RiskOver time, high-quality risk models become increasingly accurate due to continuous validation and calibration.Read More (lien direct) |
By its nature, cyber risk is dynamic. New events happen and evolve all the time, making it difficult for enterprises to financially quantify their financial exposure to cyber attacks. Around two years ago, for example, distributed denial-of-service (DDoS) attacks were making headlines, and now ransomware has come into heightened focus. It\'s reasonable to believe that other types of attacks will emerge in another two years and continue to change thereafter.Yet even though cyber risk evolves, itâs possible to understand what the financial implications of an attack might be by using whatâs known as a cyber risk quantification (CRQ) model. These models analyze past events to predict what the financial impacts of future cyber events might be.But not just any model will do. Enterprises need insurance-validated risk models, meaning the model is strong enough and has both the breadth and depth of data to be trusted to quantify cyber risk across an insurerâs large portfolio. Enterprises need this level of sophisticated models, which are continuously validated at scale, if they want to be prepared. Otherwise, they may be using a stagnant quantification method that limits their ability to account for their financial cyber exposure to current and future new threats.Modeling the UnknownPart of quantifying something dynamic like cyber risk means having a robust modeling framework. Using whatâs known as impact-based modeling allows for quantifying âknown unknowns.â In other words, a modeling framework that can reflect new emerging threats and utilize risk models that tie together multiple areas of risk â for example, certain events affecting an enterprise, the severity of past attacks, the frequency of events, etc. â can come to a conclusion about the financial impact of future events. Even if the specific type of attack remains unknown, enterprises can at least have a sense of what their exposure would look like by relying on impact-based modeling, which provides an estimation for potential financial losses that will be driven by cyber events. âContinuous Validation and Calibration Over time, high-quality risk models become increasingly accurate due to continuous validation and calibration. As new cyber threats emerge, so too does a deeper understanding of event footprints, the technology or third party service provider involved, and the propagation pattern of the infection. While itâs important for companies to be aware of evolving cyber threats and types of attacks from a risk management perspective, such as to educate employees and mitigate attacks, putting a financial quantification on cyber risk is the most efficient way to understand âhowâ the attack landscape can affect a specific company. A $1 million loss, for example, is still $1 million whether it came from ransomware or a DDoS attack. By focusing on an impact-based approach, the emphasis is still on quantifying the loss, rather than trying to predict exactly how cyber events may evolve. A cyber risk quantification model can also be calibrated by looking at what the model projected and seeing how that aligns with events that actually occur over time. Doing so requires data at scale. If you only know the financial implications of events that occurred at, say, three companies, then that doesnât give much information to feed and calibrate the model. Yet if there are thousands of events to analyze, such as by looking across an insurerâs entire portfolio, that provides a much better view into whatâs happening across the cyber risk landscape. From there, this data can be used to improve the model. âBreadth and Depth of Data SourcesAs alluded to, a robust cyber risk quantification model requires data scale. Yet itâs important to have both a significant breadth and depth of data sources. Doing so enables a model to understand whatâs happening across indust |
Ransomware
Prediction
|
|
★★★
|
![TrendMicro.webp](./Ressources/img/TrendMicro.webp) |
2022-10-25 00:00:00 |
LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company (lien direct) |
Our blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion analysis standpoint |
Ransomware
|
|
|
![grahamcluley.webp](./Ressources/img/grahamcluley.webp) |
2022-10-24 19:44:40 |
Car dealer group Pendragon refuses to pay $60 million to ransomware extortionists (lien direct) |
Pendragon - the car dealership group which owns Evans Halshaw, CarStore, and Stratstone, and operates around 160 showrooms across the UK - has confirmed that its IT servers have been hacked by cybercriminals who claim to have stolen five per cent of its data. |
Ransomware
|
|
|
![SecurityAffairs.webp](./Ressources/img/SecurityAffairs.webp) |
2022-10-24 18:35:15 |
Cuba ransomware affiliate targets Ukraine, CERT-UA warns (lien direct) |
>The Ukraine Computer Emergency Response Team (CERT-UA) warns of Cuba Ransomware attacks against critical networks in the country. The Ukraine Computer Emergency Response Team (CERT-UA) warns of potential Cuba Ransomware attacks against local critical infrastructure. On October 21, 2022, the Ukraine CERT-UA uncovered a phishing campaign impersonating the Press Service of the General Staff of […]
|
Ransomware
|
|
|
![News.webp](./Ressources/img/News.webp) |
2022-10-24 17:00:13 |
CISA, FBI warn healthcare organizations of Daixin ransomware (lien direct) |
Gang was behind the attack on OakBend Medical Center Federal agencies are warning of a threat group called Daixin Team that is using ransomware and data extortion tactics to target US healthcare organizations.… |
Ransomware
Threat
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-10-24 17:00:00 |
(Déjà vu) CISA Warns Against Ransomware Group Daixin Team Targeting Health Organizations (lien direct) |
Daixin Team is actively targeting US businesses, mainly in the healthcare sector |
Ransomware
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-10-24 16:00:00 |
Multiple RCE Vulnerabilities Discovered in Veeam Backup & Replication App (lien direct) |
The Veeamp malware was used by the Monti and Yanluowang ransomware groups in these attacks |
Ransomware
Malware
|
|
★★
|
![itsecurityguru.webp](./Ressources/img/itsecurityguru.webp) |
2022-10-24 14:36:42 |
(Déjà vu) CISA Warns Health Organisations of Targeted Ransomware Attack by Daixin Hackers (lien direct) |
It was reported earlier today, the U.S. cybersecurity and intelligence agencies published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country. “The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data […]
|
Ransomware
|
|
|
![The_Hackers_News.webp](./Ressources/img/The_Hackers_News.webp) |
2022-10-24 11:42:00 |
CISA Warns of Daixin Team Hackers Targeting Health Organizations With Ransomware (lien direct) |
U.S. cybersecurity and intelligence agencies have published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country.
"The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022," the agencies said.
The |
Ransomware
|
|
|
![no_ico.webp](./Ressources/img/no_ico.webp) |
2022-10-24 11:34:28 |
European Cybersecurity Month: The Current Landscape And Mitigating Attacks (lien direct) |
A lot has changed over the last decade, making 2023 the year that every organisation could be hit by ransomware – unless they act on it. Survey after survey shows that the vast majority of organisations faced a ransomware attack in 2021 and 2022 – a significant percentage of which were harmful, and the rate […] |
Ransomware
|
|
|
![The_Hackers_News.webp](./Ressources/img/The_Hackers_News.webp) |
2022-10-24 11:15:00 |
Why Ransomware in Education on the Rise and What That Means for 2023 (lien direct) |
The breach of LA Unified School District (LAUSD) highlights the prevalence of password vulnerabilities, as criminal hackers continue to use breached credentials in increasingly frequent ransomware attacks on education.
The Labor Day weekend breach of LAUSD brought significant districtwide disruptions to access to email, computers, and applications. It's unclear what student or employee data the |
Ransomware
|
|
|
![CSO.webp](./Ressources/img/CSO.webp) |
2022-10-24 11:05:00 |
BrandPost: Cybersecurity Executives Say These are the Most Pressing Challenges They Face (lien direct) |
Most cybersecurity teams grapple with similar issues, from defending against the ever-changing threat landscape to finding time for training and upskilling opportunities. I recently had the chance to speak with numerous security executives and industry experts at the Fortinet Security Summit, held in conjunction with the second annual PGA Fortinet Championship in Napa Valley, to discuss some of these challenges, insights, and potential solutions for addressing them.Challenge #1: The Proliferation of New Threat Vectors
If the first half of 2022 was any indication, security teams are in for an interesting ride as we look ahead. In just the first six months, data from FortiGuard Labs shows that the number of new ransomware variants identified increased by nearly 100% compared to the previous six-month period.To read this article in full, please click here |
Ransomware
Threat
|
|
|
![bleepingcomputer.webp](./Ressources/img/bleepingcomputer.webp) |
2022-10-24 10:51:38 |
Pendragon car dealer refuses $60 million LockBit ransomware demand (lien direct) |
Pendragon Group, with more than 200 car dealerships in the U.K., was breached in a cyberattack from the LockBit ransomware gang, who allegedly demanded $60 million to decrypt files and not leak them. [...] |
Ransomware
|
|
|
![no_ico.webp](./Ressources/img/no_ico.webp) |
2022-10-24 09:40:40 |
Ransom Cartel – REvil Rebrand? (lien direct) |
It has been reported that researchers have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil gang based on code similarities in both operations’ encryptors. The REvil ransomware gang finally shut down in October 2021 following intense pressure from law enforcement. However, in January 2022, the Russian authorities announced arrests, money seizures, and charges against eight of the […] |
Ransomware
|
|
|
![The_Hackers_News.webp](./Ressources/img/The_Hackers_News.webp) |
2022-10-21 20:26:00 |
Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware (lien direct) |
A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines.
"The attacker intends to utilize a victim's resources as much as possible, not only to install RAR1Ransom for extortion, but also to spread GuardMiner to collect cryptocurrency," Fortinet FortiGuard Labs researcher Cara Lin said |
Ransomware
Vulnerability
|
|
|
![cyberark.webp](./Ressources/img/cyberark.webp) |
2022-10-21 13:00:20 |
2023 Cyber Insurance Looks Different. Are You Ready? (lien direct) |
Rampant ransomware attacks have made cyber insurance a C-suite priority. Despite the raised consciousness, it's more difficult than ever to secure or renew a policy. Nefarious activity continues to put pressure on carriers who are... |
Ransomware
|
|
|
![CrowdStrike.webp](./Ressources/img/CrowdStrike.webp) |
2022-10-21 11:21:13 |
Playing Hide-and-Seek with Ransomware, Part 2 (lien direct) |
In Part 1, we explained what Intel SGX enclaves are and how they benefit ransomware authors. In Part 2, we explore a hypothetical step-by-step implementation and outline the limitations of this method. Watch this live attack demo to see how the CrowdStrike Falcon® platform and the CrowdStrike Falcon Complete™ managed detection and response team protect […] |
Ransomware
|
|
|
![itsecurityguru.webp](./Ressources/img/itsecurityguru.webp) |
2022-10-21 11:00:36 |
OldGremlin Ransomware Fierce Comeback Against Russian Targets (lien direct) |
Earlier today. a ransomware group which unusually targets Russian organizations has upped its efforts this year, demanding larger ransoms from its victims and developing new malware for Linux, according to Group-IB. Yesterday, the security vendor released what it claimed was the first comprehensive report on the group known as “OldGremlin,” which was first spotted in 2020. […]
|
Ransomware
Malware
|
|
|
![News.webp](./Ressources/img/News.webp) |
2022-10-21 10:28:06 |
Good news, URSNIF no longer a banking trojan. Bad news, it\'s now a backdoor (lien direct) |
And one designed to slip ransomware and data-stealing code onto infected machines URSNIF, the malware also known as Gozi that attempts to steal online banking credentials from victims' Windows PCs, is evolving to support extortionware.… |
Ransomware
Malware
|
|
|
![InfoSecurityMag.webp](./Ressources/img/InfoSecurityMag.webp) |
2022-10-21 09:00:00 |
OldGremlin Ransomware Ups Ante Against Russian Targets (lien direct) |
Ransom demands soar to $17m, according to new report |
Ransomware
|
|
|