What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-07 01:28:00 | MKS Instruments falls victim to ransomware attack (lien direct) | Semiconductor equipment maker MKS Instruments is investigating a ransomware event that occurred on February 3 and impacted its production-related systems, the company said in a filing with the US Security and Exchange Commission.MKS Instruments is an Andover, Massachusetts-based provider of subsystems for semiconductor manufacturing, wafer level packaging, package substrate and printed circuit boards.An email sent to MKS Instruments seeking more information about the attack remained unanswered, while the company's website continued to be inaccessible at the time of writing, with a error notification that read, “Unfortunately, www.mks.com is experiencing an unscheduled outage. Please check back again at a later time.” To read this article in full, please click here | Ransomware | ★★★ | |
 |
2023-02-06 22:11:00 | Global Ransomware Attack on VMware EXSi Hypervisors Continues to Spread (lien direct) | The fresh "ESXiArgs" malware is exploiting a 2-year-old RCE security vulnerability (tracked as CVE-2021-21974), resulting in thousands of unpatched servers falling prey to the campaign. | Ransomware Malware Vulnerability | ★★ | |
 |
2023-02-06 16:00:00 | Major Florida Hospital Shuts Down Networks, Ransomware Attack Suspected (lien direct) | The Tallahassee Memorial HealthCare hospital is following protocols for system downtime | Ransomware | ★★ | |
 |
2023-02-06 14:41:13 | Une campagne massive de ransomware cible les serveurs VMware ESXi (lien direct) | Une campagne massive de ransomware automatisé cible les hyperviseurs VMware ESXi dans le monde entier, prévient le CERT-FR. Vous trouverez ci-dessous l'expertise de Stefan van der Wal, Consulting Solutions Engineer, EMEA chez Barracuda Networks : - Malwares | Ransomware | ★★ | |
 |
2023-02-06 14:28:11 | \'Massive\' new ESXiArgs ransomware campaign has compromised thousands of victims (lien direct) |  Thousands of servers running an unpatched version of VMware's ESXi product are vulnerable to ransomware, researchers say |
Ransomware | ★★ | |
 |
2023-02-06 14:26:54 | Massive Ransomware attack Targets VMware ESXi Servers (lien direct) | >VMware servers around the world suffer an extensive targeted ransomware attack, largest non-windows ransomware cyberattack on record. Here's what you need to know and do What happened? French Computer Emergency Response Team and Italy's national cybersecurity authority (ACN) officially warned organizations worldwide against a ransomware attack targeting thousands of VMware ESXI servers, exploiting a known… | Ransomware | ★★ | |
|
2023-02-06 13:34:30 | VMware ESXi ciblé par des attaques par ransomware : proposition expert cyber sécurité (lien direct) | Pour donner suite à l'alerte I-CERT portant sur l'attaque de ransomware en cours touchant les serveurs VMWare ESXi 6.0, 6.5, 6.7 et 7.0 [1][2] exposés sur Internet [3], Mickael WALTER, Analyste Sécurité au CERT d'I-TRACING constate que " les vulnérabilités exploitées sont anciennes et ne touchent pas les versions récentes d'ESXi. - Malwares | Ransomware | ★★ | |
 |
2023-02-06 12:00:00 | DarkSide Ransomware With Self-Propagating Feature in AD Environments (lien direct) | In order to evade analysis and sandbox detection, DarkSide ransomware only operates when the loader and data file are both present. The loader with the name “msupdate64.exe” reads the “config.ini” data file within the same path that contains the encoded ransomware and runs the ransomware on the memory area of a normal process. The ransomware is structured to only operate when a specific argument matches. It will then register itself to the task scheduler and run itself periodically. The following... | Ransomware | ★★★ | |
 |
2023-02-06 10:44:00 | Massive ransomware attack targets VMware ESXi servers worldwide (lien direct) | Cybersecurity agencies globally, including in Italy, France, the US and Singapore have issued alerts about a ransomware attack targeting the VMware ESXi hypervisor.Aourva | Ransomware | ★★ | |
 |
2023-02-06 10:30:00 | Many VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability (lien direct) | >Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021. | Ransomware Vulnerability | ★★ | |
|
2023-02-06 10:10:00 | Legacy VMware Bug Exploited in Global Ransomware Campaign (lien direct) | Vendor's ESXi hypervisors are being targeted | Ransomware | ★★ | |
|
2023-02-06 10:04:53 | Comment: widespread ransomware attack on vulnerable VMware ESXi installations (lien direct) | In response to the following news of a widespread ransomware attack on vulnerable VMware ESXi installations¬¬, we have a comment from Stefan van der Wal, Consulting Solutions Engineer, EMEA, Application Security, Barracuda Networks commented: - Malware Update | Ransomware | ★ | |
 |
2023-02-06 09:21:43 | Un " ransomware ESXi " sévit en France : les choses à savoir (lien direct) | Depuis quelques jours, un ransomware prend d'assaut les serveurs ESXi, y compris en France. Comment éviter l'impact ? | Ransomware | ★★ | |
 |
2023-02-06 09:04:22 | A BOLDMOVE by the Chinese Hackers: Exploiting Fortinet Systems (lien direct) | >By Nilaa MaharjanContentsKey FindingsWhich Products and Versions are Affected?Making a BOLD statementBoldly going where no malware has gone beforeDetecting BOLDMOVE using LogpointInvestigation and response with LogpointRemediation and mitigation best practicesFinal ThoughtsTL;DRFortinet disclosed a zero-day vulnerability in its FortiOS SSL-VPN products in December 2022, which was discovered to have been exploited by ransomware gangs.The vulnerability, a [...] | Ransomware Malware Vulnerability | ★★ | |
|
2023-02-06 02:00:00 | Will your incident response team fight or freeze when a cyberattack hits? (lien direct) | If there's an intrusion or a ransomware attack on your company, will your security team come out swinging, ready for a real fight? CISOs may feel their staff is always primed with the technical expertise and training they need, but there's still a chance they might freeze up when the pressure is on, says Bec McKeown, director of human science at cybersecurity training platform Immersive Labs.“You may have a crisis playbook and crisis policies and you may assume those are the first things you'll reach for during an incident. But that's not always the case, because the way your brain works isn't just fight or flight. It's fight, flight, or freeze,” she says. “I've heard people say, 'We knew how to respond to a crisis, but we didn't know what to do when it actually happened.'”To read this article in full, please click here | Ransomware | ★★ | |
 |
2023-02-05 10:15:32 | Linux version of Royal Ransomware targets VMware ESXi servers (lien direct) | Royal Ransomware is the latest ransomware operation to add support for encrypting Linux devices to its most recent malware variants, specifically targeting VMware ESXi virtual machines. [...] | Ransomware Malware | ★★ | |
 |
2023-02-04 16:17:10 | ESXiArgs Ransomware Attack Targets VMware Servers Worldwide (lien direct) | The vulnerability, tracked as CVE-2021-21974, is caused by a stack overflow issue in the OpenSLP... | Ransomware | ★★★★ | |
 |
2023-02-04 11:00:00 | New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (lien direct) | VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team (CERT) of France said in an advisory on Friday. VMware, in its own alert released at the time, described the issue as an | Ransomware | ★★★ | |
|
2023-02-03 14:20:48 | Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide (lien direct) | Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware. [...] | Ransomware Vulnerability | ★★★ | |
 |
2023-02-03 08:30:00 | LockBit gang confirms Ion cyber attack as disruption continues (lien direct) | Pas de details / No more details | Ransomware | ★★★ | |
 |
2023-02-03 07:30:10 | LockBit claims responsibility for ION ransomware attack but US/UK hounds are sniffing (lien direct) | Crims put a February 4 deadline for software provider to pay up UK regulators are investigating a cyberattack against financial technology firm ION, while the LockBit ransomware gang has threatened to publish the stolen data on February 4 if the software provider doesn't pay up.… | Ransomware | ★★ | |
|
2023-02-02 20:53:00 | Cyberattack on Fintech Firm Disrupts Derivatives Trading Globally (lien direct) | The Russia-linked LockBit ransomware group claims to be behind the attack that fouled automated transactions for dozens of clients of financial technology firm ION Group. | Ransomware | ★★★ | |
|
2023-02-02 15:54:42 | QNAP warns of new bug prompting worries of potential Deadbolt ransomware exploitation (lien direct) |  QNAP is warning customers to update their devices after a vulnerability was discovered making thousands of devices susceptible to attack |
Ransomware Vulnerability | ★★ | |
 |
2023-02-02 15:02:26 | Ransomware attack halts London trading (lien direct) | Ion Markets, a financial data group crucial to the financial plumbing underlying the derivatives trading industry, has fallen prey to the cybercrime group Lockbit. The company has revealed that 42 clients have been affected by the attack, which has caused major disruption in its cleared derivatives division. Reports suggest that some clients have been unable […] | Ransomware | ★★★ | |
|
2023-02-02 13:57:35 | Ransomware gang attempts to extort UK school by posting files about at-risk children (lien direct) |  The Vice Society group apparently posted files that included safeguarding reports, which record information about at-risk students |
Ransomware | ★★ | |
|
2023-02-02 12:00:00 | Cyber Insights 2023: Ransomware (lien direct) | >The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions. | Ransomware | ★★ | |
 |
2023-02-02 11:39:52 | Ransomware Gang Stole Customer Data, Arnold Clark Confirms (lien direct) | >Our CEO Brian Honan speaks to Data Breach Today at Information Security Media Group (ISMG) about the Arnold Clark Ransomware attack. Read More > | Ransomware Data Breach | ★ | |
 |
2023-02-02 10:02:17 | City Of London Traders Hit By Russia-Linked Cyberattack (lien direct) | Following an attack on a firm that is crucial to the British financial system by a ransomware group with Russian ties, trading in the City of London has fallen into disarray. A top official in the US Treasury Department said on Wednesday that the hack on a UK-based software company that disrupted some futures trading […] | Ransomware Hack | ★★ | |
|
2023-02-02 09:31:06 | Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk (lien direct) | With the proliferation of cyber attacks in all industries, organizations are beginning to grasp the growing significance of cyber risk and how this is an integral part of protecting and maintaining an efficient business. Ransomware is the single biggest cyber threat to global businesses; in fact, during the first half of 2022 alone, there were […] | Ransomware Threat | ★★ | |
|
2023-02-02 09:30:00 | City of London on High Alert After Ransomware Attack (lien direct) | Critical trading software firm Ion is compromised | Ransomware | ★ | |
 |
2023-02-02 09:24:00 | (Déjà vu) Ransomware Roundup – Trigona Ransomware (lien direct) | In this week's Ransomware Roundup, FortiGuardLabs covers Trigona ransomware along with protection recommendations. Read the blog to find out more. | Ransomware | ★★ | |
|
2023-02-02 09:13:26 | Ransomware attack on ION Group impacts derivatives trading market (lien direct) | The LockBit ransomware gang has claimed responsibility for the cyberattack on ION Group, a UK-based software company whose products are used by financial institutions, banks, and corporations for trading, investment management, and market analytics. [...] | Ransomware | ★★ | |
|
2023-02-02 09:00:00 | Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms (lien direct) | An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage. | Ransomware Threat | APT 38 | ★★ |
|
2023-02-02 06:55:00 | Suspected LockBit ransomware attack causes havoc in City of London (lien direct) | Pas de details / No more details | Ransomware | ★ | |
|
2023-02-02 06:15:00 | Arnold Clark customer data was stolen in Play ransomware attack (lien direct) | Pas de details / No more details | Ransomware | ★ | |
|
2023-02-02 01:00:00 | APT groups use ransomware TTPs as cover for intelligence gathering and sabotage (lien direct) | State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea's Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns.At the same time, some Chinese APTs that were traditionally targeting entities in Asia shifted their focus to European companies, while Iran-based groups that traditionally targeted Israeli companies started going after their foreign subsidiaries. At least one North Korean group that was focused on South Korea and Russia has started using English in its operations. All these operational changes suggest organizations and companies from Western countries are at increased risk from APT activity.To read this article in full, please click here | Ransomware Threat Medical | APT 38 | ★★ |
|
2023-02-02 00:02:43 | (Déjà vu) ASEC Weekly Malware Statistics (January 23rd, 2023 – January 29th, 2023) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 23rd, 2023 (Monday) to January 29th, 2023 (Sunday). For the main category, downloader ranked top with 44.2%, followed by Infostealer with 34.3%, backdoor with 18.5%, ransomware with 2.6%, and CoinMiner with 0.4%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 24.0%. The malware is distributed via malware disguised... | Ransomware Malware | ★★ | |
|
2023-02-01 18:46:19 | \'Global markets\' impacted by ransomware attack on financial software company (lien direct) |  A ransomware attack on Dublin-based software company ION Group has impacted the trading of financial derivatives on international markets. ION Group describes itself as enabling “financial institutions, central banks and corporations to digitize and automate their most business critical processes.” A pop-up notice on its site on Wednesday warned that “a cybersecurity event” that struck [… |
Ransomware | ★★★ | |
|
2023-02-01 18:00:00 | Ransomware Attack Forces Closure of Nantucket Schools (lien direct) | The district's superintendent Elizabeth Hallett announced the decision in an email to parents | Ransomware | ★★★ | |
|
2023-02-01 17:12:21 | K-12 schools in Tucson, Nantucket respond to cyberattacks (lien direct) |  The disruptions to school networks in Arizona and Massachusetts follow a string of similar K-12 ransomware incidents |
Ransomware | ★★ | |
 |
2023-02-01 15:02:18 | Une chaîne de télévision attaquée par un ransomware (lien direct) | LockBit s'attribue la cyber attaque à l'encontre d'un groupe télévisuel. C'est la seconde fois que ce media tombe sous les coups de hackers !... | Ransomware | ★★ | |
|
2023-02-01 14:32:07 | Ransomware Leads to Nantucket Public Schools Shutdown (lien direct) | >Nantucket's public schools shut its doors to students and teachers after a data encryption and extortion attack on its computer systems. | Ransomware | ★★ | |
|
2023-02-01 13:50:21 | Neustar Security Services is introducing UltraDDR (lien direct) | New DNS detection and response service safeguards user internet traffic and enforces enterprise acceptable use policies Neustar Security Services, a leading provider of cloud-based security services that enable global businesses to thrive online, is introducing UltraDDR (DNS Detection and Response), a recursive DNS-based protection service aimed at combatting network breaches, ransomware and phishing and supply chain compromise attacks, while enforcing enterprise acceptable use policies for its users. - Product Reviews | Ransomware Guideline | ★ | |
|
2023-02-01 13:38:40 | Arnold Clark customer data stolen in attack claimed by Play ransomware (lien direct) | Arnold Clark, self-described as Europe's largest independent car retailer, is notifying some customers that their personal information has been stolen in a December 23 cyberattack claimed by the Play ransomware group. [...] | Ransomware | ★★★ | |
 |
2023-02-01 11:00:00 | The top 8 Cybersecurity threats facing the automotive industry heading into 2023 (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Most, if not all, industries are evolving on a digital level heading into 2023 as we take the journey to edge computing. But the automotive industry is experiencing technological innovation on another level. A rise in the production of connected vehicles, new autonomous features, and software that enables cars to self-park and self-drive are great examples of the digital evolution taking the automotive industry by storm. According to the AT&T 2022 Cybersecurity Insights (CSI) Report, 75% of organizations plan to implement edge security changes to help mitigate the kind of risks that affect cars, trucks, fleets, and other connected vehicles and their makers. And for a good reason. These automotive features and advancements have offered cybercriminals an array of new opportunities when it comes to cyberattacks. There are several ways that threat actors are targeting the automotive industry, including tried and true methods and new attack vectors. In this article, you’ll learn about the top 8 cybersecurity threats facing the automotive industry heading into 2023 and what the industry can do to prevent threats. Automotive Cybersecurity threats As autos increasingly come with connectivity features, remote threats are more likely. A recent report revealed that 82% of attacks against the automotive industry (including consumer vehicles, manufacturers, and dealerships) were carried out remotely. Plus, half of all vehicle thefts involved keyless entry. Automakers, dealers, and consumers play a role in automotive cybersecurity. But as the industry continues to adopt connected technologies, it will become increasingly important that organizations take a proactive approach to cybersecurity. When it comes to automotive threats, there are countless methods that hackers use to steal vehicles and driver information and cause problems with the vehicle’s functioning. Let’s explore the top 8 cybersecurity threats facing the automotive industry this year. Keyless car theft As one of the most prominent threats, keyless car theft is a major concern for the automotive industry. Key fobs today give car owners the ability to lock and unlock their doors by standing near their vehicle and even start their car without the need for a physical key. Autos enabled with keyless start and keyless entry are prone to man-in-the-middle attacks that can intercept the data connection between the car and the key fob itself. Hackers take advantage of these systems to bypass authentication protocols by tricking the components into thinking they are in proximity. Then the attacker can open the door and start the vehicle without triggering any alarms. EV charging station exploitation Electric vehicles are becoming more popular as the globe transitions to environmental technologies. Charging stations allow EV owners to charge their vehicles in convenient locations such as public parking lots, parks, and even their own garages. When you charge an EV at a charging station, data transfers between the car, the charging station, and the company that owns the device. This data chain presents many ways threat actors can exploit an EV charging station. Malware, fraud, remote manipulation, and even disabling charging stations are all examples of ways hackers take advantage of EV infrastructure. Infotainment system attacks Modern cars require | Ransomware Malware Vulnerability Threat | ★★★ | |
|
2023-02-01 09:30:00 | Nearly 30,000 QNAP Devices Exposed Via New Bug (lien direct) | Vulnerability could be exploited by ransomware groups | Ransomware Vulnerability | ★★★ | |
|
2023-01-31 23:29:34 | TZW Ransomware Being Distributed in Korea (lien direct) | Through internal monitoring, the ASEC analysis team recently discovered the distribution of the TZW ransomware, which encrypts files before adding the “TZW” file extension to the original extension. This ransomware is being propagated with the version info marked as “System Boot Info”, disguising itself as a normal program file related to boot information. It was created in a .NET format and includes a loader and the actual ransomware data within it. It ultimately loads and executes the ransomware file through... | Ransomware | ★★ | |
 |
2023-01-31 20:04:22 | Ransomware Targets are Getting Larger and Paying More as Fewer Victims Are Paying the Ransom (lien direct) |
|
Ransomware | ★★★ | |
|
2023-01-31 19:00:45 | LockBit takes credit for November ransomware attack on Sacramento PBS station (lien direct) |  The LockBit ransomware group this week said it was responsible for a November ransomware attack on a public broadcasting affiliate in Sacramento, California. The high-profile cybercrime gang made the claim on the dark web site where it leaks victims’ data. The PBS station KVIE announced the attack on November 23, noting that some of its [… |
Ransomware | ★★★ | |
 |
2023-01-31 17:27:00 | Anomali Cyber Watch: KilllSomeOne Folders Invisible in Windows, Everything APIs Abuse Speeds Up Ransomware, APT38 Experiments with Delivery Vectors and Backdoors (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, Cryptocurrency, Data leak, Iran, North Korea, Phishing, Ransomware, and USB malware. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Chinese PlugX Malware Hidden in Your USB Devices?
(published: January 26, 2023)
Palo Alto researchers analyzed a PlugX malware variant (KilllSomeOne) that spreads via USB devices such as floppy, thumb, or flash drives. The variant is used by a technically-skilled group, possibly by the Black Basta ransomware. The actors use special shortcuts, folder icons and settings to make folders impersonating disks and a recycle bin directory. They also name certain folders with the 00A0 (no-break space) Unicode character thus hindering Windows Explorer and the command shell from displaying the folder and all the files inside it.
Analyst Comment: Several behavior detections could be used to spot similar PlugX malware variants: DLL side loading, adding registry persistence, and payload execution with rundll32.exe. Incidents responders can check USB devices for the presence of no-break space as a folder name.
MITRE ATT&CK: [MITRE ATT&CK] T1091 - Replication Through Removable Media | [MITRE ATT&CK] T1559.001 - Inter-Process Communication: Component Object Model | [MITRE ATT&CK] T1547.009 - Boot or Logon Autostart Execution: Shortcut Modification | [MITRE ATT&CK] T1574.002 - Hijack Execution Flow: Dll Side-Loading | [MITRE ATT&CK] T1036 - Masquerading | [MITRE ATT&CK] T1027 - Obfuscated Files Or Information | [MITRE ATT&CK] T1564.001: Hidden Files and Directories | [MITRE ATT&CK] T1105 - Ingress Tool Transfer
Tags: detection:PlugX, detection:KilllSomeOne, USB, No-break space, file-type:DAT, file-type:EXE, file-type:DLL, actor:Black Basta, Windows
Abraham's Ax Likely Linked to Moses Staff
(published: January 26, 2023)
Cobalt Sapling is an Iran-based threat actor active in hacking, leaking, and sabotage since at least November 2020. Since October 2021, Cobalt Sapling has been operating under a persona called Moses Staff to leak data from Israeli businesses and government entities. In November 2022, an additional fake identity was created, Abraham's Ax, to target government ministries in Saudi Arabia. Cobalt Sapling uses their custom PyDCrypt loader, the StrifeWater remote access trojan, and the DCSrv wiper styled as ransomware.
Analyst Comment: A defense-in-depth approach can assist in creating a proactive stance against threat actors attempting to destroy data. Critical systems should be segregated from each other to minimize potential damage, with an |
Ransomware Malware Tool Threat Medical | APT 38 | ★★★ |
To see everything:
Our RSS (filtrered)
