What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-06-27 20:01:00 | Le botnet P2Pinfect basé sur la rouille évolue avec des charges utiles de mineur et de ransomwares Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads (lien direct) |
Le botnet malware pair-to-peer connu sous le nom de p2pinfect a été trouvé ciblant les serveurs redis mal configurés avec des mineurs de ransomware et de crypto-monnaie.
Le développement marque la transition de la menace de ce qui semblait être un botnet dormant avec des motifs peu clairs d'une opération financièrement motivée.
"Avec ses dernières mises à jour du mineur crypto, de la charge utile des ransomwares et des éléments Rootkit, il démontre
The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat\'s transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates |
Ransomware Malware Threat | ||
 |
2024-06-27 17:54:17 | Dark Reading Confidential: Rencontrez les négociateurs de ransomwares Dark Reading Confidential: Meet the Ransomware Negotiators (lien direct) |
Épisode 2: Les experts de la réponse aux incidents devenus négociateurs de ransomwares Ed Dubrovsky, COO et associé directeur de Cypfer, et Joe Tarraf, directeur de la livraison de Surefire Cyber, expliquent comment ils interagissent avec les acteurs de cyber-menaces qui détiennent des organisations victimes \\ 'Systems and Datapour rançon.Parmi leurs histoires fascinantes: comment ils ont négocié avec les cybercriminels pour restaurer les opérations dans une USIN à l'hôpital où des vies étaient en jeu et comment ils ont aidé une église, où les attaquants eux-mêmes "ont obtenu un peu de religion".
Episode 2: Incident response experts-turned-ransomware negotiators Ed Dubrovsky, COO and managing partner of CYPFER, and Joe Tarraf, chief delivery officer of Surefire Cyber, explain how they interact with cyber threat actors who hold victim organizations\' systems and data for ransom. Among their fascinating stories: how they negotiated with cybercriminals to restore operations in a hospital NICU where lives were at stake, and how they helped a church, where the attackers themselves "got a little religion." |
Ransomware Threat | ||
 |
2024-06-27 17:17:13 | P2pinfect malware évolue, ajoute des capacités de ransomware et de cryptomiminage P2Pinfect Malware Evolves, Adds Ransomware and Cryptomining Capabilities (lien direct) |
## Snapshot Cado Security researchers report new versions of rust-based malware P2Pinfect. ## Description The malware initially spread via Redis and a limited SSH spreader, with no clear objective other than spreading. P2Pinfect gains initial access by exploiting the replication features in Redis, turning discovered open Redis nodes into follower nodes of the attacker server. It also abuses Redis config commands to write a cron job to the cron directory. The main payload of P2Pinfect is a worm that scans the internet for more servers to infect and features a basic SSH password sprayer. The botnet, a notable feature of P2Pinfect, acts as a peer-to-peer network for pushing out updated binaries. The main binary of P2Pinfect has undergone a rewrite, now entirely written using tokio, an async framework for rust, and packed with UPX. Additionally, the malware now drops a secondary binary at /tmp/bash for health checking. The miner payload embedded in P2Pinfect becomes active after approximately five minutes, and the ransomware payload, called rsagen, is downloaded and executed upon joining the botnet. The ransomware encrypts files and appends .encrypted to the end of the file name, with a ransom note titled "Your data has been locked!.txt". The attacker has made around 71 XMR, equivalent to roughly £9,660, but the mining pool only shows 1 worker active at 22 KH/s, suggesting another wallet address may be in use. The command to start the ransomware was issued directly by the malware operator, and the download server may be an attacker-controlled server used to host additional payloads. P2Pinfect also includes a usermode rootkit that hides specific information and bypasses checks when a specific environment variable is set. There is speculation that P2Pinfect may be a botnet for hire, as evidenced by the delivery of the ransomware payload from a fixed URL and the separation of the miner and ransomware wallet addresses. However, the distribution of rsagen could also be evidence of initial access brokerage. Overall, P2Pinfect continues to evolve with updated payloads and defensive features, demonstrating the malware author\'s ongoing efforts to profit from illicit access and further spread the network. The ransomware\'s impact is limited due to its initial access vector being Redis, which has restricted permissions and limited data storage capabilities. ## Recommendations # Recommendations to protect against RaaS Microsoft recommends the following mitigations to reduce the impact of RaaS threats. - Turn on [cloud-delivered protection](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?ocid=magicti_ta_learndoc) in Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a huge majority of new and unknown variants. - Turn on [tamper protection](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?ocid=magicti_ta_learndoc) features to prevent attackers from stopping security services. - Run [endpoint detection and response (EDR) in block mode](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-block-mode?ocid=magicti_ta_learndoc) , so that Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus doesn\'t detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts detected post-breach. - Enable [investigation and remediation](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/automated-investigations?ocid=magicti_ta_learndoc) in full automated mode to allow Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume. - Microsoft Defender customers | Ransomware Malware Tool Threat Cloud | ||
 |
2024-06-27 16:34:21 | Les pirates suspects de gouvernement chinois ont utilisé des ransomwares comme couverture des attaques contre la présidence brésilienne, Indian Health Org Suspected Chinese gov\\'t hackers used ransomware as cover in attacks on Brazil presidency, Indian health org (lien direct) |
Pas de details / No more details | Ransomware | ||
 |
2024-06-27 12:00:04 | Infinidat introduit la protection contre le cyber stockage pour réduire les menaces de ransomware et de logiciels malveillants Infinidat Introduces Cyber Storage Protection to Reduce Ransomware and Malware Threats (lien direct) |
Waltham, Massachusetts, 27 juin 2024, CyberNewswire
Waltham, Massachusetts, 27th June 2024, CyberNewsWire |
Ransomware Malware | ||
 |
2024-06-27 11:00:00 | Fiche de triche de ransomware: tout ce que vous devez savoir en 2024 Ransomware Cheat Sheet: Everything You Need To Know In 2024 (lien direct) |
Ce guide couvre diverses attaques de ransomwares, notamment Colonial Pipeline, Wannacry et Lockbit, les pirates de systèmes cibles et comment éviter de devenir une victime et de payer une rançon des cybercriminels.
This guide covers various ransomware attacks, including Colonial Pipeline, WannaCry and LockBit, the systems hackers target and how to avoid becoming a victim and paying cybercriminals a ransom. |
Ransomware | Wannacry | |
 |
2024-06-27 09:26:11 | Mois de sensibilisation à la sauvegarde: que faites-vous pour faire vos données sur vos données Backup Awareness Monat: Was Unternehmen tun müssen, um ihre Daten zu schützen (lien direct) |
le "Mois de sensibilisation à la sauvegarde" en juin R & uuml;Il y a de bons grands, car selon la gouvernance informatique, 9 478 & OUML; Les violations de la cinquième protection des données et les cyberattaques ont été enregistrées d'ici mai de cette année.Et plus de 35 milliards de données et AUML;Dans son rapport actuel des ransomwares, le partenaire ArcServine Sophos rapporte également que 59% des entreprises ont été affectées par les ransomwares l'année dernière.La situation de la menace est toujours critique.
-
rapports spéciaux
/ /
affiche
Der „Backup Awareness Month” im Juni rückt das Thema Backup in vielen Unternehmen in den Vordergrund. Dafür gibt es gute Gründe, denn laut IT Governance wurden bis Mai dieses Jahres 9.478 öffentlich bekannt gewordene Datenschutzverletzungen und Cyberangriffe verzeichnet. Dabei wurden über 35 Milliarden Datensätze geknackt. Auch der Arcserve-Partner Sophos berichtet in seinem aktuellen Ransomware-Report, dass 59 Prozent der Unternehmen im vergangenen Jahr von Ransomware betroffen waren. Die Bedrohungslage ist also nach wie vor kritisch. - Sonderberichte / affiche |
Ransomware | ||
 |
2024-06-27 08:30:00 | Les acteurs de l'État chinois utilisent des ransomwares pour cacher une intention réelle Chinese State Actors Use Ransomware to Conceal Real Intent (lien direct) |
Un nouveau rapport avertit que les groupes de l'APT chinois utilisent des ransomwares pour cacher l'activité du cyber-espionnage
A new report warns that Chinese APT groups are using ransomware to conceal cyber-espionage activity |
Ransomware | ||
 |
2024-06-27 00:20:05 | Les cyberespaces chinoises utilisent des ransomwares dans les attaques pour le détournement Chinese Cyberspies Employ Ransomware in Attacks for Diversion (lien direct) |
Les groupes de cyberespionnage ont utilisé le ransomware comme tactique pour rendre l'attribution des attaques plus difficile, distraire les défenseurs ou pour une récompense financière comme objectif secondaire au vol de données.[...]
Cyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft. [...] |
Ransomware | ||
 |
2024-06-26 22:00:00 | 378: Julian Assange, à l'intérieur d'une attaque DDOS et des traumatismes profonds 378: Julian Assange, inside a DDoS attack, and deepfake traumas (lien direct) |
Julian Assange de WikiLeaks est un homme libre, Deepfakes cause des ennuis dans le terrain de jeu, et nous entendons des prises chaudes sur les ransomwares et les contes de l'intérieur d'une attaque dévastatrice de déni de service.Tout cela et beaucoup plus sont discutés dans la dernière édition du & # 8220; Smashing Security & # 8221;Podcast par les vétérans de la cybersécurité Graham Cluley et Carole Theriault, ont rejoint ce ...
Wikileaks’s Julian Assange is a free man, deepfakes cause trouble in the playground, and we hear hot takes about ransomware and tales from inside a devastating denial-of-service attack. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this... |
Ransomware | ||
|
2024-06-26 19:07:50 | (Déjà vu) Fickle Stealer Distributed via Multiple Attack Chain (lien direct) | ## Instantané Fortiguard Labs Menace Research a identifié un voleur basé sur la rouille appelée Sceneer Fickle, observé en mai 2024. ## Description Ce voleur est distribué à l'aide de diverses méthodes telles que le dropper VBA, le téléchargeur VBA, le téléchargeur de liens et le téléchargeur exécutable.La chaîne d'attaque est divisée en trois étapes: livraison, travail préparatoire et charge utile des emballeurs et du voleur. Le travail préparatoire consiste à contourner le contrôle des comptes d'utilisateurs (UAC) et à exécuter le voleur capricieux, à créer une nouvelle tâche pour exécuter le moteur.PS1 après 15 minutes, et à envoyer des messages au bot télégramme de l'attaquant \\.De plus, Fickle Stealer est protégé par un packer déguisé en exécutable légal, ce qui rend difficile la détection en utilisant certaines règles de détection.Le malware laisse tomber une copie de lui-même dans le dossier temporaire avec un nom aléatoire, exécute la copie et termine le voleur en cours d'exécution.Il communique ensuite avec le serveur pour envoyer des données volées, y compris les informations de victime, les applications cibles et les mots clés et le contenu de fichiers spécifique au format JSON.Le serveur répond par une liste cible cryptée à l'aide d'un algorithme RC4, et le malware traite diverses cibles telles que les portefeuilles crypto, les plugins, les extensions de fichiers, les chemins partiels, les applications, les navigateurs de moteur Gecko et les navigateurs à base de chrome.Enfin, le malware envoie une capture d'écran au serveur et se supprime.Fickle Stealer est conçu pour recevoir une liste cible du serveur, le rendant plus flexible, et est observé comme ayant mis à jour des variantes, indiquant un développement continu. ## Recommandations Microsoft recommande les atténuations suivantes pour réduire l'impact des menaces d'information sur les voleurs. - Vérifiez les paramètres de filtrage des e-mails Office 365 pour vous assurer de bloquer les e-mails, le spam et les e-mails avec des logiciels malveillants.Utilisez [Microsoft Defender pour Office 365] (https://learn.microsoft.com/microsoft-365/security/office-365-security/defender-forzice-365?ocid=Magicti_TA_Learnddoc) pour une protection et une couverture de phishing améliorées contrenouvelles menaces et variantes polymorphes.Configurez Microsoft Defender pour Office 365 à [Rechercher les liens sur Click] (https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-links-about?ocid=magicti_ta_learndoc) et [delete SenteMail] (https://learn.microsoft.com/microsoft-365/security/office-365-security/zero-hour-auto-purge?ocid=Magicti_TA_Learndoc) en réponse à l'intelligence des menaces nouvellement acquise.Allumez [les politiques de pièces jointes de sécurité] (https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-attachments-polies-configure?ocid=Magicti_TA_LearnDoc) pour vérifier les pièces jointes à l'e-mail entrant. - Encourager les utilisateurs à utiliser Microsoft Edge et d'autres navigateurs Web qui prennent en charge [SmartScreen] (https://learn.microsoft.com/microsoft-365/security/defender-endpoint/web-overview?ocid=Magicti_TA_LearnDDoc), qui identifieet bloque des sites Web malveillants, y compris des sites de phishing, des sites d'arnaque et des sites qui hébergent des logiciels malveillants. - Allumez [Protection en livraison du cloud] (https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-lock-at-first-sight-microsoft-defender-asvirus?ocid=magicti_ta_learndoc)Dans Microsoft Defender Antivirus, ou l'équivalent de votre produit antivirus, pour couvrir les outils et techniques d'attaquant en évolution rapide.Les protections d'apprentissage automatique basées sur le cloud bloquent une majorité de variantes nouvelles et inconnues. - appliquer le MFA sur tous les comptes, supprimer les utilisateurs exclus de la MFA et strictement [exiger MFA] (https://learn.microsoft.com/azur | Ransomware Spam Malware Tool Threat | ||
|
2024-06-26 15:43:00 | Les pirates chinois et nord-coréens ciblent l'infrastructure mondiale avec ransomware Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware (lien direct) |
Les acteurs de menaces soupçonnés de liens avec la Chine et la Corée du Nord ont été liés à des attaques de ransomwares et de chiffrement des données ciblant les secteurs du gouvernement et des infrastructures critiques à travers le monde entre 2021 et 2023.
Alors qu'un groupe d'activités a été associé au Chamelgang (alias camofei), le deuxième cluster chevauche une activité précédemment attribuée aux chinois et au nord-coréen
Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023. While one cluster of activity has been associated with the ChamelGang (aka CamoFei), the second cluster overlaps with activity previously attributed to Chinese and North Korean |
Ransomware Threat | ||
|
2024-06-26 11:21:48 | P2pinfect botnet cible désormais les serveurs avec ransomware, cryptominer P2Pinfect Botnet Now Targets Servers with Ransomware, Cryptominer (lien direct) |
Le botnet p2pinfect, une fois dormant, attaque désormais des serveurs avec des ransomwares et des logiciels malveillants de cryptomine.Padrez vos systèmes pour éviter le chiffrement des données et la perte financière.
The P2Pinfect botnet, once dormant, is now attacking servers with ransomware and cryptomining malware. Patch your systems to avoid data encryption and financial loss. |
Ransomware Malware | ||
|
2024-06-26 10:40:11 | Chamelgang & Friends - Groupes de cyberespionnage attaquant une infrastructure critique avec ransomware Chamelgang & friends - Cyberespionage groups attacking critical infrastructure with ransomware (lien direct) |
Chamelgang & Friends - Groupes de cyberespionnage attaquant une infrastructure critique avec des ransomwares.En collaboration avec un avenir enregistré, Sentinelabs a suivi deux grappes d'activités distinctes ciblant le gouvernement et les secteurs d'infrastructures critiques dans le monde entre 2021 et 2023.
-
mise à jour malveillant
Chamelgang & friends - Cyberespionage groups attacking critical infrastructure with ransomware. In collaboration with Recorded Future, SentinelLabs has been tracking two distinct activity clusters targeting government and critical infrastructure sectors globally between 2021 and 2023. - Malware Update |
Ransomware | ||
 |
2024-06-26 10:00:00 | Les pirates chinois déploient de plus en plus des ransomwares, disent les chercheurs Chinese hackers are increasingly deploying ransomware, researchers say (lien direct) |
> Les pirates d'État d'élite adoptent l'utilisation de ransomwares pour obscurcir leurs opérations.
>Elite state-backed hackers are embracing the use of ransomware to obfuscate their operations. |
Ransomware | ||
|
2024-06-26 10:00:00 | \\ 'Chamelgang \\' APT déguise les activités d'espionnage avec ransomware \\'ChamelGang\\' APT Disguises Espionage Activities With Ransomware (lien direct) |
L'acteur de cyberthètes China-Nexus fonctionne depuis au moins 2019 et a entendu des victimes dans plusieurs pays.
The China-nexus cyberthreat actor has been operating since at least 2019 and has notched victims in multiple countries. |
Ransomware | ||
 |
2024-06-26 09:55:48 | Chamelgang & Friends |Groupes de cyberespionnage attaquant une infrastructure critique avec un ransomware ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware (lien direct) |
Les acteurs de la menace de l'écosystème du cyberespionnage utilisent des ransomwares pour le gain financier, la perturbation, la distraction, la mauvaise attribution et l'élimination des preuves.
Threat actors in the cyberespionage ecosystem are using ransomware for financial gain, disruption, distraction, misattribution, and the removal of evidence. |
Ransomware Threat | ||
 |
2024-06-26 06:47:47 | Les données médicales infligent une tendance alarmante dans le piratage et les ransomwares ciblés par les soins de santé Medical data breaches-an alarming trend in healthcare-targeted hacking and ransomware (lien direct) |
[…] | Ransomware Prediction Medical | ||
 |
2024-06-26 03:09:26 | Les 5 industries les plus vulnérables aux violations de données en 2024 The 5 Industries Most Vulnerable to Data Breaches in 2024 (lien direct) |
Alors que nous passons à mi-chemin de 2024, des violations de données restent en augmentation.Les cybercriminels trouvent des moyens de plus en plus inventifs pour infiltrer les organisations, exploitant des vulnérabilités dans les réseaux, les logiciels et le comportement humain.Des schémas de phishing et des attaques de ransomwares aux menaces d'initiés et aux compromis de la chaîne d'approvisionnement, la menace des cyberattaques se poursuit.C'est une mauvaise nouvelle, en particulier pour certaines industries.Les conséquences de ces violations s'étendent bien au-delà des pertes financières.Les entreprises qui sont victimes peuvent être confrontées à des amendes réglementaires et à des problèmes juridiques civils.Plusieurs industries ont été ciblées ...
As we pass the halfway mark of 2024, data breaches remain on the rise. Cybercriminals are finding more and more inventive ways to infiltrate organizations, exploiting vulnerabilities in networks, software, and human behavior. From phishing schemes and ransomware attacks to insider threats and supply chain compromises, the threat of cyber attacks continues. This is bad news, especially for certain industries. The consequences of these breaches extend far beyond financial losses. Companies that fall victim can face regulatory fines and civil legal problems. Several industries have been targeted... |
Ransomware Vulnerability Threat | ||
|
2024-06-25 21:14:40 | Resurgence de Strelastealer: suivi d'un voleur d'identification axé sur JavaScript ciblant l'Europe StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe (lien direct) |
#### Targeted Geolocations - Poland - Spain - Italy - Germany ## Snapshot The SonicWall Capture Labs threat research team has been monitoring an increase in the spread of StrelaStealer, an information stealer (infostealer) malware that first emerged in 2022. Read Microsoft\'s write-up on information stealers [here](https://security.microsoft.com/intel-profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6). ## Description In mid-June, there was a notable surge in JavaScript spreading StrelaStealer, which targets Outlook and Thunderbird email credentials. StrelaStealer\'s infection chain remains similar to previous versions but now includes checks to avoid infecting Russian systems. Its targets are primarily in Poland, Spain, Italy, and Germany. The initial infection vector is an obfuscated JavaScript file sent via email in archive files. This file drops a copy in the user\'s directory with a random name and then executes a batch file to check the system language, excluding Russian users by detecting the OSLanguage code "1049". If non-Russian, a base64-encoded PE file is dropped, decoded, and a DLL is created and executed using regsvr32.exe. The DLL\'s obfuscated code decrypts the actual PE file and injects it into the current process. The stealer dynamically loads necessary APIs and checks the keyboard layout to determine the system\'s geographic location. It targets languages such as Spanish, Basque, Polish, Catalan, Italian, and German. The malware starts its stealing functionality with Mozilla Thunderbird, looking for specific files and sending data to a designated IP address. It also targets Outlook by retrieving information from specific registry keys and sending this data to the same IP. ## Additional Analysis OSINT reporting about StrelaStealer indicates that its operators tend to initiate large-scale campaigns targeting organizations in specific geographic regions or countries. Initially, the malware primarily targeted Spanish-speaking users, but has since evolved to target users speaking English and other European languages. According to Palo Alto Network\'s 2024 [report](https://unit42.paloaltonetworks.com/strelastealer-campaign/) on StrelaStealer, the malware\'s main goal, to steal email login data from email clients, has not changed. However, the malware\'s infection chain and packer have been modified to evade detection and make analysis more difficult. ## Detections/Hunting Queries Microsoft Defender Antivirus detects threat components as the following malware: - *[Trojan:JS/StrelaStealer](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:JS/StrelaStealer!MSR&threatId=-2147061639)* - *[Trojan:Win64/StrelaStealer](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win64/StrelaStealer.GPAX!MTB&threatId=-2147056969)* - *[Trojan:Win32/StrelaStealer](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/StrelaStealer.ASS!MTB&threatId=-2147054947)* ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. Check the recommendations card for the deployment status of monitored mitigations. - Check your Office 365 email filtering settings to ensure you block spoofed emails, spam, and emails with malware. Use [Microsoft Defender for Office 365](https://learn.microsoft.com/microsoft-365/security/office-365-security/defender-for-office-365?ocid=magicti_ta_learndoc) for enhanced phishing protection and coverage against new threats and polymorphic variants. Configure Microsoft Defender for Office 365 to [recheck links on click](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-links-about?ocid=magicti_ta_learndoc) and [delete sent mail](https://learn.microsoft.com/microsoft-365/security/office-365-security/zero-hour-auto-purge?ocid=magicti_ta_learndoc) in response to newly a | Ransomware Spam Malware Tool Threat | ||
|
2024-06-25 20:57:31 | Le laboratoire national de la santé de l'Afrique du Sud a frappé des attaques de ransomwares au milieu de l'épidémie MPOX South Africa\\'s national health lab hit with ransomware attack amid mpox outbreak (lien direct) |
Pas de details / No more details | Ransomware | ||
|
2024-06-25 20:19:54 | L'Indonésie refuse de payer une rançon de 8 millions de dollars après la cyberattaque Indonesia Refuses to Pay $8M Ransom After Cyberattack (lien direct) |
Plus de 200 agences gouvernementales régionales et nationales ont été touchées par l'attaque des ransomwares, et peu d'entre elles sont à nouveau opérationnelles.
More than 200 regional and national government agencies have been impacted by the ransomware attack, and few of them are once again operational. |
Ransomware | ||
 |
2024-06-25 11:52:39 | Le casque de réalité virtuelle de méta \\ est vulnérable aux attaques de ransomwares: chercheur Meta\\'s Virtual Reality Headset Vulnerable to Ransomware Attacks: Researcher (lien direct) |
Le chercheur montre comment les pirates peuvent utiliser l'ingénierie sociale pour fournir des ransomwares et d'autres logiciels malveillants à la quête 3 de Meta \\. .
Researcher shows how hackers could use social engineering to deliver ransomware and other malware to Meta\'s Quest 3 VR headset. |
Ransomware Malware | ||
 |
2024-06-25 11:25:15 | KnowBe4 lance le mois de sensibilisation aux ransomwares avec informatique le kit de ressources KnowBe4 Launches Ransomware Awareness Month With IT Resource Kit at No Cost (lien direct) |
Le mois de juillet étant le mois de sensibilisation aux ransomwares, KnowBe4 a publié une boîte à outils de ressources ransomwares sans frais pour les organisations et les responsables informatiques dans le cadre d'une campagne dédiée et d'un mois en juillet pour accroître la sensibilisation aux attaques de ransomwares.Le ransomware est une cyberattaque malveillante où les cybercriminels cryptent une organisation et exigent un paiement de rançon pour regagner l'accès.[& # 8230;]
Le post KnowBe4 lance le kit de ressources de sensibilisation aux ransomwares avec informatique à note apparu pour la première fois sur gourou de la sécurité informatique .
With July being Ransomware awareness month, KnowBe4 has released a ransomware resource toolkit at no cost for organisations and IT managers as part of a dedicated, month-long campaign in July to increase awareness about ransomware attacks. Ransomware is a malicious cyberattack where cybercriminals encrypt an organisation’s data and demand a ransom payment to regain access. […] The post KnowBe4 Launches Ransomware Awareness Month With IT Resource Kit at No Cost first appeared on IT Security Guru. |
Ransomware | ||
 |
2024-06-25 10:00:00 | Le rôle de la cybersécurité dans la construction et la fabrication modernes The Role of Cybersecurity in Modern Construction and Manufacturing (lien direct) |
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cybersecurity and threat preparedness may be at the forefront of your mind, and you may have protections in place against more common threats. Yet, as these threats continue to evolve, vigilance and adaptation are crucial for construction and manufacturing organizations. Cybercriminals have gotten both more prolific and more creative. 2023 saw a record-breaking spike in cyberattacks, with well over 300 million victims falling prey to data breaches, and the average corporate data breach cost 4.45 million dollars. In an industry where reputation is everything, a single breach could sink your ship in more ways than one. As we proceed, we’ll unpack the many ways that a cyberattack could impact your ability to turn a profit, making you aware of vulnerabilities that exist within your organization’s structure. Then we’ll provide you with practical suggestions to patch these vulnerabilities, insulating you from outside threats and keeping you on track to remain profitable. Computer Vision and Vulnerabilities As you use new technologies to support your existing processes, you must be aware of vulnerabilities that new systems can create. If you’ve looked into leveraging recent tech advancements in your field, you’re probably familiar with computer vision technology. Computer vision technology uses data gathered from physical images, importing them into the digital realm and unlocking a variety of potential benefits. Takeoff software and AI-powered planning systems streamline the project liftoff process by, simplifying cost estimation, identifying and correcting blueprint errors, and even advancing sustainability goals. While these systems can be leveraged to optimize a wide variety of processes, they also shift the balance of project planning from human input to automated computing processes. This in turn puts you more at risk for being a victim of a cyberattack. Malefactors can access automated systems through a wide variety of channels. Whether they break into your network via access to an IoT-connected device that someone misplaced in the workspace, or secret malicious code into the data sources your devices consume to function, increasing your use of technology also increases their windows of opportunity. As these systems increase in scope and importance, leaving windows like these open increases the risk of potentially profitable projects turning belly up. Process Disruption However, cybercriminals don’t need you to use newfangled technology solutions to cause havoc throughout your processes. Cybercriminals already have a tried-and-true playbook that they’ve been using on your competitors for years, and to great effect. Some of the ways cyberthreats can fracture manufacturers’ processes include: ● Ransomware: If a cybercriminal gains access to mission-critical data, they can then lock that data behind a ransomware program. Ransomware holds company d | Ransomware Malware Tool Vulnerability Threat Patching | ||
|
2024-06-25 10:00:00 | \\ 'p2pinfect \\' Le ver pousse les dents avec du mineur, du ransomware &Rootkit \\'P2PInfect\\' Worm Grows Teeth With Miner, Ransomware & Rootkit (lien direct) |
Pendant un certain temps, le botnet s'est répandu mais n'a essentiellement rien fait.Toutes les charges utiles malveillantes sont venues bien après.
For a while, the botnet spread but did essentially nothing. All the malicious payloads came well after. |
Ransomware | ||
|
2024-06-25 07:46:40 | Le RAT Rafel, un malware Android qui passe de l\'espionnage aux opérations de ransomware (lien direct) | Le RAT Rafel, un malware Android qui passe de l'espionnage aux opérations de ransomware • Les appareils Android compromis dans le cadre des campagnes observées se trouvent principalement aux États-Unis, en Chine, en Indonésie, en Russie, en Inde, en France, en Allemagne et au Royaume-Uni. ● La majorité des appareils compromis sont des téléphones Samsung, Xiaomi, Vivo et Huawei, preuve de la prédominance de ces marques sur le marché. ● La plupart des appareils concernés sont équipés de versions Android non actualisées, d'où l'importance d'effectuer régulièrement des mises à jour et d'appliquer des correctifs de sécurité. ● Dans certains cas, le RAT Rafel a été utilisé pour chiffrer les fichiers d'un dispositif et pour demander une rançon pour qu'ils soient déchiffrés. ● Contournement de 2FA : le malware a également été impliqué dans le vol de messages d'authentification à deux facteurs, lui permettant ainsi de contourner cette mesure de sécurité cruciale. - Malwares | Ransomware Malware Mobile | ||
 |
2024-06-25 06:00:45 | Email mal réalisé: un problème commun et coûteux qui est facile à résoudre Misdirected Email: A Common and Costly Issue That\\'s Easy to Fix (lien direct) |
Sensitive data loss has long been an issue for organizations of all sizes, leaving them exposed to compliance and reputation risks. From phishing and ransomware to advanced threats, there is a long and growing list of ways that sensitive information can find itself outside your defenses. That said, it never really “finds itself” there. It ends up there incidentally, or intentionally-and usually, by employees. So much so that two-thirds of chief information security officers (CISOs) surveyed for our 2024 State of the Phish report said their business has experienced data loss due to an insider. Once again, there are many ways this can happen. Even today\'s most security-oblivious users likely understand that weak passwords and errant clicks or downloads pose a risk. However, another prevalent factor behind data loss does not garner the same level of focus. It may surprise many to learn that misdirected emails-legitimate messages sent to incorrect recipients-are the number one General Data Protection Regulation (GDPR)-related cyber incident reported to the U.K.\'s Information Commissioner\'s Office (ICO). Misdirected email happens all the time-and it\'s difficult to stop with traditional tools. These errors are not usually flagged by standard rule-based data loss prevention (DLP) products. That leaves users solely responsible for ensuring that their emails are always sent to the intended recipients. Unfortunately, this human line of defense is not fully equipped for the task. Why doesn\'t traditional DLP solve misdelivery? Traditional rule based DLP tools do what they do very well. Such tools remain a critical part of any effective cyber defense when it comes to protecting sensitive data. However, they have a major shortcoming in that they only check messaging against predefined risks. Traditional DLP can identify whether: Recipients are on deny lists The content contains Social Security numbers or patient identifiers (RegEx patterns) Attached documents have classification tags; for example, if an admin has tagged a document as “sensitive” Assuming your email passes these checks, it is deemed safe to send. A misdirected email to a legitimate (albeit incorrect) recipient would not raise any red flags. A rule-based system would determine that this type of email is good to go. But based on Verizon\'s Data Breach Investigations Report (DBIR) data, which shows that email misdelivery is prevalent across all industries, we know that it\'s not. An adaptive, artificial intelligence (AI)-powered DLP solution goes much further. It doesn\'t just look for common predefined risks. Rather, it analyzes all aspects of an email for anything that looks anomalous. So, on top of checking for common red flags, it can detect abnormal groupings of recipients and flag sensitive words, phrases or content that are not ordinarily shared with the intended recipients-whether in the body of the message or in any attachments. The solution will then determine whether an email is safe to send. Overview showing how Tessian automatically detects what rule-based DLP misses. Should it detect a potential mistake or sensitive data loss incident, Proofpoint Adaptive Email DLP will intervene to question the accuracy of the recipient, offer a brief explanation of the potential issue and ask whether the sender wishes to proceed or cancel. Error message: Is this the correct recipient message? Put simply, traditional DLP cannot stop incidents like these because they can\'t be predefined. But Adaptive Email DLP can avert potential disasters in real time with simple, on-screen prompts for users so that they can correct any mistakes. With a complete timeline of each incident-what was being sent, who it was being sent to and why it was stopped-security teams get actionable insight into common mistakes and intentional attempts to misdirect company data to personal or | Ransomware Data Breach Tool | ||
|
2024-06-25 06:00:00 | P2PINFECT BOTNET cible les serveurs Redis avec un nouveau module de ransomware P2PInfect botnet targets REdis servers with new ransomware module (lien direct) |
P2PinFect, à l'origine un botnet malware pair-to-peer dormant avec des motifs peu clairs, est enfin pris vie pour déployer un module de ransomware et un cryptominer dans les attaques sur les serveurs redis.[...]
P2PInfect, originally a dormant peer-to-peer malware botnet with unclear motives, has finally come alive to deploy a ransomware module and a cryptominer in attacks on Redis servers. [...] |
Ransomware Malware | ||
|
2024-06-24 21:57:20 | Attaque de CDK: Pourquoi la planification de la contingence est essentielle pour les clients SaaS CDK Attack: Why Contingency Planning Is Critical for SaaS Customers (lien direct) |
Les opérations quotidiennes chez quelque 15 000 concessionnaires automobiles restent affectées car CDK travaille pour restaurer son système de gestion des concessionnaires, après ce qui semble être une attaque de ransomware la semaine dernière.
Daily operations at some 15,000 automotive dealers remain impacted as CDK works to restore its dealer management system, following what appears to be a ransomware attack last week. |
Ransomware Cloud | ||
|
2024-06-24 18:47:45 | Les marchands de voitures américains ressentent la douleur de la cyberattaque CDK US car dealers are feeling the pain of CDK cyberattack (lien direct) |
> Une poignée de principaux concessionnaires automobiles américains ont déclaré que leurs opérations commerciales avaient été affectées par un incident de ransomware sur le fournisseur de logiciels clés.
>A handful of major U.S. auto dealers said their business operations have been affected by a ransomware incident on the key software provider. |
Ransomware | ||
 |
2024-06-24 17:31:43 | HC3 publie un profil de menace sur les ransomwares Qilin ciblant les soins de santé mondiaux, d'autres secteurs critiques HC3 releases threat profile on Qilin ransomware targeting global healthcare, other critical sectors (lien direct) |
Le centre de coordination de la cybersécurité du secteur de la santé (HC3) du Département américain de la santé & # 38;Les services humains (HHS) ont ...
The Health Sector Cybersecurity Coordination Center (HC3) of the U.S. Department of Health & Human Services (HHS) has... |
Ransomware Threat Medical | ||
|
2024-06-24 15:39:00 | Le centre de données national de l'Indonésie crypté avec une variante de ransomware de verrouillage Indonesia\\'s national data center encrypted with LockBit ransomware variant (lien direct) |
Pas de details / No more details | Ransomware | ||
|
2024-06-24 14:46:29 | La nouvelle plate-forme PHAAS permet aux attaquants de contourner l'authentification à deux facteurs New PhaaS Platform Lets Attackers Bypass Two-Factor Authentication (lien direct) |
#### Targeted Geolocations - Eastern Europe - Northern Europe - Southern Europe - Western Europe - Middle East - Central America and the Caribbean - North America - South America #### Targeted Industries - Financial Services ## Snapshot EclecticIQ analysts discovered phishing campaigns targeting financial institutions using QR codes embedded in PDF attachments to direct victims to phishing URLs. ## Description The attacks were facilitated by a Phishing-as-a-Service (PhaaS) platform called ONNX Store, which operates through Telegram bots. ONNX Store includes a two-factor authentication (2FA) bypass mechanism that intercepts 2FA requests, increasing the success rate of Business Email Compromise (BEC) attacks. The phishing pages mimic Microsoft 365 login interfaces, tricking targets into entering their authentication details. Analysts believe with high confidence that ONNX Store is likely a rebranded version of the Caffeine phishing kit, discovered by Mandiant in 2022, based on overlapping infrastructure and Telegram advertisements. The Arabic-speaking threat actor MRxC0DER is thought to be the developer and maintainer of Caffeine, and likely provides client support for ONNX Store. ONNX Store offers various services via Telegram bots, including phishing templates, webmail services, and bulletproof hosting. It leverages Cloudflare to delay takedown processes and evade detection, using features like CAPTCHA and IP proxying to protect malicious sites. ONNX Store distributes PDF documents with embedded QR codes that direct victims to phishing pages, often impersonating reputable services like Adobe or Microsoft 365. These QR codes are difficult for organizations to detect, especially on mobile devices. Most phishing campaigns target financial institutions in the EMEA and AMER regions, including banks and credit unions. The phishing kit uses encrypted JavaScript to evade detection and captures 2FA tokens in real-time, relaying them to attackers. ONNX Store also provides bulletproof hosting, allowing cybercriminals to operate without shutdown risks. The broader implications of these phishing toolkits include aiding credential theft and ransomware attacks. ## Microsoft Analysis ## Detections/Hunting Queries EclecticIQ identified two YARA Rules that can be used to identifiy potentially malicious domains or PDF Files from the ONNX Store. HUNT\_CRIME\_ONNX\_PHISHING\_URL is designed to identify specific patterns associated with malicious domains that utilize ONNX Store API such as default error messages and Telegram support links. | rule HUNT\_CRIME\_ONNX\_PHISHING\_URL { meta: description = "Searches for default ONNX Store API error" author = "Arda Buyukkaya" date = "2024-05-23" hash = "77e03c77a2bdbc09d5279fa316a35db0" strings: $contact\_link = "https://t.me/ONNXIT" $support\_message = "Please contact ONNX SUPPORT" $expired\_api = "Your API has been expired" condition: all of them } | | --- | MAL\_CRIME\_ONNX\_Store\_Phishing\_PDF\_QR is designed to detect potenetioally malcioius QR codes with PDF files. | rule MAL\_CRIME\_ONNX\_Store\_Phishing\_PDF\_QR { meta: description = "Detects potentially malicious PDFs based on structural patterns" author = "Arda Buyukkaya" date = "2024-05-17" hash = "0250a5ba26791e7ffddb4b294d486479" strings: $pdf = "%PDF-" $magic\_classic = "%!FontType1-1." $magic\_font = /obj\s\*]\*\/Subtype\s\*\/Type1/ $magic\_font2 = /obj\s\* | Ransomware Tool Threat Mobile | ||
|
2024-06-24 14:16:35 | Sécurité centrée sur l'homme dans l'écosystème de cybersécurité et la stratégie Better Together de Pointpoint \\ Human Centric Security in the Cybersecurity Ecosystem and Proofpoint\\'s Better Together Strategy (lien direct) |
In my previous blog, I detailed how Proofpoint has redefined email security, a central pillar of what Gartner has termed Human-Centric Security, one of their three strategic priorities for CISOs in 2024 and 2025. Now I\'d like to give you an idea of how we think human-centric security fits with the rest of the modern security stack and how the current trend toward more comprehensive security solution architectures is influencing our strategic direction. The Third Era It\'s worthwhile to start with a bit of history. In our view, we\'ve entered the third major evolution of cybersecurity. In the earliest period, the perimeter was established, and basic controls were put in place. The technologies were fewer and less capable, but the consequences of security failures were nowhere near as severe as they are now. In the second era, the perimeter largely dissolved and the rapid adoption of new technologies during the heyday of digital transformation led to a massive proliferation of point security solutions, cropping up nearly as fast as the tools they were meant to secure. Unfortunately, the cost of the security engineering, operational integration, and alert response required for these tools to be effective often outweighed the risk mitigation they provided. Now we\'ve arrived a phase where the security architectures of the future are finally taking shape. They share several key characteristics: they\'re highly integrated, cloud-deployed, and align to what security teams really need to protect: their infrastructure, the apps that run on it, the data that powers those applications, and of course the humans that simultaneously constitute their organization\'s greatest asset and biggest risk. The Pillars of a Modern Security Architecture To protect the spectrum between infrastructure and people, five key control planes have emerged. The first of those components is the network, where controls have moved past the classic confines of the firewall, proxy, VPN, and other network devices to the cloud-based consolidated services that make up the modern Secure Access Services Edge (SASE). Secondly, endpoint and server protection evolved into first Endpoint Detection and Response (EDR) and then XDR as servers were increasingly replaced by cloud workloads. That of course leaves the human element, to which I\'ll return shortly, and the two cross-architecture layers: the operational processes, increasingly automated, that drive the controls and respond to the alerts they generate, and the identity fabric, both human and machine, that ties everything together. These architectures are powerful on their own, and their effectiveness compounds when they\'re well integrated. Attackers have often exploited the gaps between poorly implemented and monitored security controls to pass from a compromise of a person\'s credentials through the network to the administrative privileges that make ransomware so disruptive. Frustrating adversaries becomes much more achievable when well-integrated security controls reinforce each other, providing not just defense in depth but also defense in breadth. For example, an attacker\'s job is much harder when the malicious attachment they use to try and target a person is blocked and analyzed, with the resulting intelligence shared across SASE and XDR. Human-Centric Security and the Ecosystem With the rise of these modern security architectures, our controls for protecting networks, endpoints, and infrastructure have evolved, becoming more comprehensive, adaptive, and effective. With over 90% of breaches involving the human element, Proofpoint\'s human-centric security platform uniquely does the same for people and integrates with the key leaders across the other five components of the modern security stack. In pioneering human-centric security, we\'ve brought together previously disconnected functionality to accomplish two critical goals. The first is helping organizations protect their people from targeted attacks, impersonation, and supplier risk, along with making their people more resilien | Ransomware Tool Threat Prediction Cloud | ||
 |
2024-06-24 13:12:32 | 24 juin & # 8211;Rapport de renseignement sur les menaces 24th June – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyber recherche pour la semaine du 24 juin, veuillez télécharger notre bulletin de renseignement sur les menaces.Les meilleures attaques et violations Le groupe de ransomware de NoirSuit a perturbé les opérations chez CDK Global, un fournisseur important de solutions de marketing informatique et numérique à l'industrie automobile, ciblant leurs plateformes SaaS aux États-Unis et [& # 8230;]
>For the latest discoveries in cyber research for the week of 24th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The BlackSuit ransomware group has disrupted operations at CDK Global, a significant provider of IT and digital marketing solutions to the automotive industry, targeting their SaaS platforms across the United States and […] |
Ransomware Threat Cloud | ||
|
2024-06-24 12:48:47 | Faits saillants hebdomadaires OSINT, 24 juin 2024 Weekly OSINT Highlights, 24 June 2024 (lien direct) |
## Snapshot Last week\'s OSINT reporting reveals a persistent focus on sophisticated cyber espionage and ransomware campaigns by state-sponsored threat actors and advanced cybercriminal groups. Key trends include the exploitation of known vulnerabilities in network devices and hypervisors by Chinese groups like Velvet Ant and UNC3886, leveraging custom malware for long-term access and data theft. Meanwhile, actors active in the Middle Eastern and South Asian such as Arid Viper and UTA0137 continue to target adversaries with trojanized apps and Linux malware, respectively. Additionally, innovative social engineering techniques, like those used by TA571 and ClearFake, highlight the evolving methods threat actors employ to deliver diverse payloads, including ransomware and information stealers. The consistent targeting of critical infrastructure, government entities, and high-value enterprises underscores the need for robust, multi-layered cybersecurity defenses to mitigate these sophisticated and persistent threats. ## Description 1. **[Arid Viper Espionage Campaigns](https://sip.security.microsoft.com/intel-explorer/articles/19d9cd7d)**: ESET researchers uncovered Arid Viper\'s espionage campaigns targeting Android users in Egypt and Palestine. The campaigns distribute trojanized apps through dedicated websites, focusing on user data espionage with their AridSpy malware, a sophisticated multistage Android spyware. 2. **[Velvet Ant Exploits F5 BIG-IP](https://sip.security.microsoft.com/intel-explorer/articles/e232b93d)**: Sygnia analysts revealed that the Chinese cyberespionage group Velvet Ant exploited vulnerabilities in F5 BIG-IP appliances to deploy malware like PlugX, enabling long-term access and data theft. These incidents emphasize the threat posed by persistent threat groups exploiting network device vulnerabilities. 3. **[UNC3886 Targets Hypervisors](https://sip.security.microsoft.com/intel-explorer/articles/faed9cc0)**: Google Cloud reported that Mandiant investigated UNC3886, a suspected Chinese cyberespionage group, targeting hypervisors with sophisticated malware and exploiting vulnerabilities in FortiOS and VMware technologies. The group utilized rootkits and custom malware for persistence and command and control. 4. **[UTA0137 Cyber-Espionage Campaign](https://sip.security.microsoft.com/intel-explorer/articles/bc2b5c55)**: Volexity identified Pakistan-based UTA0137 targeting Indian government entities with DISGOMOJI malware, which uses Discord for command and control. The campaign targets Linux systems, employing various persistence mechanisms and exploiting vulnerabilities like DirtyPipe for privilege escalation. 5. **[Proofpoint Highlights Copy-Paste Attacks](https://sip.security.microsoft.com/intel-explorer/articles/c75089e9)**: Proofpoint researchers reported that threat actors, including TA571 and ClearFake, are using techniques that prompt users to copy and paste malicious PowerShell scripts. These campaigns deliver various malware, including DarkGate and NetSupport, through clever social engineering tactics that trick users into compromising their systems. 6. **[Shinra and Limpopo Ransomware](https://sip.security.microsoft.com/intel-explorer/articles/b7a96cbd)**: FortiGuard Labs identified the emergence of Shinra and Limpopo ransomware strains in early 2024. Shinra ransomware exfiltrates data before encryption, while Limpopo targets ESXi environments, affecting multiple countries and causing significant disruptions. 7. **[CVE-2024-4577 Vulnerability Exploits](https://sip.security.microsoft.com/intel-explorer/articles/8635c515)**: Cyble Global Sensor Intelligence detected multiple scanning attempts exploiting CVE-2024-4577, a vulnerability in Windows affecting PHP installations. Threat actors are using this flaw to deploy ransomware and malware, emphasizing the urgent need for organizations to upgrade PHP versions to mitigate risks. 8. **[SmallTiger Malware Targets South Korea](https://sip.security.microsoft.com/intel-explorer/articles/3f29a6c8)**: The AhnLab Securi | Ransomware Malware Tool Vulnerability Threat Mobile Cloud | APT-C-23 | |
|
2024-06-24 12:34:07 | Lockbit Ransomware réclame 33 TB des données de la Réserve fédérale américaine pour Ransom LockBit Ransomware Claims 33 TB of US Federal Reserve Data for Ransom (lien direct) |
Lockbit Ransomware prétend contenir 33 To de données de la Réserve fédérale américaine pour Ransom.Hackread.com enquête, tendant la main à CISA pour des commentaires sur la violation et les négociations en cours.Restez à jour!
LockBit ransomware claims to hold 33 TB of data from the US Federal Reserve for ransom. Hackread.com investigates, reaching out to CISA for comments on the breach and ongoing negotiations. Stay updated! |
Ransomware | ||
 |
2024-06-23 09:43:00 | MEDUSA RANSOMWARE: Regarder les cyber-menaces dans les yeux avec Darktrace Medusa Ransomware: Looking Cyber Threats in the Eye with Darktrace (lien direct) |
Ce blog examine Medusa Ransomware, une variante Ransomware-as-a-Service (RAAS) qui est connue pour utiliser la vie des techniques terrestres pour infecter les réseaux cibles et se déplacer vers ses objectifs ultimes, le cryptage des données et l'exfiltration.
This blog investigates Medusa ransomware, a Ransomware-as-a-Service (RaaS) variant that is known to use living off the land techniques to infect target networks and move towards its ultimate goals, data encryption and exfiltration. |
Ransomware | ||
|
2024-06-22 15:08:43 | CDK Global Putage causée par une attaque de ransomware de combinaison noire CDK Global outage caused by BlackSuit ransomware attack (lien direct) |
Le gang de ransomwares noirs est derrière la panne d'informatique massive de CDK Global \\ et les perturbations des concessionnaires automobiles en Amérique du Nord, selon plusieurs sources familières avec le problème.[...]
The BlackSuit ransomware gang is behind CDK Global\'s massive IT outage and disruption to car dealerships across North America, according to multiple sources familiar with the matter. [...] |
Ransomware | ||
|
2024-06-22 10:19:38 | Rafel Rat cible les téléphones Android obsolètes dans des attaques de ransomwares Rafel RAT targets outdated Android phones in ransomware attacks (lien direct) |
Un logiciel malveillant Android open source nommé \\ 'rafel rat \' est largement déployé par plusieurs cybercriminels pour attaquer les appareils obsolètes, certains visant à les verrouiller avec un module de ransomware qui exige le paiement sur Telegram.[...]
An open-source Android malware named \'Rafel RAT\' is widely deployed by multiple cybercriminals to attack outdated devices, some aiming to lock them down with a ransomware module that demands payment on Telegram. [...] |
Ransomware Malware Mobile | ||
 |
2024-06-21 15:33:07 | Vente du code source du Ransomware INC (lien direct) | Depuis août 2023, le ransomware INC, fonctionnant sous le modèle Ransomware-as-a-Service (RaaS), fait parler de lui. Le code source a été mis en vente sur le darknet. | Ransomware | ||
|
2024-06-21 15:26:59 | Avec une revue presque terminée, UnitedHealth dit \\ 'Aucune preuve \\' Doctors \\ 'graphiques volés en attaque de ransomware With review nearly finished, UnitedHealth says \\'no evidence\\' doctors\\' charts stolen in ransomware attack (lien direct) |
Pas de details / No more details | Ransomware | ||
|
2024-06-21 12:10:25 | Modifier les soins de santé répertorie les données médicales volées dans une attaque de ransomware Change Healthcare lists the medical data stolen in ransomware attack (lien direct) |
UnitedHealth a confirmé pour la première fois quels types de données médicales et des patients ont été volées lors de l'attaque de ransomware de soins de santé massive à changement, indiquant que les notifications de violation de données seront postées en juillet.[...]
UnitedHealth has confirmed for the first time what types of medical and patient data were stolen in the massive Change Healthcare ransomware attack, stating that data breach notifications will be mailed in July. [...] |
Ransomware Data Breach Medical | ||
|
2024-06-21 12:07:13 | Ransomware Qilin fuit 400 Go de NHS et de données sur les patients sur le télégramme Qilin Ransomware Leaks 400GB of NHS and Patient Data on Telegram (lien direct) |
Découvrez l'impact de l'attaque des ransomwares de Qilin contre Synnovis et services de santé.Découvrez les conséquences de ce cyber-incident et ses implications pour les soins aux patients.
Learn about the impact of the Qilin ransomware attack on Synnovis and healthcare services. Discover the consequences of this cyber incident and its implications for patient care. |
Ransomware Medical | ||
|
2024-06-21 11:55:26 | Près de 200 opérations de cancer reportées alors que le groupe de ransomware publie des données de london Almost 200 cancer operations postponed as ransomware group publishes London hospitals data (lien direct) |
Pas de details / No more details | Ransomware | ||
 |
2024-06-21 11:15:07 | Qilin Cyber Scum Données de fuite qu'ils prétendent appartiennent à London Hospitals \\ 'Pathology Provider Qilin cyber scum leak data they claim belongs to London hospitals\\' pathology provider (lien direct) |
Au moins, ils n'ont pas été payés à leur demande de rançon de 50 millions de dollars Le gang de ransomware responsable du chaos dans les hôpitaux de Londres est resté fidèle à sa parole et a publié une mine de données qu'il prétend appartenirau fournisseur de services de pathologie Synnovis.…
At least they didn\'t get paid their $50 million ransom demand The ransomware gang responsible for the chaos at London hospitals kept true to its word and released a trove of data that it claims belongs to pathology services provider Synnovis.… |
Ransomware | ||
|
2024-06-21 09:50:00 | Les attaquants de Synnovis publient les données des patients NHS en ligne Synnovis Attackers Publish NHS Patient Data Online (lien direct) |
Ransomware Group Qilin aurait publié près de 400 Go de données volées à la suite de l'attaque contre le fournisseur NHS Synnovis début juin
Ransomware group Qilin has reportedly published nearly 400GB of data stolen following the attack on NHS provider Synnovis in early June |
Ransomware | ★★ | |
|
2024-06-20 15:00:36 | RAFEL RAT, Android Malware de l'espionnage aux opérations de ransomware Rafel RAT, Android Malware from Espionage to Ransomware Operations (lien direct) |
> En ce qui concerne les appareils mobiles, Android est le système d'exploitation le plus populaire et le plus utilisé avec plus de 3,9 milliards d'utilisateurs actifs dans plus de 190 pays.Les trois quarts de tous les appareils mobiles fonctionnent sur Android.Cependant, avec son adoption généralisée et son environnement ouvert vient le risque d'activité malveillante.Android Malware, un logiciel malveillant conçu pour cibler les appareils Android, constitue une menace importante pour les utilisateurs & # 8217;confidentialité, sécurité et intégrité des données.Ces programmes malveillants se présentent sous diverses formes, y compris les virus, les chevaux de Troie, les ransomwares, les logiciels espions et les logiciels publicitaires, et ils peuvent infiltrer des appareils via plusieurs vecteurs, tels que les téléchargements d'applications, les sites Web malveillants, les attaques de phishing et même [& # 8230;]
>When it comes to mobile devices, Android is the most popular and used operating system with over 3.9 billion active users in over 190 countries. Three-quarters of all mobile devices run on Android. However, with its widespread adoption and open environment comes the risk of malicious activity. Android malware, a malicious software designed to target Android devices, poses a significant threat to users’ privacy, security, and data integrity. These malicious programs come in various forms, including viruses, Trojans, ransomware, spyware, and adware, and they can infiltrate devices through multiple vectors, such as app downloads, malicious websites, phishing attacks, and even […] |
Ransomware Malware Threat Mobile | ★★ | |
|
2024-06-20 15:00:00 | Rafel RAT, Android Malware from Espionage to Ransomware Operations (lien direct) | > Recherche de: Antonis Terefos, Bohdan Melnykov Introduction Android, le système d'exploitation mobile le plus populaire de Google, alimente des milliards de smartphones et de tablettes à l'échelle mondiale.Connu pour sa nature open source et sa flexibilité, Android offre aux utilisateurs un large éventail de fonctionnalités, d'options de personnalisation et d'accès à un vaste écosystème d'applications via le Google Play Store et d'autres sources.Cependant, [& # 8230;]
>Research by: Antonis Terefos, Bohdan Melnykov Introduction Android, Google\'s most popular mobile operating system, powers billions of smartphones and tablets globally. Known for its open-source nature and flexibility, Android offers users a wide array of features, customization options, and access to a vast ecosystem of applications through the Google Play Store and other sources. However, […] |
Ransomware Malware Mobile | ★★ |
To see everything:
Our RSS (filtrered)
