What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-07 17:33:55 | Russian ransomware money launderer pleads guilty to funneling Ryuk payments (lien direct) | >A Russian man extradited to the U.S. last year pleads guilty to attempting to conceal ransom payments that resulted from attacks on Americans. | Ransomware Guideline | ★★★ | |
 |
2023-02-07 16:32:00 | Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm (lien direct) | The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process. "The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying the ransom," SentinelOne researcher Antonis Terefos said in a report shared with The Hacker News. | Ransomware | ★★ | |
|
2023-02-07 15:51:00 | VMware Finds No Evidence of 0-Day in Ongoing ESXiArgs Ransomware Spree (lien direct) | VMware on Monday said it found no evidence that threat actors are leveraging an unknown security flaw, i.e., a zero-day, in its software as part of an ongoing ransomware attack spree worldwide. "Most reports state that End of General Support (EoGS) and/or significantly out-of-date products are being targeted with known vulnerabilities which were previously addressed and disclosed in VMware | Ransomware Threat | ★ | |
 |
2023-02-07 14:18:24 | LockBit ransomware group threatens Royal Mail with data leak deadline (lien direct) |  The LockBit cybercriminals told the British mail service it has until February 9 to pay up to protect data apparently stolen in January |
Ransomware | ★★★ | |
 |
2023-02-07 13:37:45 | Global ransomware attack and Vesuvius - Logpoint comment (lien direct) | In light the news that Italy have warned of a large scale global ransomware attack, please see comment below from Tim Wallen, Regional Director UK, US & Emerging markets, Logpoint. - Malware Update | Ransomware | ★★★ | |
 |
2023-02-07 12:12:36 | VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks (lien direct) | >ESXiArgs ransomware attacks continue, with thousands of unpatched ESXi servers compromised within a few days via CVE-2021-21974. | Ransomware | ★★ | |
|
2023-02-07 12:11:30 | Les hackers ciblent les vulnérabilités connues des serveurs et la France, la Finlande et l\'Italie sont les plus touchés en Europe : le commentaire de Tenable (lien direct) | Dimanche dernier, Reuters a publié un rapport dans lequel l'Agence nationale italienne de cybersécurité (ACN) déclare que des milliers de serveurs informatiques ont été la cible d'une attaque mondiale de ransomware visant les serveurs ESXi de VMware (VMW.N). Le piratage était une attaque à grande échelle et visait à exploiter une vulnérabilité logicielle connue. Ce rapport initial a été corroboré par d'autres régions qui ont émis des avertissements similaires. Selon Politico, la France, la Finlande et l'Italie sont les pays les plus touchés en Europe, tandis que les États-Unis et le Canada comptent également un nombre élevé de cibles. Le commentaire de Bernard Montel, directeur technique EMEA et security strategist chez Tenable - Malwares | Ransomware | ★ | |
 |
2023-02-07 10:55:22 | Le ransomware CL0P cible les systèmes Linux avec cryptage défectueux |Decryptor disponible Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available (lien direct) |
Une variante ELF dans le monde du ransomware CL0P montre que le gang regarde au-delà des cibles Windows traditionnelles.
An in-the-wild ELF variant of Cl0p ransomware shows the gang is looking beyond traditional Windows targets. |
Ransomware | ★★★ | |
 |
2023-02-07 10:05:05 | UK second most targeted nation behind America for Ransomware (lien direct) | After closely monitoring the most active ransomware groups in 2022, the KrakenLabs team at Outpost24 are sharing their latest report that delves deep into the significant ransomware trends, threat groups, victim profiles, and motives behind these attacks from the past year. In total, the researchers identified 2,363 disclosed victims by various ransomware groups on Data Leak […] | Ransomware Threat | ★★★ | |
 |
2023-02-07 09:44:00 | LockBit cartel finally claims Royal Mail ransomware attack (lien direct) | Pas de details / No more details | Ransomware | ★★ | |
 |
2023-02-07 06:00:00 | Clop ransomware flaw allowed Linux victims to recover files for months (lien direct) | The Clop ransomware gang is now also using a malware variant that explicitly targets Linux servers, but a flaw in the encryption scheme has allowed victims to quietly recover their files for free for months. [...] | Ransomware Malware | ★★★ | |
 |
2023-02-07 01:28:00 | MKS Instruments falls victim to ransomware attack (lien direct) | Semiconductor equipment maker MKS Instruments is investigating a ransomware event that occurred on February 3 and impacted its production-related systems, the company said in a filing with the US Security and Exchange Commission.MKS Instruments is an Andover, Massachusetts-based provider of subsystems for semiconductor manufacturing, wafer level packaging, package substrate and printed circuit boards.An email sent to MKS Instruments seeking more information about the attack remained unanswered, while the company's website continued to be inaccessible at the time of writing, with a error notification that read, “Unfortunately, www.mks.com is experiencing an unscheduled outage. Please check back again at a later time.” To read this article in full, please click here | Ransomware | ★★★ | |
 |
2023-02-06 22:11:00 | Global Ransomware Attack on VMware EXSi Hypervisors Continues to Spread (lien direct) | The fresh "ESXiArgs" malware is exploiting a 2-year-old RCE security vulnerability (tracked as CVE-2021-21974), resulting in thousands of unpatched servers falling prey to the campaign. | Ransomware Malware Vulnerability | ★★ | |
 |
2023-02-06 16:00:00 | Major Florida Hospital Shuts Down Networks, Ransomware Attack Suspected (lien direct) | The Tallahassee Memorial HealthCare hospital is following protocols for system downtime | Ransomware | ★★ | |
|
2023-02-06 14:41:13 | Une campagne massive de ransomware cible les serveurs VMware ESXi (lien direct) | Une campagne massive de ransomware automatisé cible les hyperviseurs VMware ESXi dans le monde entier, prévient le CERT-FR. Vous trouverez ci-dessous l'expertise de Stefan van der Wal, Consulting Solutions Engineer, EMEA chez Barracuda Networks : - Malwares | Ransomware | ★★ | |
|
2023-02-06 14:28:11 | \'Massive\' new ESXiArgs ransomware campaign has compromised thousands of victims (lien direct) |  Thousands of servers running an unpatched version of VMware's ESXi product are vulnerable to ransomware, researchers say |
Ransomware | ★★ | |
 |
2023-02-06 14:26:54 | Massive Ransomware attack Targets VMware ESXi Servers (lien direct) | >VMware servers around the world suffer an extensive targeted ransomware attack, largest non-windows ransomware cyberattack on record. Here's what you need to know and do What happened? French Computer Emergency Response Team and Italy's national cybersecurity authority (ACN) officially warned organizations worldwide against a ransomware attack targeting thousands of VMware ESXI servers, exploiting a known… | Ransomware | ★★ | |
|
2023-02-06 13:34:30 | VMware ESXi ciblé par des attaques par ransomware : proposition expert cyber sécurité (lien direct) | Pour donner suite à l'alerte I-CERT portant sur l'attaque de ransomware en cours touchant les serveurs VMWare ESXi 6.0, 6.5, 6.7 et 7.0 [1][2] exposés sur Internet [3], Mickael WALTER, Analyste Sécurité au CERT d'I-TRACING constate que " les vulnérabilités exploitées sont anciennes et ne touchent pas les versions récentes d'ESXi. - Malwares | Ransomware | ★★ | |
 |
2023-02-06 12:00:00 | DarkSide Ransomware With Self-Propagating Feature in AD Environments (lien direct) | In order to evade analysis and sandbox detection, DarkSide ransomware only operates when the loader and data file are both present. The loader with the name “msupdate64.exe” reads the “config.ini” data file within the same path that contains the encoded ransomware and runs the ransomware on the memory area of a normal process. The ransomware is structured to only operate when a specific argument matches. It will then register itself to the task scheduler and run itself periodically. The following... | Ransomware | ★★★ | |
 |
2023-02-06 10:44:00 | Massive ransomware attack targets VMware ESXi servers worldwide (lien direct) | Cybersecurity agencies globally, including in Italy, France, the US and Singapore have issued alerts about a ransomware attack targeting the VMware ESXi hypervisor.Aourva | Ransomware | ★★ | |
|
2023-02-06 10:30:00 | Many VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability (lien direct) | >Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021. | Ransomware Vulnerability | ★★ | |
|
2023-02-06 10:10:00 | Legacy VMware Bug Exploited in Global Ransomware Campaign (lien direct) | Vendor's ESXi hypervisors are being targeted | Ransomware | ★★ | |
|
2023-02-06 10:04:53 | Comment: widespread ransomware attack on vulnerable VMware ESXi installations (lien direct) | In response to the following news of a widespread ransomware attack on vulnerable VMware ESXi installations¬¬, we have a comment from Stefan van der Wal, Consulting Solutions Engineer, EMEA, Application Security, Barracuda Networks commented: - Malware Update | Ransomware | ★ | |
 |
2023-02-06 09:21:43 | Un " ransomware ESXi " sévit en France : les choses à savoir (lien direct) | Depuis quelques jours, un ransomware prend d'assaut les serveurs ESXi, y compris en France. Comment éviter l'impact ? | Ransomware | ★★ | |
 |
2023-02-06 09:04:22 | A BOLDMOVE by the Chinese Hackers: Exploiting Fortinet Systems (lien direct) | >By Nilaa MaharjanContentsKey FindingsWhich Products and Versions are Affected?Making a BOLD statementBoldly going where no malware has gone beforeDetecting BOLDMOVE using LogpointInvestigation and response with LogpointRemediation and mitigation best practicesFinal ThoughtsTL;DRFortinet disclosed a zero-day vulnerability in its FortiOS SSL-VPN products in December 2022, which was discovered to have been exploited by ransomware gangs.The vulnerability, a [...] | Ransomware Malware Vulnerability | ★★ | |
|
2023-02-06 02:00:00 | Will your incident response team fight or freeze when a cyberattack hits? (lien direct) | If there's an intrusion or a ransomware attack on your company, will your security team come out swinging, ready for a real fight? CISOs may feel their staff is always primed with the technical expertise and training they need, but there's still a chance they might freeze up when the pressure is on, says Bec McKeown, director of human science at cybersecurity training platform Immersive Labs.“You may have a crisis playbook and crisis policies and you may assume those are the first things you'll reach for during an incident. But that's not always the case, because the way your brain works isn't just fight or flight. It's fight, flight, or freeze,” she says. “I've heard people say, 'We knew how to respond to a crisis, but we didn't know what to do when it actually happened.'”To read this article in full, please click here | Ransomware | ★★ | |
|
2023-02-05 10:15:32 | Linux version of Royal Ransomware targets VMware ESXi servers (lien direct) | Royal Ransomware is the latest ransomware operation to add support for encrypting Linux devices to its most recent malware variants, specifically targeting VMware ESXi virtual machines. [...] | Ransomware Malware | ★★ | |
 |
2023-02-04 16:17:10 | ESXiArgs Ransomware Attack Targets VMware Servers Worldwide (lien direct) | The vulnerability, tracked as CVE-2021-21974, is caused by a stack overflow issue in the OpenSLP... | Ransomware | ★★★★ | |
|
2023-02-04 11:00:00 | New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers (lien direct) | VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team (CERT) of France said in an advisory on Friday. VMware, in its own alert released at the time, described the issue as an | Ransomware | ★★★ | |
|
2023-02-03 14:20:48 | Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide (lien direct) | Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware. [...] | Ransomware Vulnerability | ★★★ | |
|
2023-02-03 08:30:00 | LockBit gang confirms Ion cyber attack as disruption continues (lien direct) | Pas de details / No more details | Ransomware | ★★★ | |
 |
2023-02-03 07:30:10 | LockBit claims responsibility for ION ransomware attack but US/UK hounds are sniffing (lien direct) | Crims put a February 4 deadline for software provider to pay up UK regulators are investigating a cyberattack against financial technology firm ION, while the LockBit ransomware gang has threatened to publish the stolen data on February 4 if the software provider doesn't pay up.… | Ransomware | ★★ | |
|
2023-02-02 20:53:00 | Cyberattack on Fintech Firm Disrupts Derivatives Trading Globally (lien direct) | The Russia-linked LockBit ransomware group claims to be behind the attack that fouled automated transactions for dozens of clients of financial technology firm ION Group. | Ransomware | ★★★ | |
|
2023-02-02 15:54:42 | QNAP warns of new bug prompting worries of potential Deadbolt ransomware exploitation (lien direct) |  QNAP is warning customers to update their devices after a vulnerability was discovered making thousands of devices susceptible to attack |
Ransomware Vulnerability | ★★ | |
|
2023-02-02 15:02:26 | Ransomware attack halts London trading (lien direct) | Ion Markets, a financial data group crucial to the financial plumbing underlying the derivatives trading industry, has fallen prey to the cybercrime group Lockbit. The company has revealed that 42 clients have been affected by the attack, which has caused major disruption in its cleared derivatives division. Reports suggest that some clients have been unable […] | Ransomware | ★★★ | |
|
2023-02-02 13:57:35 | Ransomware gang attempts to extort UK school by posting files about at-risk children (lien direct) |  The Vice Society group apparently posted files that included safeguarding reports, which record information about at-risk students |
Ransomware | ★★ | |
|
2023-02-02 12:00:00 | Cyber Insights 2023: Ransomware (lien direct) | >The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions. | Ransomware | ★★ | |
 |
2023-02-02 11:39:52 | Ransomware Gang Stole Customer Data, Arnold Clark Confirms (lien direct) | >Our CEO Brian Honan speaks to Data Breach Today at Information Security Media Group (ISMG) about the Arnold Clark Ransomware attack. Read More > | Ransomware Data Breach | ★ | |
 |
2023-02-02 10:02:17 | City Of London Traders Hit By Russia-Linked Cyberattack (lien direct) | Following an attack on a firm that is crucial to the British financial system by a ransomware group with Russian ties, trading in the City of London has fallen into disarray. A top official in the US Treasury Department said on Wednesday that the hack on a UK-based software company that disrupted some futures trading […] | Ransomware Hack | ★★ | |
|
2023-02-02 09:31:06 | Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk (lien direct) | With the proliferation of cyber attacks in all industries, organizations are beginning to grasp the growing significance of cyber risk and how this is an integral part of protecting and maintaining an efficient business. Ransomware is the single biggest cyber threat to global businesses; in fact, during the first half of 2022 alone, there were […] | Ransomware Threat | ★★ | |
|
2023-02-02 09:30:00 | City of London on High Alert After Ransomware Attack (lien direct) | Critical trading software firm Ion is compromised | Ransomware | ★ | |
 |
2023-02-02 09:24:00 | (Déjà vu) Ransomware Roundup – Trigona Ransomware (lien direct) | In this week's Ransomware Roundup, FortiGuardLabs covers Trigona ransomware along with protection recommendations. Read the blog to find out more. | Ransomware | ★★ | |
|
2023-02-02 09:13:26 | Ransomware attack on ION Group impacts derivatives trading market (lien direct) | The LockBit ransomware gang has claimed responsibility for the cyberattack on ION Group, a UK-based software company whose products are used by financial institutions, banks, and corporations for trading, investment management, and market analytics. [...] | Ransomware | ★★ | |
|
2023-02-02 09:00:00 | Lazarus Group Rises Again, to Gather Intelligence on Energy, Healthcare Firms (lien direct) | An OpSec slip from the North Korean threat group helps researchers attribute what was first suspected as a ransomware attack to nation-state espionage. | Ransomware Threat | APT 38 | ★★ |
|
2023-02-02 06:55:00 | Suspected LockBit ransomware attack causes havoc in City of London (lien direct) | Pas de details / No more details | Ransomware | ★ | |
|
2023-02-02 06:15:00 | Arnold Clark customer data was stolen in Play ransomware attack (lien direct) | Pas de details / No more details | Ransomware | ★ | |
|
2023-02-02 01:00:00 | APT groups use ransomware TTPs as cover for intelligence gathering and sabotage (lien direct) | State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea's Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns.At the same time, some Chinese APTs that were traditionally targeting entities in Asia shifted their focus to European companies, while Iran-based groups that traditionally targeted Israeli companies started going after their foreign subsidiaries. At least one North Korean group that was focused on South Korea and Russia has started using English in its operations. All these operational changes suggest organizations and companies from Western countries are at increased risk from APT activity.To read this article in full, please click here | Ransomware Threat Medical | APT 38 | ★★ |
|
2023-02-02 00:02:43 | (Déjà vu) ASEC Weekly Malware Statistics (January 23rd, 2023 – January 29th, 2023) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 23rd, 2023 (Monday) to January 29th, 2023 (Sunday). For the main category, downloader ranked top with 44.2%, followed by Infostealer with 34.3%, backdoor with 18.5%, ransomware with 2.6%, and CoinMiner with 0.4%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 24.0%. The malware is distributed via malware disguised... | Ransomware Malware | ★★ | |
|
2023-02-01 18:46:19 | \'Global markets\' impacted by ransomware attack on financial software company (lien direct) |  A ransomware attack on Dublin-based software company ION Group has impacted the trading of financial derivatives on international markets. ION Group describes itself as enabling “financial institutions, central banks and corporations to digitize and automate their most business critical processes.” A pop-up notice on its site on Wednesday warned that “a cybersecurity event” that struck [… |
Ransomware | ★★★ | |
|
2023-02-01 18:00:00 | Ransomware Attack Forces Closure of Nantucket Schools (lien direct) | The district's superintendent Elizabeth Hallett announced the decision in an email to parents | Ransomware | ★★★ |
To see everything:
