What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-18 10:47:00 | LockBit 3.0 Ransomware: Inside the Cyberthreat That\'s Costing Millions (lien direct) | U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0 ransomware. "The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit," | Ransomware Threat | ★★★ | |
 |
2023-03-17 19:01:27 | The Week in Ransomware - March 17th 2023 - Shifting to data extortion (lien direct) | The fallout from the Clop ransomware attacks on GoAnywhere platforms has become apparent this week, with the threat actors starting to extort victims on their data leak site and companies confirming breaches. [...] | Ransomware Threat | ★★ | |
|
2023-03-17 12:20:58 | Hitachi Energy confirms data breach after Clop GoAnywhere attacks (lien direct) | Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day vulnerability. [...] | Ransomware Data Breach Industrial | ★★★ | |
 |
2023-03-17 09:58:00 | Free decryptor released for Conti-based ransomware following data leak (lien direct) | Security researchers have released a new decryption tool that should come to the rescue of some victims of a modified version of the Conti ransomware, helping them to recover their encrypted data for free. Conti was one of the most notorious ransomware groups, responsible for hundreds of attacks against organisations, which netted criminals over $150 million. Its victims included the government of Costa Rica which declared a national emergency after systems in multiple departments were severely impacted. However, things began to unravel for the Conti ransomware gang in February 2022, when the... | Ransomware Tool General Information | ★★★ | |
 |
2023-03-16 20:56:00 | Kaspersky releases decryptor for ransomware based on Conti source code (lien direct) |
Cybersecurity firm Kaspersky on Thursday released a decryptor that could help victims who had their data locked down by a version of the Conti ransomware. Kaspersky said the tool can be used on a malware strain that infected dozens of “companies and state institutions” throughout December 2022. Kaspersky did not name the strain, but experts |
Ransomware Malware Tool | ★★ | |
 |
2023-03-16 19:00:00 | Netskope Threat Coverage: BlackSnake Ransomware (lien direct) | >Summary BlackSnake is a ransomware-as-a-service (RaaS) group that first appeared in a hacking forum in August 2022, where the operators were seeking affiliates and stating that they would take 15% of the profit, which is below the typical average of 20-30%. On February 28, 2023, a new variant of BlackSnake was spotted, and is notable […] | Ransomware Threat | ★★★ | |
|
2023-03-16 18:10:58 | BianLian ransomware gang shifts focus to pure data extortion (lien direct) | The BianLian ransomware group has shifted its focus from encrypting its victims' files to only exfiltrating data found on compromised networks and using them for extortion. [...] | Ransomware | ★★ | |
 |
2023-03-16 15:32:00 | BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion (lien direct) | The ransomware group has already claimed 116 victim organizations so far on its site, and it continues to mature as a thriving cybercriminal business, researchers said. | Ransomware | ★★★ | |
 |
2023-03-16 14:09:00 | Ransomware Roundup (lien direct) | In this week's Ransomware Roundup, FortiGuard Labs covers the HardBit 2.0 ransomware along with protection recommendations. Learn more. | Ransomware | ★★ | |
|
2023-03-16 14:00:00 | 5 Ways to Fight School Ransomware Attacks (lien direct) | The challenges are steep, but school districts can fight back with planning. | Ransomware | ★★ | |
|
2023-03-16 13:32:05 | Latitude cyberattack leads to data theft at two service providers (lien direct) | Latitude Financial Services (Latitude) has published a notice on its website today informing that it has suffered a ransomware attack that resulted in the theft of some customer data. [...] | Ransomware General Information | ★★ | |
 |
2023-03-16 10:10:00 | BEC Volumes Double on Phishing Surge (lien direct) | Business email compromise overtakes ransomware | Ransomware Studies | ★★ | |
 |
2023-03-16 06:33:00 | Royal Mail ransomware attack result of putting profit before security (lien direct) | Pas de details / No more details | Ransomware | ★★★★ | |
 |
2023-03-16 06:11:08 | Threat Trend Report on Region-Specific Ransomware (lien direct) | Background Currently, ransomware creators include individuals, cyber criminal gangs and state-supported groups. Out of these individuals and groups, cyber criminal gangs are the most proactive in ransomware development, while individuals and state-supported groups are less so. Privately developed ransomware is most often for research purposes with the intention of destroying data. Some state-sponsored threat groups also develop ransomware. The purpose of these cases is not for financial gain either but for data destruction, and Wipers, which do not allow recovery,... | Ransomware Threat Prediction | ★★ | |
|
2023-03-15 23:55:25 | ASEC Weekly Malware Statistics (March 6th, 2023 – March 12th, 2023) (lien direct) | AhnLab Security response Center (ASEC) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 6th, 2023 (Monday) to March 12th, 2023 (Sunday). For the main category, Infostealer ranked top with 52.6%, followed by backdoor with 27.6%, downloader with 15.7%, ransomware with 3.0%, CoinMiner with 0.7%, and banking malware with 0.4%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 25.4%. It leaks... | Ransomware Malware | ★★ | |
|
2023-03-15 21:12:00 | Hornetsecurity Launches VM Backup V9 (lien direct) | Hornetsecurity research highlights that more than 1 in 4 companies have fallen victim to ransomware attacks, with 14.1% losing data and 6.6% paying a ransom. | Ransomware | ★★ | |
 |
2023-03-15 18:12:47 | Share of Ransomware Funds Being Funneled to Popular Exchanges Soared to 48.3% In 2022 (lien direct) | Share of Ransomware Funds Being Funneled to Popular Exchanges Soared to 48.3% In 2022 - Malware Update | Ransomware | ★★ | |
|
2023-03-15 17:49:06 | WithSecure™: Chinese cyber crime tool acquired by Russian ransomware gangs (lien direct) | WithSecure™: Chinese cyber crime tool acquired by Russian ransomware gangs - Malware Update | Ransomware Tool | ★ | |
|
2023-03-15 17:27:46 | Troisième édition de l\'étude " ransomware " Cybereason : Les SOC modernes face aux attaques par ransomwares (lien direct) | Troisième édition de l'étude " ransomware " Cybereason : Les SOC modernes face aux attaques par ransomwares. La nouvelle étude de Cybereason révèle que les attaques par ransomwares et la pénurie de main-d'œuvre sont des leviers pour l'évolution des SOC (centres d'opérations de sécurité) - Investigations | Ransomware Studies | ★★★ | |
|
2023-03-15 17:10:42 | WithSecure : Un outil de piratage chinois acquis par des hackers russes spécialistes du ransomware (lien direct) | WithSecure : Un outil de piratage chinois acquis par des hackers russes spécialistes du ransomware L'outil chinois SILKLOADER est désormais utilisé par des hackers russes. En documentant ce transfert d'outil, WithSecure révèle les coopérations qui ont lieu dans le monde de la cybercriminalité. - Malwares | Ransomware General Information | ★★★ | |
|
2023-03-15 14:50:26 | LockBit ransomware claims Essendant attack, company says “network outage” (lien direct) | LockBit ransomware has claimed a cyber attack on Essendant, a wholesale distributer of office products after a "significant" and ongoing outage knocked the company's operations offline. [...] | Ransomware | ★★ | |
|
2023-03-15 12:17:00 | Ransomware gang exploited a zero-day in Microsoft security feature, Google says (lien direct) |
Financially motivated hackers are using a previously undocumented bug in Microsoft's SmartScreen security feature to spread the Magniber ransomware, according to a new report. The cybercriminals have been able to exploit the zero-day vulnerability in SmartScreen since December, researchers from Google's Threat Analysis Group (TAG) said. The Google team [reported](https://blog.google/threat-analysis-group/magniber-ransomware-actors-used-a-variant-of-microsoft-smartscreen-bypass/) its findings about the bug |
Ransomware Vulnerability Threat Threat | ★★ | |
 |
2023-03-15 11:30:00 | 5 Steps to More Effective Ransomware Response (lien direct) |
|
Ransomware Ransomware | ★★★ | |
 |
2023-03-15 09:41:52 | Data Security Firm Rubrik Targeted With GoAnywhere Zero-Day Exploit (lien direct) | >Cybersecurity firm Rubrik has confirmed being hit by the GoAnywhere zero-day exploit after the Cl0p ransomware group named the company on its leak website. | Ransomware | ★★ | |
|
2023-03-14 20:36:00 | Hackers used Fortra zero-day to steal sales data from cloud management giant Rubrik (lien direct) |
Cloud data management giant Rubrik confirmed that hackers attacked the company using a vulnerability in a popular file transfer tool. The Clop ransomware group – which has been the primary force behind the [exploitation of a vulnerability](https://therecord.media/forta-goanywhere-mft-file-transfer-zero-day) affecting Fortra's GoAnywhere Managed File Transfer product – added Rubrik to its list of victims on Tuesday. A |
Ransomware Vulnerability Cloud | ★★ | |
|
2023-03-14 19:58:00 | LockBit Threatens to Leak Stolen SpaceX Schematics (lien direct) | The ransomware group sent a message directly to Elon Musk: Pay or the confidential SpaceX information goes up for grabs on the Dark Web. | Ransomware | ★★★ | |
 |
2023-03-14 19:57:32 | Cancer patient sues medical provider after ransomware group posts her photos online (lien direct) | >The suit comes about six weeks after the ransomware threatened to post sensitive material online if they weren't paid. | Ransomware Medical | ★★★ | |
|
2023-03-14 19:51:27 | CISA Trials Ransomware Warning System for Critical Infrastructure Orgs (lien direct) | An agency team will identify vulnerabilities being exploited by ransomware groups and alert organizations ahead of attacks, CISA says. | Ransomware | ★★ | |
 |
2023-03-14 17:32:00 | Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam (lien direct) |
Anomali Cyber Watch: Xenomorph Automates The Whole Fraud Chain on Android, IceFire Ransomware Started Targeting Linux, Mythic Leopard Delivers Spyware Using Romance Scam, and More.
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Android, APT, DLL side-loading, Iran, Linux, Malvertising, Mobile, Pakistan, Ransomware, and Windows. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Xenomorph V3: a New Variant with ATS Targeting More Than 400 Institutions
(published: March 10, 2023)
Newer versions of the Xenomorph Android banking trojan are able to target 400 applications: cryptocurrency wallets and mobile banking from around the World with the top targeted countries being Spain, Turkey, Poland, USA, and Australia (in that order). Since February 2022, several small, testing Xenomorph campaigns have been detected. Its current version Xenomorph v3 (Xenomorph.C) is available on the Malware-as-a-Service model. This trojan version was delivered using the Zombinder binding service to bind it to a legitimate currency converter. Xenomorph v3 automatically collects and exfiltrates credentials using the ATS (Automated Transfer Systems) framework. The command-and-control traffic is blended in by abusing Discord Content Delivery Network.
Analyst Comment: Fraud chain automation makes Xenomorph v3 a dangerous malware that might significantly increase its prevalence on the threat landscape. Users should keep their mobile devices updated and avail of mobile antivirus and VPN protection services. Install only applications that you actually need, use the official store and check the app description and reviews. Organizations that publish applications for their customers are invited to use Anomali's Premium Digital Risk Protection service to discover rogue, malicious apps impersonating your brand that security teams typically do not search or monitor.
MITRE ATT&CK: [MITRE ATT&CK] T1417.001 - Input Capture: Keylogging | [MITRE ATT&CK] T1417.002 - Input Capture: Gui Input Capture
Tags: malware:Xenomorph, Mobile, actor:Hadoken Security Group, actor:HadokenSecurity, malware-type:Banking trojan, detection:Xenomorph.C, Malware-as-a-Service, Accessibility services, Overlay attack, Discord CDN, Cryptocurrency wallet, target-industry:Cryptocurrency, target-industry:Banking, target-country:Spain, target-country:ES, target-country:Turkey, target-country:TR, target-country:Poland, target-country:PL, target-country:USA, target-country:US, target-country:Australia, target-country:AU, malware:Zombinder, detection:Zombinder.A, Android
Cobalt Illusion Masquerades as Atlantic Council Employee
(published: March 9, 2023)
A new campaign by Iran-sponsored Charming Kitten (APT42, Cobalt Illusion, Magic Hound, Phosphorous) was detected targeting Mahsa Amini protests and researchers who document the suppression of women and minority groups i |
Ransomware Malware Tool Vulnerability Threat Guideline Conference | APT 35 ChatGPT ChatGPT APT 36 APT 42 | ★★ |
|
2023-03-14 17:22:00 | The Prolificacy of LockBit Ransomware (lien direct) | Today, the LockBit ransomware is the most active and successful cybercrime organization in the world. Attributed to a Russian Threat Actor, LockBit has stepped out from the shadows of the Conti ransomware group, who were disbanded in early 2022. LockBit ransomware was first discovered in September 2019 and was previously known as ABCD ransomware because of the ".abcd virus" extension first | Ransomware Threat | ★★★ | |
|
2023-03-14 16:30:00 | CISA Creates New Ransomware Vulnerability Warning Program (lien direct) | The Agency will warn critical infrastructure entities to enable mitigation before an incident | Ransomware Vulnerability | ★★★ | |
|
2023-03-14 15:34:00 | CISA unveils ransomware warning pilot for critical infrastructure (lien direct) |
The Cybersecurity and Infrastructure Security Agency (CISA) on Monday unveiled an effort that will collect data about commonly exploited vulnerabilities in ransomware attacks and alert critical infrastructure operators of the risks. [The Ransomware Vulnerability Warning Pilot](https://www.cisa.gov/stopransomware/Ransomware-Vulnerability-Warning-Pilot) launched Jan. 30 and was mandated under the sweeping cyber incident reporting [legislation](https://therecord.media/biden-signs-cyber-incident-reporting-bill-into-law) President Joe Biden signed into law |
Ransomware Vulnerability | ★★★ | |
|
2023-03-14 14:14:38 | CISA tests ransomware alert system to safeguard vulnerable organizations (lien direct) | >The Cybersecurity and Infrastructure Security Agency launched a ransomware warning pilot for critical infrastructure owners and operators. | Ransomware | ★★ | |
 |
2023-03-14 13:00:00 | CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears (lien direct) |
CyberheistNews Vol 13 #11 | March 14th, 2023
[Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes.
I'm giving you a short extract of the story and the link to the whole article is below.
"Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn't in place for the service.
"In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential info, client data, source code, or regulated information to the LLM.
"In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company.
"And as more employees use ChatGPT and other AI-based services as productivity tools, the risk will grow, says Howard Ting, CEO of Cyberhaven.
"'There was this big migration of data from on-prem to cloud, and the next big shift is going to be the migration of data into these generative apps," he says. "And how that plays out [remains to be seen] - I think, we're in pregame; we're not even in the first inning.'"
Your employees need to be stepped through new-school security awareness training so that they understand the risks of doing things like this.
Blog post with links:https://blog.knowbe4.com/employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blockl |
Ransomware Data Breach Spam Malware Threat Guideline Medical | ChatGPT ChatGPT | ★★ |
|
2023-03-14 12:34:00 | Amazon-owned Ring denies \'ransomware event\' following darknet listing (lien direct) |
The smart doorbell and security camera company Ring has denied that it suffered a ransomware attack after the company was listed on a prominent ransomware gang's extortion site. The ALPHV ransomware group, also known as BlackCat, added the listing for Ring to its site late on Monday evening, adding: “There's always an option to let |
Ransomware | ★★★ | |
|
2023-03-14 12:23:00 | Ring Denies Falling Victim to Ransomware Attack (lien direct) | >Ring says it has no indications it has fallen victim to a ransomware attack after cybergang threatens to publish supposedly stolen data. | Ransomware | ★★★ | |
|
2023-03-14 10:30:00 | LA Housing Authority Suffers Year-Long Breach (lien direct) | LockBit ransomware group stole data and encrypted files | Ransomware | ★★ | |
|
2023-03-14 10:00:00 | New Study: Ransomware Driving SOC Modernization Requirements (lien direct) |
|
Ransomware | ★★★ | |
|
2023-03-13 23:31:00 | Mallox Ransomware Being Distributed in Korea (lien direct) | AhnLab Security Emergency response Center (ASEC) has recently discovered the distribution of the Mallox ransomware during the team’s monitoring. As covered before, Mallox, which targets vulnerable MS-SQL servers, has historically been distributed at a consistently high rate based on AhnLab’s statistics. The malware disguised as a program related to DirectPlay is a file built in .NET which, as shown in Figure 3, connects to a certain address, downloads additional malware, and runs it in the memory. If this address cannot... | Ransomware Malware | ★★★ | |
|
2023-03-13 15:51:33 | LA housing authority discloses data breach after ransomware attack (lien direct) | The Housing Authority of the City of Los Angeles (HACLA) is warning of a "data security event" after the LockBit ransomware gang targeted the organization and leaked data stolen in the attack. [...] | Ransomware Data Breach | ★★ | |
|
2023-03-13 09:30:00 | Blackbaud Settles $3m Charge Over Ransomware Attack (lien direct) | SEC claims company filed misleading disclosures | Ransomware Guideline | ★★ | |
|
2023-03-12 11:12:06 | Medusa ransomware gang picks up steam as it targets companies worldwide (lien direct) | A ransomware operation known as Medusa has begun to pick up steam in 2023, targeting corporate victims worldwide with million-dollar ransom demands. [...] | Ransomware | ★★★ | |
|
2023-03-10 17:02:50 | Blackbaud Fined $3M For \'Misleading Disclosures\' About 2020 Ransomware Attack (lien direct) | >Blackbaud has been slapped with a $3 million civil penalty by the SEC for "making misleading disclosures" about a 2020 ransomware attack that impacted more than 13,000 customers. | Ransomware Guideline | ★★ | |
|
2023-03-10 16:30:00 | IceFire Ransomware Targets Linux Enterprise Networks (lien direct) | The campaign leveraged the exploitation of a flaw in IBM's Aspera Faspex file-sharing software | Ransomware | ★★ | |
|
2023-03-10 12:00:00 | Ransomware tracker: the latest figures [March 2023] (lien direct) |
* Note: this Ransomware Tracker is updated on the 10th day of each month to stay current * Unlike past years, cybercriminals didn't take a break over the winter holidays. The number of victims posted on ransomware extortion sites rose more than 20% in December to 241 organizations - the highest monthly count since April, |
Ransomware | ★★ | |
|
2023-03-10 11:30:18 | Blackbaud to pay $3M for misleading ransomware attack disclosure (lien direct) | Cloud software provider Blackbaud has agreed to pay $3 million to settle charges brought by the Securities and Exchange Commission (SEC), alleging that it failed to disclose the full impact of a 2020 ransomware attack that affected more than 13,000 customers. [...] | Ransomware Cloud | ★★ | |
|
2023-03-09 21:47:10 | IceFire Ransomware Portends a Broader Shift From Windows to Linux (lien direct) | IceFire has changed up its OS target in recent cyberattacks, emblematic of ransomware actors increasingly targeting Linux enterprise networks, despite the extra work involved. | Ransomware | ★★ | |
 |
2023-03-09 21:19:11 | New Rise In ChatGPT Scams Reported By Fraudsters (lien direct) | Since the release of ChatGPT, the cybersecurity company Darktrace has issued a warning, claiming that a rise in criminals utilizing artificial intelligence to craft more intricate schemes to defraud employees and hack into organizations has been observed. The Cambridge-based corporation said that AI further enabled “hacktivist” cyberattacks employing ransomware to extract money from businesses. The […] | Ransomware Hack | ChatGPT ChatGPT | ★★ |
|
2023-03-09 20:41:03 | Medusa Gang Video Shows Minneapolis School District\'s Ransomed Data (lien direct) | Much like a hostage's proof-of-life video, the ransomware gang offers the film as verification that it has the goods, and asks $1 million for the data. | Ransomware | ★★ | |
|
2023-03-09 20:15:00 | Canadian military: Ransomware attack on contractor didn\'t touch defense systems (lien direct) |
Canada's defense department confirmed Thursday that its systems were not affected by a ransomware attack on engineering giant Black & McDonald. Black & McDonald did not respond to repeated requests for comment, but a spokesperson for Canada's Department of National Defence told The Record that it was aware of a ransomware attack on the company. |
Ransomware | ★★★ |
To see everything:
Our RSS (filtrered)
