What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-23 00:02:06 | Lockbit leak sites hit by mysterious DDoS attack after Entrust hack (lien direct) | >LockBit ransomware gang claims to have hacked the IT giant Entrust and started leaking the stolen files. Entrust Corp., provides software and hardware used to issue financial cards, e-passport production, user authentication for those looking to access secure networks or conduct financial transactions, trust certificated for websites, mobile credentials, and connected devices. The Lockbit ransomware […] | Ransomware Hack | ||
|
2022-08-18 15:24:11 | BlackByte ransomware v2 is out with new extortion novelties (lien direct) | >A new version of the BlackByte ransomware appeared in the threat landscape, version 2.0 uses extortion techniques similar to LockBit ones. BlackByte ransomware Version 2.0 appeared in the threat landscape after a short break, the latest version has a new data leak site. It is interesting to note that the group introduced some novelties in the […] | Ransomware Threat | ★★ | |
|
2022-08-15 15:22:28 | SOVA Android malware now also encrypts victims\' files (lien direct) | Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The SOVA Android banking trojan was improved, it has a new ransomware feature that encrypts files on Android devices, Cleafy researchers report. The malware has been active since 2021 and evolves over time. The latest version of the […] | Ransomware Malware | ||
|
2022-08-14 06:52:55 | CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks (lien direct) | >The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are warning of Zeppelin ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory to warn of Zeppelin ransomware attacks. The Zeppelin ransomware first appeared on the threat landscape in November 2019 […] | Ransomware Threat | ||
|
2022-08-12 06:25:03 | BazarCall attacks have revolutionized ransomware operations (lien direct) | >The Conti ransomware gang is using BazarCall phishing attacks as an initial attack vector to access targeted networks. BazarCall attack, aka call back phishing, is an attack vector that utilizes targeted phishing methodology and was first used by the Ryuk ransomware gang in 2020/2021. The BazarCall attack chain is composed of the following stages: Stage […] | Ransomware | ||
|
2022-08-10 21:20:53 | Cisco was hacked by the Yanluowang ransomware gang (lien direct) | >Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. Cisco disclosed a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat […] | Ransomware Threat | ||
|
2022-08-09 17:04:09 | Experts linked Maui ransomware to North Korean Andariel APT (lien direct) | >Cybersecurity researchers from Kaspersky linked the Maui ransomware to the North Korea-backed Andariel APT group. Kaspersky linked with medium confidence the Maui ransomware operation to the North Korea-backed APT group Andariel, which is considered a division of the Lazarus APT Group, North Korean nation-state actors used Maui ransomware to encrypt servers providing healthcare services, including electronic […] | Ransomware | APT 38 | |
|
2022-08-07 12:24:54 | GwisinLocker ransomware exclusively targets South Korea (lien direct) | >Researchers spotted a new family of ransomware, named GwisinLocker, that encrypts Windows and Linux ESXi servers. Researchers warn of a new ransomware called GwisinLocker which is able to encrypt Windows and Linux ESXi servers. The ransomware targets South Korean healthcare, industrial, and pharmaceutical companies, its name comes from the name of the author ‘Gwisin’ (ghost […] | Ransomware | ||
|
2022-08-03 18:34:37 | Power semiconductor component manufacturer Semikron suffered a ransomware attack (lien direct) | >Semikron, a German-based independent manufacturer of power semiconductor components, suffered a ransomware cyberattck. Semikron is a German-based independent manufacturer of power semiconductor components, it employs more than 3,000 people in 24 subsidiaries worldwide, with production sites in Germany, Brazil, China, France, India, Italy, Slovakia and the USA. The company confirmed it has suffered a cyberattack conducted by a professional […] | Ransomware | ||
|
2022-08-01 18:26:37 | ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A. (lien direct) | >The ALPHV/BlackCat ransomware gang claims to have breached the European gas pipeline Creos Luxembourg S.A. The ALPHV/BlackCat ransomware gang claims to have hacked the European gas pipeline Creos Luxembourg S.A. Creos Luxembourg S.A. owns and manages electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg. In this capacity, the company plans, constructs […] | Ransomware | ||
|
2022-07-30 19:40:21 | Reading the “ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS” report (lien direct) | I’m proud to announce the release of the “ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS” report, Enjoy it! Ransomware has become one of the most dangerous threats for organizations worldwide. Cybercriminal organizations and ransomware gangs have devised new business models that are attracting a broad range of advanced threat actors. It is quite easy today for […] | Ransomware Threat | ||
|
2022-07-27 11:25:33 | The strange similarities between Lockbit 3.0 and Blackmatter ransomware (lien direct) | >Researchers found similarities between LockBit 3.0 ransomware and BlackMatter, which is a rebranded variant of the DarkSide ransomware. Cybersecurity researchers have found similarities between the latest version of the LockBit ransomware, LockBit 3.0, and the BlackMatter ransomware. The Lockbit 3.0 ransomware was released in June with important novelties such as a bug bounty program, Zcash payment, and new extortion […] | Ransomware | ★★★ | |
|
2022-07-25 11:01:11 | Lockbit ransomware gang claims to have breached the Italian Revenue Agency (lien direct) | >The ransomware group Lockbit claims to have stolen 78 GB of files from the Italian Revenue Agency (Agenzia delle Entrate). The ransomware gang Lockbit claims to have hacked the Italian Revenue Agency (Agenzia delle Entrate) and added the government agency to the list of victims reported on its dark web leak site. “The Revenue Agency, operational since 1 January […] | Ransomware | ||
|
2022-07-23 18:27:23 | FBI seized $500,000 worth of bitcoin obtained from Maui ransomware attacks (lien direct) | >The U.S. DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. The U.S. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. “The Justice Department today announced a complaint filed in […] | Ransomware Threat | ||
|
2022-07-20 20:16:43 | New Luna ransomware targets Windows, Linux and ESXi systems (lien direct) | >Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers from Kaspersky Lab detailed a new ransomware family named Luna, which is written in Rust and is able to target Windows, Linux, and ESXi systems. Luna ransomware is the third ransomware family that is written […] | Ransomware | ||
|
2022-07-18 07:23:20 | Graff paid a $7.5M ransom and sued its insurance firm for refusing to cover this payment (lien direct) | >The high-end British jeweler Graff paid a £6 million ransom after the ransomware attack it suffered in 2021. In September 2021, the Conti ransomware gang hit high society jeweler Graff and threatens to release private details of world leaders, actors and tycoons The customers of the company are the richest people on the globe, including […] | Ransomware Guideline | ||
|
2022-07-15 12:08:14 | Holy Ghost ransomware operation is linked to North Korea (lien direct) | >Microsoft researchers linked the Holy Ghost ransomware (H0lyGh0st) operation to North Korea-linked threat actors. The Microsoft Threat Intelligence Center (MSTIC) researchers linked the activity of the Holy Ghost ransomware (H0lyGh0st) operation to a North Korea-linked group they tracked as DEV-0530. The Holy Ghost ransomware gang has been active since June 2021 and it conducted ransomware […] | Ransomware Threat | ||
|
2022-07-15 07:26:04 | RedAlert, LILITH, and 0mega, 3 new ransomware in the wild (lien direct) | >Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence firm Cyble warn of new ransomware gangs that surfaced recently, named Lilith, RedAlert, and 0mega. RedAlert (aka N13V) targets both Windows and Linux VMWare ESXi servers of target organizations. The name RedAlert comes after a string […] | Ransomware Threat | ||
|
2022-07-11 09:27:27 | BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2,5M in Demands (lien direct) | >BlackCat (aka ALPHV) Ransomware gang introduced an advanced search by stolen victim's passwords, and confidential documents. The notorious cybercriminal syndicate BlackCat competes with Conti and Lockbit 3.0. They introduced an advanced search by stolen victim's passwords, and confidential documents leaked in the TOR network Resecurity (USA), a Los Angeles-based cybersecurity company protecting Fortune 500 companies, […] | Ransomware | ||
|
2022-07-11 07:50:42 | Experts warn of the new 0mega ransomware operation (lien direct) | >BleepingComputer reported a new ransomware operation named 0mega that is targeting organizations worldwide. 0mega is a new ransomware operation that is targeting organizations worldwide using a double-extortion model, BleepingComputer reported. The ransomware operation has been active at least since May 2022 and already claimed to have breached multiple organizations. Victims of the ransomware reported that […] | Ransomware | ||
|
2022-07-10 16:07:44 | French telephone operator La Poste Mobile suffered a ransomware attack (lien direct) | >French virtual mobile telephone operator La Poste Mobile was hit by a ransomware attack that impacted administrative and management services. The ransomware attack hit the virtual mobile telephone operator La Poste Mobile on July 4 and paralyzed administrative and management services. The company pointed out that threat actors may have accessed data of its customers, […] | Ransomware Threat | ||
|
2022-07-09 04:59:16 | Evolution of the LockBit Ransomware operation relies on new techniques (lien direct) | >Experts documented the evolution of the LockBit ransomware that leverages multiple techniques to infect targets and evade detection. The Cybereason Global Security Operations Center (GSOC) Team published the Cybereason Threat Analysis Reports that investigates the threat landscape and provides recommendations to mitigate their attacks. The researchers focused on the evolution of the Lockbit ransomware, they detailed two infections occurring […] | Ransomware Threat | ||
|
2022-07-08 14:04:16 | Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free (lien direct) | >Emsisoft has released a free decryption tool that allows victims of the AstraLocker and Yashma ransomware to recover their files without paying a ransom. Cybersecurity firm Emsisoft released a free decryptor tool that allows victims of the AstraLocker and Yashma ransomware to recover their files without paying a ransom. The security firm states that the […] | Ransomware Tool | ||
|
2022-07-08 10:25:18 | Russian Cybercrime Trickbot Group is systematically attacking Ukraine (lien direct) | >The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. IBM researchers collected evidence indicating that the Russia-based cybercriminal Trickbot group (aka Wizard Spider, DEV-0193, ITG23) has been systematically attacking Ukraine since the beginning of the Russian invasion of the country. Since February, the Conti ransomware […] | Ransomware Malware | ||
|
2022-07-08 07:23:07 | New Checkmate ransomware target QNAP NAS devices (lien direct) | >Taiwanese vendor QNAP wars of a new strain of ransomware, dubbed Checkmate, that is targeting its NAS devices. The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts […] | Ransomware Threat | ||
|
2022-07-07 13:49:58 | North Korea-linked APTs use Maui Ransomware to target the Healthcare industry (lien direct) | >US authorities have issued a joint advisory warning of North Korea-linked APTs using Maui ransomware in attacks against the Healthcare sector. The FBI, CISA, and the U.S. Treasury Department issued a joint advisory that warn of North-Korea-linked threat actors using Maui ransomware in attacks aimed at organizations in the Healthcare sector. “The Federal Bureau of […] | Ransomware Threat | ||
|
2022-07-06 09:38:38 | New Hive ransomware variant is written in Rust and use improved encryption method (lien direct) | >Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The operators of the Hive ransomware upgraded their malware by migrating the malware to the Rust language and implementing a more sophisticated encryption method, Microsoft researchers warn. “The upgrades in the latest variant are effectively […] | Ransomware Malware | ||
|
2022-07-05 07:44:27 | AstraLocker ransomware operators shut down their operations (lien direct) | >AstraLocker ransomware operators told BleepingComputer they’re shutting down their operations and are releasing decryptors. AstraLocker ransomware operators told BleepingComputer they’re shutting down the operation and provided decryptors to the VirusTotal malware analysis platform. AstraLocker is based on the source code of the Babuk Locker (Babyk) ransomware that was leaked online on June 2021. BleepingComputer tested the […] | Ransomware Malware | ||
|
2022-07-03 16:10:18 | Security Affairs newsletter Round 372 by Pierluigi Paganini (lien direct) | >A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. The role of Social Media in modern society – Social Media Day 22 interview Experts shared PoC exploit code for RCE in Zoho ManageEngine ADAudit Plus tool A ransomware attack […] | Ransomware Tool | ||
|
2022-07-02 05:03:39 | A ransomware attack forced publishing giant Macmillan to shuts down its systems (lien direct) | >A cyber attack forced the American publishing giant Macmillan to shut down its IT systems. The publishing giant Macmillan has been hit by a cyberattack that forced the company to shut down its IT infrastructure to prevent the threat from spreading within its network. The company spokesman Erin Coffey told different media outlets that attackers have encrypted […] | Ransomware Threat | ||
|
2022-06-30 23:00:44 | Korean cybersecurity agency released a free decryptor for Hive ransomware (lien direct) | >Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware, the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4. “The Korea Internet & Security Agency (KISA) is distributing […] | Ransomware | ||
|
2022-06-28 14:40:50 | LockBit 3.0 introduces important novelties, including a bug bounty program (lien direct) | >The LockBit ransomware operators released LockBit 3.0 with important novelties, including a bug bounty program and Zcash payments. The Lockbit ransomware operation has released LockBit 3.0, which has important noveòties such as a bug bounty program, Zcash payment, and new extortion tactics. The gang has been active since at least 2019 and today it is […] | Ransomware | ||
|
2022-06-26 13:40:00 | China-linked APT Bronze Starlight deploys ransomware as a smokescreen (lien direct) | >China-linked APT Bronze Starlight is deploying post-intrusion ransomware families as a diversionary action to its cyber espionage operations. Researchers from Secureworks reported that a China-linked APT group, tracked as Bronze Starlight (APT10), is deploying post-intrusion ransomware families to cover up the cyber espionage operations. The experts observed an activity cluster involving post-intrusion ransomware such as […] | Ransomware | APT 10 | |
|
2022-06-25 11:59:00 | Attackers exploited a zero-day in Mitel VOIP devices to compromise a network (lien direct) | >Experts warn threat actors have exploited a zero-day vulnerability in a Mitel VoIP appliance in a ransomware attack. CrowdStrike researchers recently investigated the compromise of a Mitel VOIP appliance as an entry point in a ransomware attack against the network of an organization. The attackers exploited a remote code execution zero-day vulnerability on the Mitel […] | Ransomware Vulnerability Threat | ||
|
2022-06-19 07:00:00 | Experts warn of a new eCh0raix ransomware campaign targeting QNAP NAS (lien direct) | >Experts warn of a new ech0raix ransomware campaign targeting QNAP Network Attached Storage (NAS) devices. Bleeping Computer and MalwareHunterTeam researchers, citing user reports and sample submissions on the ID Ransomware platform, warn of a new wave of ech0raix ransomware attacks targeting QNAP Network Attached Storage (NAS) devices. The ransomware, tracked by Intezer as “QNAPCrypt” and “eCh0raix” by Anomali, is […] | Ransomware | ||
|
2022-06-16 21:53:40 | BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers (lien direct) | >The BlackCat ransomware gang is targeting unpatched Exchange servers to compromise target networks, Microsoft warns. Microsoft researchers have observed BlackCat ransomware gang targeting unpatched Exchange servers to compromise organizations worldwide. The compromise of Exchange servers allows threat actors to access the target networks, perform internal reconnaissance and lateral movement activities, and steal sensitive documents before encrypting them. “For example, […] | Ransomware Threat | ||
|
2022-06-13 13:18:30 | HelloXD Ransomware operators install MicroBackdoor on target systems (lien direct) | >Experts observed the HelloXD ransomware deploying a backdoor to facilitate persistent remote access to infected hosts. The HelloXD ransomware first appeared in the threat landscape on November 30, 2021, it borrows the code from Babuk ransomware, which is available in Russian-speaking hacking forums since September 2021. Unlike other ransomware operations, this ransomware gang doesn't use a […] | Ransomware Threat | ||
|
2022-06-12 22:21:36 | Security Affairs newsletter Round 369 by Pierluigi Paganini (lien direct) | >A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers HID Mercury Access Controller flaws […] | Ransomware | ||
|
2022-06-12 14:14:51 | Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers (lien direct) | >Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134, affecting Atlassian Confluence Server and Data Center. Proof-of-concept exploits for the CVE-2022-26134 vulnerability have been released online, Bleeping Computer reported that starting from […] | Ransomware | ★★★ | |
|
2022-06-10 14:37:16 | Experts spotted a new variant of the Cuba Ransomware with optimized infection techniques (lien direct) | >The Cuba ransomware operators are back and employed a new version of its malware in recent attacks. Cuba ransomware has been active since at least January 2020. Its operators have a data leak site, where they post exfiltrated data from their victims who refused to pay the ransom. The ransomware encrypts files on the targeted systems […] | Ransomware Malware | ||
|
2022-06-10 08:24:56 | Vice Society ransomware gang adds the Italian City of Palermo to its data leak site (lien direct) | >The Vice Society group has claimed responsibility for the ransomware attack that hit the Italian city of Palermo forcing the IT admins to shut down its infrastructure. The Vice Society ransomware group has claimed responsibility for the recent cyber attack that hit the city of Palermo in the South of Italy. In response to the […] | Ransomware | ||
|
2022-06-08 07:55:06 | Black Basta ransomware now supports encrypting VMware ESXi servers (lien direct) | >Black Basta ransomware gang implemented a new feature to encrypt VMware ESXi virtual machines (VMs) running on Linux servers. The Black Basta ransomware gang now supports encryption of VMware ESXi virtual machines (VMs) running on Linux servers. Researchers from Uptycs first reported the discovery of the new Black Basta ransomware variant that supports encryption of […] | Ransomware | ||
|
2022-06-07 14:19:53 | Evil Corp gang starts using LockBit Ransomware to evade sanctions (lien direct) | >Mandiant researchers associate multiple LockBit ransomware attacks with the notorious Evil Corp Cybercrime Group. Mandiant researchers have investigated multiple LOCKBIT ransomware attacks that have been attributed to the financially motivated threat actor UNC2165. The researchers also noticed that the group shares numerous overlaps with the cybercrime gang Evil Corp. The UNC2165 group has been active since at […] | Ransomware Threat | ★★ | |
|
2022-06-07 08:55:47 | Black Basta ransomware operators leverage QBot for lateral movements (lien direct) | >The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack […] | Ransomware Malware Threat | ||
|
2022-06-06 22:39:43 | Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant (lien direct) | >LockBit ransomware gang claims to have hacked the cybersecurity firm Mandiant, which is investigating the alleged security breach. Today the LockBit ransomware gang has added the cybersecurity firm Mandiant to the list of victims published on its darkweb leak site. Mandiant is investigating the claims of the ransomware gang, the cybercrime group declared to have […] | Ransomware | ||
|
2022-06-02 18:34:36 | LockBit ransomware attack impacted production in a Mexican Foxconn plant (lien direct) | >LockBit ransomware gang claimed responsibility for an attack against the electronics manufacturing giant Foxconn that impacted production in Mexico The electronics manufacturing giant Foxconn confirmed that its production plant in Tijuana (Mexico) has been impacted by a ransomware attack in late May. The LockBit ransomware gang claimed responsibility for an attack and announced that it […] | Ransomware | ||
|
2022-06-02 17:09:12 | Conti leaked chats confirm that the gang\'s ability to conduct firmware-based attacks (lien direct) | The analysis of the internal chats of the Conti ransomware group revealed the gang was working on firmware attack techniques. The analysis of Conti group’s chats, which were leaked earlier this year, revealed that the ransomware gang has been working on firmware attack techniques. An attack against firmware could give threat actors significant powers, they are hard to […] | Ransomware Threat | ||
|
2022-06-01 06:53:54 | Hive ransomware gang hit Costa Rica public health service (lien direct) | >Costa Rican Social Security Fund, Costa Rica ‘s public health service, was hit by a Hive ransomware attack. Costa Rican Social Security Fund, Costa Rica ‘s public health service (aka CCCS), was hit today by a Hive ransomware attack, BleepingComputer reported. The attack occurred early this morning, Tuesday, May 31, 2022. The authorities are investigating […] | Ransomware | ||
|
2022-05-31 07:13:32 | Experts warn of ransomware attacks against government organizations of small states (lien direct) | >Cyber Research Labs reported a rise in ransomware attacks in the second quarter of 2022, small states are more exposed to these attacks. Cyber Research Labs observed a rise in ransomware attacks in the second quarter of 2022, some of them with a severe impact on the victims, such as the attack that hit the […] | Ransomware | ||
|
2022-05-30 11:20:08 | GoodWill Ransomware victims have to perform socially driven activities to decryption their data (lien direct) | >Researchers discovered a new ransomware family called GoodWill that asks victims to donate the ransom for social causes. CloudSEK's Threat Intelligence Research team has disclosed a new ransomware strain called GoodWill, that demands victims the payment of a ransom through donations for social causes and financially helping people in need. “The ransomware group propagates very unusual demands in […] | Ransomware Threat | ★★★ |
To see everything:
Our RSS (filtrered)
