What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-12-14 20:57:03 | Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems (lien direct) | Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell vulnerability (CVE-2021-44228) to deliver the new Khonsari ransomware on Windows machines. Experts warn that threat actors are attempting to exploit the Log4Shell flaw […] | Ransomware Vulnerability Threat | ||
|
2021-12-10 22:19:58 | Volvo Cars suffers a data breach. Is it a ransomware attack? (lien direct) | Swedish automotive manufacturer Volvo Cars revealed that has suffered a cyberattack that resulted in the theft of R&D data. Swedish automotive manufacturer Volvo Cars revealed that threat actors have stolen R&D data from its systems. In 2010, Volvo Cars became a subsidiary of the Chinese manufacturer Geely Holding Group, which confirmed that it “has become […] | Ransomware Threat | ||
|
2021-12-10 19:21:54 | Australian ACSC warns of Conti ransomware attacks against local orgs (lien direct) | The Australian Cyber Security Centre (ACSC) warns of Conti ransomware attacks again multiple Australian organizations. The Australian Cyber Security Centre (ACSC) warns of Conti ransomware attacks against multiple Australian organizations from various sectors since November. “The ACSC is aware of multiple instances of Australian organisations that have been impacted by Conti ransomware in November and […] | Ransomware | ||
|
2021-12-10 08:05:50 | BlackCat ransomware, a very sophisticated malware written in Rust (lien direct) | BlackCat is the first professional ransomware strain that was written in the Rust programming language, researchers reported. Malware researchers from Recorded Future and MalwareHunterTeam discovered ALPHV (aka BlackCat), the first professional ransomware strain that was written in the Rust programming language In the past, other two ransomware were written in Rust for research purposes, one of them […] | Ransomware Malware | ||
|
2021-12-08 15:54:33 | CS Energy foiled a ransomware attack (lien direct) | A cyberattack hit CS Energy in Australia on Saturday, November 27, experts believe the attack was orchestrated by Chinese hackers. A ransomware cyberattack hit a major energy network operated by CS Energy, that attack could have had dramatic consequences leaving millions of homes without energy. The attack took place on Saturday, November 27, experts believe […] | Ransomware | ||
|
2021-12-06 15:55:12 | DMEA Colorado electric utility hit by a disruptive cyberattack (lien direct) | A ransomware attack hit an electric utility in Colorado causing a significant disruption and damage. The Delta-Montrose Electric Association (DMEA) is a local electric cooperative located in Colorado, it is part of Touchstone Energy Cooperatives. The company has discovered a security breach on November 7, the attack disrupted phone, email, billing, and customer account systems. The […] | Ransomware | ||
|
2021-12-05 10:18:37 | German BSI agency warns of ransomware attacks over Christmas holidays (lien direct) | German BSI warns of ransomware attacks over the Christmas and end-of-year holidays, fearing Emotet return and attacks on Microsoft Exchange servers. The German cybersecurity authority BSI warns of ransomware attacks over the Christmas holidays, fearing the return of the Emotet botnet return. During this period offices are often closed and employees are at home, for […] | Ransomware | ||
|
2021-12-04 18:23:48 | Cuba ransomware gang hacked 49 US critical infrastructure organizations (lien direct) | The FBI has revealed that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. A flash alert published by the FBI has reported that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations. “The FBI has identified, as of early November 2021 that […] | Ransomware | ||
|
2021-12-01 07:25:52 | Sabbath Ransomware target critical infrastructure in the US and Canada (lien direct) | Sabbath ransomware is a new threat that has been targeting critical infrastructure in the United States and Canada since June 2021. A new ransomware group called Sabbath (aka UNC2190) has been targeting critical infrastructure in the United States and Canada since June 2021. According to Mandiant researchers, the group is a rebrand of Arcane and […] | Ransomware Threat | ||
|
2021-11-29 13:17:41 | Biopharmaceutical firm Supernus Pharmaceuticals hit by Hive ransomware during an ongoing acquisition (lien direct) | Biopharmaceutical company Supernus Pharmaceuticals discloses a ransomware attack, the Hive ransomware claims to have stolen company data. Biopharmaceutical company Supernus Pharmaceuticals confirmed it was the victim of a data breach after a ransomware attack that hit the firm last in Mid-November. The Company states that the security breach did not impact its operations, it notified […] | Ransomware Data Breach | ||
|
2021-11-26 22:53:26 | Marine services provider Swire Pacific Offshore (SPO) hit by Clop ransomware (lien direct) | Marine services provider Swire Pacific Offshore (SPO) has suffered a Clop ransomware attack that resulted in the theft of company data. Clop ransomware hit Marine services provider Swire Pacific Offshore (SPO) and stole company data, but did not affected global operations. “Swire Pacific Offshore (SPO) has discovered that it was the target of a cyberattack […] | Ransomware | ||
|
2021-11-23 07:20:10 | US govt warns critical infrastructure of ransomware attacks during holidays (lien direct) | US CISA and the FBI issued a joint alert to warn critical infrastructure partners and public/private organizations of ransomware attacks during holidays. The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warn critical infrastructure partners of ransomware attacks during the holiday season. During this period offices are often closed and employees are at home, […] | Ransomware | ||
|
2021-11-22 10:04:00 | New Memento ransomware uses password-protected WinRAR archives to block access to the files (lien direct) | Memento ransomware group locks files inside WinRAR password-protected archives after having observed that its encryption process is blocked by security firms. In October, Sophos researchers have spotted the Memento ransomware that adopts a curious approach to block access to victims' files. The ransomware copies files into password-protected WinRAR archives, it uses a renamed freeware version […] | Ransomware | ||
|
2021-11-21 15:01:49 | Researchers were able to access the payment portal of the Conti gang (lien direct) | The Conti ransomware group has suffered a data breach that exposed its attack infrastructure and allowed researcher to access it. Researchers at security firm Prodaft were able to identify the real IP address of one of the servers used by the Conti ransomware group and access the console for more than a month. The exposed […] | Ransomware Data Breach | ★★★★ | |
|
2021-11-20 12:23:20 | The newer cybercrime triad: TrickBot-Emotet-Conti (lien direct) | Advanced Intelligence researchers argue that the restarting of the Emotet botnet was driven by Conti ransomware gang. Early this year, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action. This operation was […] | Ransomware | ||
|
2021-11-19 11:01:30 | Conti ransomware operations made at least $25.5 million since July 2021 (lien direct) | Researchers revealed that Conti ransomware operators earned at least $25.5 million from ransom payments since July 2021. A study conducted by Swiss security firm Prodaft with the support of blockchain analysis firm Elliptic revealed that the operators of the Conti ransomware have earned at least $25.5 million from attacks and subsequent ransoms carried out since […] | Ransomware | ||
|
2021-11-14 17:44:17 | FTC shares guidance for small businesses to prevent ransomware attacks (lien direct) | The US Federal Trade Commission (FTC) has shared guidance for small businesses on how to increase resilience to ransomware attacks. The US Federal Trade Commission (FTC) published guidance for small businesses on how to protect their networks from ransomware attacks. The FTC suggests two steps small businesses can take to bolster their resilience against ransomware […] | Ransomware | ||
|
2021-11-09 18:35:29 | Clop gang exploiting CVE-2021-35211 RCE in SolarWinds Serv-U in recent attack (lien direct) | The Clop ransomware gang is exploiting CVE-2021-35211 vulnerability in SolarWinds Serv-U to compromise corporate networks. Threat actors always look for new ways to compromise target networks, Clop ransomware gang (aka TA505, FIN11) is exploiting CVE-2021-35211 SolarWinds Serv-U vulnerability to breach businesses’ infrastructures and deploy its ransomware. The flaw is a remote code execution vulnerability that […] | Ransomware Vulnerability Threat | ||
|
2021-11-09 12:53:25 | Internationa law enforcement arrested REvil ransomware affiliates in Romania and Kuwait (lien direct) | Romanian police arrested two alleged Sodinokibi/REvil ransomware affiliates accused to have orchestrated attacks against thousands of victims. Romanian law enforcement agencies have arrested two alleged Sodinokibi/REvil ransomware affiliates on November 4, that are accused of having conducted attacks against thousands of victims. The arrests are the result of an international operation carried out in cooperation […] | Ransomware | ||
|
2021-11-09 08:17:46 | US DoS offers a reward of up to $10M for leaders of REvil ransomware gang (lien direct) | The U.S. government offers up to $10 million for identifying or locating leaders in the REvil/Sodinokibi ransomware operation The Department of State offers up to $10 million for information that can lead to the identification or location of individuals in key leadership positions in the REvil/Sodinokibi ransomware operation. The US government also offers $5 million […] | Ransomware Guideline | ||
|
2021-11-09 06:21:00 | Ukrainian REvil affiliate charged with Ransomware Attack on Kaseya (lien direct) | The US DoJ has charged a REvil ransomware affiliate that is suspected to have orchestrated the attack on Kaseya MSP platform in July. The US Department of Justice has charged a REvil ransomware affiliate for orchestrating the ransomware attacks on Kaseya MSP platform that took place in July 4. The suspect is 22-year old Ukrainian national Yaroslav […] | Ransomware | ||
|
2021-11-08 20:33:29 | Ransomware attack disrupted store operations in the Netherlands and Germany (lien direct) | Electronics retail giant MediaMarkt was hit by a ransomware attack that disrupted store operations in the Netherlands and Germany. Electronics retail giant MediaMarkt was a victim of a ransomware attack that forced the company to shut down its IT infrastructure to contain the threat and disrupted store operations in the Netherlands and Germany. Media Markt is a […] | Ransomware Threat | ||
|
2021-11-08 14:57:32 | Operation Cyclone targets Clop Ransomware affiliates (lien direct) | Operation Cyclone – Six alleged affiliates with the Clop ransomware operation were arrested in an international joint law enforcement operation led by Interpol. Interpol announced the arrest of six alleged affiliates with the Clop ransomware operation as part of an international joint law enforcement operation codenamed Operation Cyclone. Law enforcement authorities from South Korea, Ukraine, […] | Ransomware | ||
|
2021-11-07 10:15:54 | Security Affairs newsletter Round 339 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Casinos of tribal communities are losing millions in Ransomware attacks Threat actors stole $55 […] | Ransomware Threat | ||
|
2021-11-07 00:29:45 | Casinos of tribal communities are losing millions in Ransomware attacks (lien direct) | The FBI issued a private industry notification (PIN) to warn of ransomware attacks that hit several tribal-owned casinos last year. A private industry notification issued by the FBI’s Cyber Division revealed that ransomware attacks hit several tribal-owned casinos causing millions of dollar losses. The attacks paralyzed the activities of the casinos shutting down their gaming […] | Ransomware | ||
|
2021-11-05 11:52:07 | (Déjà vu) Threat actor exploits MS ProxyShell flaws to deploy Babuk ransomware (lien direct) | A new threat actor is exploiting ProxyShell flaws in attacks aimed at Microsoft Exchange servers to deploy the Babuk Ransomware in corporate networks. Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting ProxyShell flaws to gain access to corporate and deploy the Babuk Ransomware. Over the past months, […] | Ransomware Threat | ||
|
2021-11-04 09:53:48 | CERT-FR warns of Lockean ransomware attacks against French companies (lien direct) | CERT-France warns of a new ransomware group named Lockean that is behind a series of attacks against French organizations over the past 2 years. France's Computer Emergency Response Team (CERT-FR) officials identified a new ransomware gang named Lockean that is responsible for a long list of attacks against French companies over the past two years.The […] | Ransomware | ||
|
2021-11-03 21:35:52 | (Déjà vu) The U.K. Labour Party discloses a data breach (lien direct) | The U.K. Labour Party discloses a data breach after a ransomware attack hit a service provider that is managing its data. The U.K. Labour Party discloses a data breach after a service provider that manages its data was hit by a ransomware attack. The party notified relevant authorities and members that some of their information […] | Ransomware Data Breach | ||
|
2021-11-03 07:21:30 | BlackMatter ransomware gang is shutting down due to pressure from law enforcement (lien direct) | The BlackMatter ransomware gang announced it is going to shut down its operation due to pressure from law enforcement. The BlackMatter ransomware group has announced it is shutting down its operation due to the pressure from local authorities. The announcement was published on the Ransomware-as-a-Service portal operated by the group used by the network of […] | Ransomware | ||
|
2021-11-02 19:56:58 | Ransomware gangs target companies involved in time-sensitive financial events, FBI warns (lien direct) | The FBI warns of ransomware attacks on businesses involved in “time-sensitive financial events” such as corporate mergers and acquisitions. The Federal Bureau of Investigation (FBI) published a new private industry notification (PIN) to warn organizations of targeted ransomware attacks aimed at companies involved in “time-sensitive financial events” such as corporate mergers and acquisitions. Ransomware gangs target these […] | Ransomware | ||
|
2021-11-02 08:08:53 | The Toronto Transit Commission (TTC) hit by a ransomware attack (lien direct) | A ransomware attack hit the systems at the Toronto Transit Commission public transportation agency and disrupted its operations. The Toronto Transit Commission announced on Friday that its systems have been infected with ransomware, the attack began on Thursday night and disrupted its activities. At this time, no ransomware gang has taken responsibility for the attack. TTC […] | Ransomware | ||
|
2021-11-01 18:47:50 | HelloKitty ransomware gang also targets victims with DDoS attacks (lien direct) | The US FBI has published a flash alert warning private organizations of the evolution of the HelloKitty ransomware (aka FiveHands). The U.S. Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry of a new feature of the HelloKitty ransomware gang (aka FiveHands). According to the alert, the ransomware gang is […] | Ransomware | ||
|
2021-10-31 13:32:52 | Minecraft Japanese gamers hit by Chaos ransomware using alt lists as lure (lien direct) | Chaos Ransomware operators target gamers’ Windows devices using Minecraft alt lists as a lure and promoting them on gaming forums. Minecraft is one of the most popular games in the world, it had more than 140 million monthly active players in August 2021. Cybercriminals are attempting to exploit this popularity, the Chaos Ransomware gang is […] | Ransomware | ||
|
2021-10-31 09:30:41 | Graff multinational jeweller hit by Conti gang. Data of its rich clients are at risk, including Trump and Beckham (lien direct) | Conti ransomware gang hit high society jeweller Graff and threatens to release private details of world leaders, actors and tycoons The latest attack of the Conti ransomware gang makes the headlines, the threat actors hit high society jeweller Graff and asked the payment of a multi-million ransom to avoid leaking details of world leaders, actors […] | Ransomware Threat Guideline | ||
|
2021-10-29 22:49:42 | ESET found a variant of the Hive ransomware that encrypts Linux and FreeBSD (lien direct) | The Hive ransomware operators have developed a new variant of their malware that can encrypt Linux and FreeBSD. ESET researchers discovered a new Hive ransomware variant that was specifically developed to encrypt Linux and FreeBSD. Researchers at the cybersecurity firm believe that the new encryptors are still under development. Both variants are written in Golang, […] | Ransomware Malware | ||
|
2021-10-29 20:48:20 | Papua New Guinea \'s finance ministry was hit by a ransomware (lien direct) | A ransomware attack hit Papua New Guinea ‘s finance ministry and disrupted government payments and operations. Government officials confirmed that Papua New Guinea’s finance ministry was hit by a ransomware attack that disrupted government payments and operations. The ransomware infected the Department of Finance’s Integrated Financial Management System a week ago, said the finance minister […] | Ransomware | ||
|
2021-10-29 18:13:08 | Police arrested 12 individuals involved in 1800 ransomware attacks worldwide (lien direct) | Europol and Norwegian Police arrested 12 individuals over ransomware attacks on organizations worldwide, including critical infrastructure operators. A joint operation conducted by Europol, the Norwegian Police and other authorities led to the arrest of 12 individuals over ransomware attacks on organizations worldwide, including critical infrastructure operators. The suspects were involved in more than 1,800 ransomware […] | Ransomware | ||
|
2021-10-28 13:37:49 | German investigators identify crypto millionaire behind REvil operations (lien direct) | German authorities have identified a Russian man named Nikolay K. who is suspected to be a prominent member of the REvil ransomware gang. REvil ransomware gang is one of the most successful ransomware operations, the group and its affiliated hit hundreds of organizations worldwide. On July 2, the gang hit the Kaseya cloud-based MSP platform impacting MSPs and their […] | Ransomware | ||
|
2021-10-27 23:35:08 | Avast releases free decrypters for AtomSilo and LockFile ransomware families (lien direct) | Security firm Avast released today decryptors for AtomSilo and LockFile ransomware that allow victims to recover their files for free. Cyber security firm Avast has released today decryption utilities for AtomSilo and LockFile ransomware that allow the victims to recover their files for free. Experts pointed out that AtomSilo and LockFile ransomware only have a […] | Ransomware | ||
|
2021-10-27 22:25:08 | Grief ransomware gang hit US National Rifle Association (NRA) (lien direct) | Grief ransomware operators claim to have compromised computer systems at US National Rifle Association (NRA) and added it to their leak site. Grief ransomware operators announced to have hacked US National Rifle Association (NRA) and threaten to leak the stolen data. The NRA was added to the list of compromised organizations on the leak site […] | Ransomware | ||
|
2021-10-27 19:58:37 | (Déjà vu) Avast released a free decryptor for Babuk ransomware (lien direct) | Researchers from cybersecurity firm Avast released a decryption tool for Babuk ransomware that allows victims to recover their files for free. Cybersecurity firm Avast has released a decryption tool for Babuk ransomware that allows victims to recover their files for free. The decryptor was created using the leaked source code and decryption keys. Babuk is […] | Ransomware Tool | ||
|
2021-10-26 14:54:38 | Ranzy Locker ransomware hit tens of US companies in 2021 (lien direct) | The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised tens of US companies. The FBI published a flash alert to warn of Ranzy Locker ransomware operations that had already compromised at least 30 US companies this year. The gang has been active since at […] | Ransomware | ||
|
2021-10-25 21:13:17 | Unknown ransomware gang uses SQL injection bug in BillQuick Web Suite to deploy ransomware (lien direct) | An unknown ransomware gang leverages a critical SQL injection flaw in the BillQuick Web Suite time and billing solution to deploy ransomware. An unknown ransomware gang is exploiting a critical SQL injection flaw, tracked as CVE-2021-42258, in the popular billing software suite BillQuick Web Suite time to deploy ransomware. The attacks were first spotted this month […] | Ransomware | ||
|
2021-10-25 05:49:34 | Emsisoft created a free decryptor for past victims of the BlackMatter ransomware (lien direct) | Experts from cybersecurity firm Emsisoft announced the availability of a free decryptor for past victims of the BlackMatter ransomware. Cybersecurity firm Emsisoft has released a free decryption tool for past victims of the BlackMatter ransomware. The researchers found a vulnerability in the encryption process implemented in the BlackMatter ransomware that allowed them to recover encrypted […] | Ransomware Tool Vulnerability | ||
|
2021-10-22 20:32:55 | Groove ransomware group calls on other ransomware gangs to hit US public sector (lien direct) | Groove ransomware operators call on other ransomware groups to stop competing and join the forces to fight against the US. The Groove ransomware gang is calling on other ransomware groups to attack US public sector after a an operation of of law enforcement shut down the infrastructure of the REvil gang. “The ransomware group REvil […] | Ransomware | ||
|
2021-10-22 14:21:01 | DarkSide ransomware operators move 6.8M worth of Bitcoin after REvil shutdown (lien direct) | Darkside and BlackMatter ransomware operators have moved a large amount of their Bitcoin reserves after the recent shutdown of REvil’s infrastructure. The gangs behind the Darkside and BlackMatter ransomware operations have moved 107 BTC ($6.8 million) after the news of the recent shutdown of REvil’s infrastructure by law enforcement agencies. “The ransomware group REvil was […] | Ransomware | ||
|
2021-10-22 11:02:03 | FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks (lien direct) | FIN7 hacking group created fake cybersecurity companies to hire experts and involve them in ransomware attacks tricking them of conducting a pentest. The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang space creates fake cybersecurity companies that hire experts requesting them to […] | Ransomware | ||
|
2021-10-21 22:40:02 | (Déjà vu) Evil Corp rebrands their ransomware, this time is the Macaw Locker (lien direct) | Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from paying the ransom. Evil Corp has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. Bleeping Computer, citing Emsisoft CTO Fabian Wosar, reported that the Macaw […] | Ransomware | ||
|
2021-10-19 17:48:31 | Experts found many similarities between the new Karma Ransomware and Nemty variants (lien direct) | Sentinel Labs experts have analyzed the new Karma ransomware and speculate it represents an evolution of the Nemty ransomware operation. Karma ransomware is a new threat that was first spotted in June of 2021, it is important to distinguish it from a different threat with the same name that is active since 2016. Sentinel Labs […] | Ransomware Threat | ||
|
2021-10-19 07:06:06 | (Déjà vu) FBI, CISA, NSA published a joint advisory on BlackMatter ransomware operations (lien direct) | FBI, CISA, NSA have published a joint advisory about the operation of the BlackMatter ransomware gang and provides defense recommendations. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have published an advisory that provides details about the BlackMatter ransomware operations and defense recommendations. This advisory provides […] | Ransomware |
To see everything:
Our RSS (filtrered)
