What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-11-28 08:25:04 | RansomBoggs Ransomware hit several Ukrainian entities, experts attribute it to Russia (lien direct) | >Several Ukrainian organizations were hit by Russia-based RansomBoggs Ransomware in the last week, ESET reports. Researchers from ESET observed multiple attacks involving a new family of ransomware, tracked as RansomBoggs ransomware, against Ukrainian organizations. The security firm first detected the attacks on November 21 and immediately alerted the CERT US. The ransomware is written in […] | Ransomware | ★★ | |
|
2022-11-24 21:19:37 | RansomExx Ransomware upgrades to Rust programming language (lien direct) | >RansomExx ransomware is the last ransomware in order of time to have a version totally written in the Rust programming language. The operators of the RansomExx ransomware (aka Defray777 and Ransom X) have developed a new variant of their malware, tracked as RansomExx2, that was ported into the Rust programming language. The move follows the […] | Ransomware | ||
|
2022-11-24 09:59:26 | An aggressive malware campaign targets US-based companies with Qakbot to deliver Black Basta Ransomware (lien direct) | >Researchers warn of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US. Experts at the Cybereason Global SOC (GSOC) team have observed a surge in Qakbot infections as part of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US. In the last two […] | Ransomware Malware Guideline | ||
|
2022-11-21 08:31:12 | Octocrypt, Alice, and AXLocker Ransomware, new threats in the wild (lien direct) | >Experts from Cyble Research and Intelligence Labs (CRIL) discovered three new ransomware families: AXLocker, Octocrypt, and Alice Ransomware. Threat intelligence firm Cyble announced the discovery of three new ransomware families named AXLocker, Octocrypt, and Alice Ransomware. The AXLocker ransomware encrypts victims’ files and steals Discord tokens from the infected machine. The analysis of the code […] | Ransomware Threat | ||
|
2022-11-20 19:39:40 | PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online (lien direct) | >Proof-of-concept exploit code for two actively exploited Microsoft Exchange ProxyNotShell flaws released online. Proof-of-concept exploit code has been released online for two actively exploited vulnerabilities in Microsoft Exchange, known as ProxyNotShell. The two flaws are: they impact Exchange Server 2013, 2016, and 2019, an authenticated attacker can trigger them to elevate privileges to run PowerShell […] | Ransomware | ★★★★ | |
|
2022-11-19 19:27:12 | DEV-0569 group uses Google Ads to distribute Royal Ransomware (lien direct) | >Microsoft warns that a threat actor, tracked as DEV-0569, is using Google Ads to distribute the recently discovered Royal ransomware. Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569, is using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The DEV-0569 group carries out […] | Ransomware Threat | ||
|
2022-11-18 11:30:22 | Hive Ransomware extorted over $100M in ransom payments from over 1,300 companies (lien direct) | >Hive ransomware operators have extorted over $100 million in ransom payments from over 1,300 companies worldwide as of November 2022. The threat actors behind the Hive ransomware-as-a-service (RaaS) have extorted $100 million in ransom payments from over 1,300 companies worldwide as of November 2022, reported the U.S. cybersecurity and intelligence authorities. “As of November 2022, […] | Ransomware Threat | ||
|
2022-11-17 22:25:09 | Two public schools in Michigan hit by a ransomware attack (lien direct) | >Public schools in two Michigan counties were forced to halt their activities, including the lessons, after a ransomware attack. Public schools in Jackson and Hillsdale counties, Michigan, reopen after a closure of two days caused by a ransomware attack that hit its systems. The public schools started experiencing a systems outage affecting critical operating […] | Ransomware | ||
|
2022-11-14 09:18:41 | CERT-UA warns of multiple Somnia ransomware attacks against organizations in Ukraine (lien direct) | >Russian threat actors employed a new ransomware family called Somnia in attacks against multiple organizations in Ukraine. The Government Computer Emergency Response Team of Ukraine CERT-UA is investigating multiple attacks against organizations in Ukraine that involved a new piece of ransomware called Somnia. Government experts attribute the attacks to the group ‘From Russia with Love’ […] | Ransomware Threat | ||
|
2022-11-14 09:12:55 | Have board directors any liability for a cyberattack against their company? (lien direct) | >Are the directors of a company hit by a cyberattack liable for negligence in failing to take steps to limit the risk. As the risk of a cyberattack grows, it is pivotal to consider whether the directors of a company hit by a ransomware attack, for example, can bear any liability for negligence in failing […] | Ransomware | ||
|
2022-11-13 09:40:52 | (Déjà vu) Lockbit gang leaked data stolen from global high-tech giant Thales (lien direct) | >The Lockbit 3.0 ransomware gang started leaking the information allegedly stolen from the global high-tech company Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations – big data, artificial intelligence, connectivity, cybersecurity and quantum – to build a future of trust, essential […] | Ransomware Guideline | ||
|
2022-11-12 11:35:10 | Canadian supermarket chain giant Sobeys suffered a ransomware attack (lien direct) | >Sobeys, the second-largest supermarket chain in Canada, was he victim of a ransomware attack conducted by the Black Basta gang. Sobeys Inc. is the second largest supermarket chain in Canada, the company operates over 1,500 stores operating across Canada under a variety of banners. It is a wholly-owned subsidiary of Empire Company Limited, a Canadian business conglomerate. During […] | Ransomware | ||
|
2022-11-11 11:54:05 | Man charged for role in LockBit ransomware operation (lien direct) | >The U.S. DoJ charged a Russian-Canadian national for his alleged role in LockBit ransomware attacks against organizations worldwide. The U.S. Department of Justice (DoJ) charged Mikhail Vasiliev, a dual Russian and Canadian national, for his alleged participation in the LockBit ransomware operation. According to the press release published by DoJ, the man is currently in custody in […] | Ransomware | ||
|
2022-11-11 08:28:28 | Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine (lien direct) | >Microsoft linked Prestige ransomware attacks against organizations in Ukraine and Poland to Russia-linked threat actors. In Mid-October, Microsoft Threat Intelligence Center (MSTIC) researchers uncovered previously undetected ransomware, tracked as Prestige ransomware, employed in attacks targeting organizations in the transportation and related logistics industries in Ukraine and Poland. The Prestige ransomware first appeared in the threat […] | Ransomware Threat | ||
|
2022-11-09 13:31:43 | Experts observed Amadey malware deploying LockBit 3.0 Ransomware (lien direct) | >Experts noticed that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems. Researchers from AhnLab Security Emergency Response Center (ASEC) reported that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows […] | Ransomware Malware | ||
|
2022-11-08 09:45:36 | Medibank confirms ransomware attack impacting 9.7M customers, but doesn\'t pay the ransom (lien direct) | Australian health insurer Medibank confirmed that personal data belonging to around 9.7 million current and former customers were exposed as a result of a ransomware attack. Medibank announced that personal data belonging to around 9.7M of current and former customers were exposed as a result of a recent ransomware attack. Medibank is one of the […] | Ransomware | ||
|
2022-11-06 17:17:54 | LockBit 3.0 gang claims to have stolen data from Kearney & Company (lien direct) | The ransomware group LockBit claimed to have stolen data from consulting and IT services provider Kearney & Company. Kearney is the premier CPA firm that services across the financial management spectrum to government entities. The company provides audit, consulting and IT services to the United States government. It has helped the Federal Government improve its […] | Ransomware | ||
|
2022-11-03 21:29:12 | LockBit ransomware gang claims the hack of Continental automotive group (lien direct) | >The LockBit ransomware group claimed to have hacked the multinational automotive group Continental and threatens to leak stolen data. LockBit ransomware gang announced to have hacked the German multinational automotive parts manufacturing company Continental. The group added the name of the company to its Tor leak site and is threatening to publish alleged stolen data if the […] | Ransomware Hack | ||
|
2022-11-03 12:34:23 | Experts link the Black Basta ransomware operation to FIN7 cybercrime gang (lien direct) | >Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. Security researchers at Sentinel Labs shared details about Black Basta‘s TTPs and assess it is highly likely the ransomware operation has ties with FIN7. The experts analyzed tools used by the ransomware gang in attacks, some of […] | Ransomware | ||
|
2022-11-01 17:33:53 | LockBit 3.0 gang claims to have stolen data from Thales (lien direct) | >The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations – big data, artificial intelligence, connectivity, cybersecurity and quantum – to build a future of trust, […] | Ransomware Guideline | ||
|
2022-11-01 11:32:51 | Ransomware activity and network access sales in Q3 2022 (lien direct) | >Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M. Research published by threat intelligence firm KELA related to ransomware activity in Q3 reveals a stable activity in the sector of initial access sales, but experts observed a rise in the value of the offerings. […] | Ransomware Threat | ||
|
2022-10-31 14:37:01 | Wannacry, the hybrid malware that brought the world to its knees (lien direct) | >Reflecting on the Wannacry ransomware attack, which is the lesson learnt e why most organizations are still ignoring it. In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding […] | Ransomware Malware | Wannacry Wannacry | ★★ |
|
2022-10-27 21:05:48 | Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs (lien direct) | >DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm. Microsoft has discovered recent activity that links the Raspberry Robin worm to human-operated ransomware attacks. Data collected by Microsoft Defender for Endpoint shows that nearly 3,000 devices in almost 1,000 organizations have seen at least one RaspberryRobin […] | Ransomware | ||
|
2022-10-25 11:44:24 | Hive ransomware gang starts leaking data allegedly stolen from Tata Power (lien direct) | >The Hive ransomware gang, which claimed the responsibility for the Tata Power data breach, started leaking data. On October 14, Tata Power, India's largest power generation company, announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company. The company confirmed that the security breach impacted “some of […] | Ransomware Threat | ||
|
2022-10-24 18:35:15 | Cuba ransomware affiliate targets Ukraine, CERT-UA warns (lien direct) | >The Ukraine Computer Emergency Response Team (CERT-UA) warns of Cuba Ransomware attacks against critical networks in the country. The Ukraine Computer Emergency Response Team (CERT-UA) warns of potential Cuba Ransomware attacks against local critical infrastructure. On October 21, 2022, the Ukraine CERT-UA uncovered a phishing campaign impersonating the Press Service of the General Staff of […] | Ransomware | ||
|
2022-10-19 13:07:36 | The missed link between Ransom Cartel and REvil ransomware gangs (lien direct) | >Researchers at Palo Alto Network’s Unit 42 linked the Ransom Cartel ransomware operation to the REvil ransomware operations. Researchers at Palo Alto Network’s Unit 42 have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil cybercrime gang. The REvil group was one of the most active ransomware gangs in the first half […] | Ransomware | ||
|
2022-10-16 23:22:16 | Mysterious Prestige ransomware targets organizations in Ukraine and Poland (lien direct) | >Microsoft warns that new Prestige ransomware is targeting transportation and logistics organizations in Ukraine and Poland. Microsoft reported that new Prestige ransomware is being used in attacks aimed at transportation and logistics organizations in Ukraine and Poland. The Prestige ransomware first appeared in the threat landscape on October 11 in attacks occurring within an hour […] | Ransomware Threat | ||
|
2022-10-12 05:54:56 | LockBit affiliates compromise Microsoft Exchange servers to deploy ransomware (lien direct) | >Lockbit ransomware affiliates are compromising Microsoft Exchange servers to deploy their ransomware, experts warn. South-Korean cybersecurity firm AhnLab reported that Lockbit ransomware affiliates are distributing their malware via compromised Microsoft Exchange servers. In July 2022, two servers operated by a customer of the security firm were infected with LockBit 3.0 ransomware. Threat actors initially deployed […] | Ransomware Malware Threat | ||
|
2022-10-10 04:53:55 | Harvard Business Publishing licensee hit by ransomware (lien direct) | >Threat actors got to a database with over 152,000 customer records before its owner, the Turkish branch of Harvard Business Review, closed it. Crooks left a ransom note, threatening to leak the data and inform authorities of the EU's General Data Protection Regulation (GDPR) violations. Original Post published on CyberNews A recent discovery by the […] | Ransomware | ||
|
2022-10-09 17:08:08 | Everest gang demands $200K for data stolen from South Africa state-owned electricity company ESKOM (lien direct) | >Everest ransomware operators claimed to have hacked South Africa state-owned company ESKOM Hld SOC Ltd. In March 2022, the Everest ransomware operators published a notice announcing the sale of “South Africa Electricity company’s root access” for $125,000. Eskom transforms inputs from the natural environment – coal, nuclear, fuel, diesel, water, and wind – into more […] | Ransomware | ||
|
2022-10-09 12:23:22 | CommonSpirit hospital chains hit by ransomware, patients are facing problems (lien direct) | >CommonSpirit, one of the largest hospital chains in the US, suffered a ransomware cyberattack that impacted its operations. Common Spirit, one of the largest hospital chains in the US, this week suffered a ransomware cyberattack that caused severe inconvenience to the facilities and to patients The alleged security breach led to delayed surgeries, hold-ups in […] | Ransomware | ★★ | |
|
2022-10-08 16:23:28 | BlackByte Ransomware abuses vulnerable driver to bypass security solutions (lien direct) | >The BlackByte ransomware operators are leveraging a flaw in a legitimate Windows driver to bypass security solutions. Researchers from Sophos warn that BlackByte ransomware operators are using a bring your own vulnerable driver (BYOVD) attack to bypass security products. In BYOVD attacks, threat actors abuse vulnerabilities in legitimate, signed drivers, on which security products rely, […] | Ransomware Threat | ||
|
2022-10-05 22:19:55 | Avast releases a free decryptor for some Hades ransomware variants (lien direct) | >Avast released a free decryptor for variants of the Hades ransomware tracked as ‘MafiaWare666’, ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ . Avast has released a decryptor for variants of the Hades ransomware known as ‘MafiaWare666’, ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ which can allow the victims of these ransomware strains to recover their files without paying the […] | Ransomware | ||
|
2022-10-04 07:05:05 | Linux Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group (lien direct) | >Researchers link recently discovered Linux ransomware Cheerscrypt to the China-linked cyberespionage group DEV-0401. Researchers at cybersecurity firm Sygnia attributed the recently discovered Linux ransomware Cheerscrypt to the China-linked cyber espionage group Bronze Starlight (aka DEV-0401, APT10) Bronze Starlight, has been active since mid-2021, in June researchers from Secureworks reported that the APT group is deploying […] | Ransomware | APT 10 | |
|
2022-10-02 15:58:56 | BlackCat ransomware gang claims to have hacked US defense contractor NJVC (lien direct) | >Another US defense contractor suffered a data breach, the BlackCat ransomware gang claims to have hacked NJVC. The ALPHV/BlackCat ransomware gang claims to have breached the IT firm NJVC, which supports the federal government and the United States Department of Defense. The company supports intelligence, defense, and geospatial organizations. The company has more than 1,200 employees in locations worldwide. BlackCat added NJVC to […] | Ransomware | ||
|
2022-09-28 10:35:45 | Bl00dy ransomware gang started using leaked LockBit 3.0 builder in attacks (lien direct) | >The recently born Bl00Dy Ransomware gang has started using the recently leaked LockBit ransomware builder in attacks in the wild. The Bl00Dy Ransomware gang is the first group that started using the recently leaked LockBit ransomware builder in attacks in the wild. Last week, an alleged disgruntled developer leaked the builder for the latest encryptor […] | Ransomware | ||
|
2022-09-27 15:37:51 | Defense firm Elbit Systems of America discloses data breach (lien direct) | >Elbit Systems of America, a subsidiary of defense giant Elbit Systems, disclosed a data breach after Black Basta ransomware gang claimed to have hacked it. In late June, the Black Basta ransomware gang claimed to have hacked Elbit Systems of America, the extortion group added the name of the company to its Tor leak site. […] | Ransomware Data Breach | ||
|
2022-09-22 05:19:24 | A disgruntled developer is the alleged source of the leak of the Lockbit 3.0 builder (lien direct) | >A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang. The leak of the builder for the latest encryptor of the LockBit ransomware gang made the headlines, it seems that the person who published it is a disgruntled developer. The latest version of […] | Ransomware | ||
|
2022-09-16 20:02:03 | Bitdefender releases Universal LockerGoga ransomware decryptor (lien direct) | >Bitdefender has released a free decryptor to allow the victims of the LockerGoga ransomware to recover their files without paying a ransom. The cybersecurity firm Bitdefender has released a free decryptor to allow LockerGoga ransomware victims to recover their encrypted files without paying a ransom. “We're pleased to announce the availability of a new decryptor […] | Ransomware | ||
|
2022-09-12 08:57:15 | (Déjà vu) Cisco confirms that data leaked by the Yanluowang ransomware gang were stolen from its systems (lien direct) | >Cisco confirmed the May attack and that the data leaked by the Yanluowang ransomware group was stolen from its systems. In August, Cisco disclosed a security breach, the Yanluowang ransomware gang breached its corporate network in late May and stole internal data. The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed […] | Ransomware | ||
|
2022-09-09 08:57:47 | Iran-linked DEV-0270 group abuses BitLocker to encrypt victims\' devices (lien direct) | Iran-linked APT group DEV-0270 (aka Nemesis Kitten) is abusing the BitLocker Windows feature to encrypt victims’ devices. Microsoft Security Threat Intelligence researchers reported that Iran-linked APT group DEV-0270 (Nemesis Kitten) has been abusing the BitLocker Windows feature to encrypt victims’ devices. The researchers tracked multiple ransomware attacks conducted by the DEV-0270 group, which is a […] | Ransomware Threat | ||
|
2022-09-08 09:10:20 | Ex-members of the Conti ransomware gang target Ukraine (lien direct) | >Some members of the Conti ransomware gang were involved in financially motivated attacks targeting Ukraine from April to August 2022. Researchers from Google’s Threat Analysis Group (TAG) reported that some former members of the Conti cybercrime group were involved in five different campaigns targeting Ukraine between April and August 2022. The activities overlap with operations […] | Ransomware Threat | ||
|
2022-09-06 18:33:30 | The Los Angeles Unified School District hit by a ransomware attack (lien direct) | >One of the US largest School districts, the Los Angeles Unified School District, suffered a ransomware attack during the weekend. The Los Angeles Unified School District is one of the largest school distinct in the US, it was hit by a ransomware attack during the Labor Day weekend. The security breach took place a few […] | Ransomware | ||
|
2022-09-05 20:43:48 | QNAP warns new Deadbolt ransomware attacks exploiting zero-day (lien direct) | >QNAP warns customers of ongoing DeadBolt ransomware attacks that are exploiting a zero-day vulnerability in Photo Station. QNAP warns customers of an ongoing wave of DeadBolt ransomware attacks, threat actors are exploiting a zero-day vulnerability in Photo Station. The attacks started on Saturday meantime the Taiwanese vendor has addressed the vulnerability. “QNAP Systems, Inc. today […] | Ransomware Vulnerability Threat | ||
|
2022-09-05 11:44:19 | Windows Defender identified Chromium, Electron apps as Hive Ransomware (lien direct) | >Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify the app based on the Chromium browser engine or the Electron JavaScript framework as malware. Multiple users reported […] | Ransomware Malware | ||
|
2022-09-02 13:26:40 | Another Ransomware For Linux Likely In Development (lien direct) | >Uptycs researchers recently spotted a new Linux ransomware that appears to be under active development. The Uptycs Threat Research team recently observed an Executable and Linkable Format (ELF) ransomware which encrypts the files inside Linux systems based on the given folder path. We observed that the dropped README note matches exactly with the DarkAngels ransomware […] | Ransomware Threat | ||
|
2022-09-01 15:27:41 | Ragnar Locker ransomware gang claims to have stolen data from TAP Air Portugal (lien direct) | >The Ragnar Locker ransomware gang claims to have hacked the Portuguese state-owned flag carrier airline TAP Air Portugal and stolen customers’ data. The Ragnar Locker ransomware added the Portuguese state-owned flag carrier airline TAP Air Portugal to its leak site and claims to have stolen customers’ data. On August 26, the Portugues company announced via […] | Ransomware | ||
|
2022-08-30 09:47:59 | World\'s largest distributors of books Baker & Taylor hit by ransomware (lien direct) | Baker & Taylor, one of the world’s largest distributors of books, revealed that it was hit by a ransomware attack. Baker & Taylor, one of the world’s largest distributors of books worldwide, suffered a ransomware attack on August 23. The incident impacted the company’s phone systems, offices, and service centers. On August 24, the company […] | Ransomware | ||
|
2022-08-28 05:06:36 | New Agenda Ransomware appears in the threat landscape (lien direct) | >Trend Micro researchers warn of a new ransomware family called Agenda, which has been used in attacks on organizations in Asia and Africa. Trend Micro researchers recently discovered a new piece of targeted ransomware, tracked as Agenda, that was written in the Go programming language. The ransomware was employed in a targeted attack against one of […] | Ransomware Threat | ★★★ | |
|
2022-08-24 07:01:06 | France hospital Center Hospitalier Sud Francilien suffered ransomware attack (lien direct) | >A French hospital, the Center Hospitalier Sud Francilien (CHSF), suffered a cyberattack on Sunday and was forced to refer patients to other structures. The Center Hospitalier Sud Francilien (CHSF), a hospital southeast of Paris, has suffered a ransomware attack over the weekend. The attack disrupted the emergency services and surgeries and forced the hospital to refer patients […] | Ransomware |
To see everything:
Our RSS (filtrered)
