What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-08-13 18:13:27 | SynAck ransomware gang releases master decryption keys for old victims (lien direct) | The SynAck ransomware gang released the master decryption keys for their operations and rebranded as a new group dubbed El_Cometa group. Good news for the victims of the SynAck ransomware gang, the group released the master decryption keys to allow victims to decrypt their files for free. The gang has now rebranded as the new […] | Ransomware | ||
|
2021-08-13 17:16:10 | Vice Society ransomware also exploits PrintNightmare flaws in its attack (lien direct) | Another ransomware gang, the Vice Society ransomware operators, is using Windows print spooler PrintNightmare exploits in its attacks. The Vice Society ransomware operators are actively exploiting Windows print spooler PrintNightmare vulnerability in their attacks against Windows servers. The PrintNightmare flaws (tracked as (CVE-2021-1675, CVE-2021-34527, and CVE-2021-36958) reside in the Windows Print Spooler service, print drivers, and the Windows Point and […] | Ransomware Vulnerability | ||
|
2021-08-12 16:01:15 | Magniber Ransomware operators use PrintNightmare exploits to infect Windows servers (lien direct) | Threat actors behind the Magniber Ransomware are using PrintNightmare exploits in attacks aimed at Windows servers. Threat actors behind the Magniber Ransomware are exploiting the PrintNightmare flaws (CVE-2021-1675, CVE-2021-34527, and CVE-2021-36958) to infect Windows servers. The PrintNightmare flaws reside in the Windows Print Spooler service, print drivers, and the Windows Point and Print feature. A few hours ago […] | Ransomware Threat | ||
|
2021-08-11 19:23:35 | Accenture has been hit by a LockBit 2.0 ransomware attack (lien direct) | Global consulting giant Accenture has allegedly been hit by a ransomware attack carried out by LockBit 2.0 ransomware operators. IT and consulting giant Accenture was hit by a ransomware attack carried out by LockBit 2.0 ransomware operators, the group announced the hack on its leak site, “These people are beyond privacy and security. I really hope […] | Ransomware Hack | ||
|
2021-08-10 15:00:47 | New eCh0raix ransomware variant targets NAS devices from both QNAP and Synology vendors (lien direct) | A new variant of the eCh0raix ransomware is able to target Network-Attached Storage (NAS) devices from both QNAP and Synology vendors. A newly variant of the eCh0raix ransomware is able to infect Network-Attached Storage (NAS) devices from Taiwanese vendors QNAP and Synology. The eCh0raix ransomware has been active since at least 2019, when eExperts from security firms […] | Ransomware | ||
|
2021-08-10 10:14:38 | (Déjà vu) Microsoft Azure Sentinel uses Fusion ML to detect ransomware attacks (lien direct) | Microsoft Azure Sentinel cloud-native SIEM (Security Information and Event Management) platform used the Fusion machine learning model to detect ransomware attack. Microsoft Azure Sentinel cloud-native SIEM is using the Fusion machine learning model to analyze data across enterprise environments and detect the activity associated with potential threats, including ransomware attacks. When a potential ransomware attack […] | Ransomware | ||
|
2021-08-09 16:22:07 | StealthWorker botnet targets Synology NAS devices to drop ransomware (lien direct) | Taiwanese vendor Synology has warned customers that the StealthWorker botnet is targeting their NAS devices to deliver ransomware. Taiwan-based vendor Synology has warned customers that the StealthWorker botnet is conducting brute-force attacks in an attempt to implant ransomware. Once compromised the device, threat actors employed it in a botnet used in attacks aimed at Linux […] | Ransomware Threat | ||
|
2021-08-09 14:38:09 | City of Joplin paid a 320K ransom after a ransomware Attack (lien direct) | A ransomware attack hit City of Joplin forcing the IT staff to shutdown the City computer. Finally the insurer for Joplin paid $320,000 to threat actors. A ransomware attack last month hit the City of Joplin forcing the IT staff to shut down the city's government's computer system to prevent the threat from spreading. While […] | Ransomware Threat | ||
|
2021-08-09 11:41:41 | (Déjà vu) Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks (lien direct) | The Australian Cyber Security Centre (ACSC) warns of a surge of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021. The Australian Cyber Security Centre (ACSC) warns of an escalation in LockBit 2.0 ransomware attacks against Australian organizations in multiple industry sectors starting July 2021. The Australian agency also published 2021-006: ACSC Ransomware Profile – Lockbit 2.0 which includes info […] | Ransomware | ||
|
2021-08-07 05:13:53 | RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE (lien direct) | Taiwanese manufacturer and distributor of computer hardware GIGABYTE was a victim of the RansomEXX ransomware gang. RansomEXX ransomware gang hit the Taiwanese manufacturer and distributor of computer hardware GIGABYTE and claims to have stolen 112GB of data. At the time of this writing, the leak site of the RansomEXX gang dosn’t include the company name, […] | Ransomware | ||
|
2021-08-06 23:08:15 | RansomEXX ransomware leaks files stolen from Italian luxury brand Zegna (lien direct) | RansomEXX ransomware operators hit the popular Italian luxury fashion house Ermenegildo Zegna Holding and started leaking stolen files. Zegna is one of the most famous Italian luxury fashion houses. It was founded in 1910 by Ermenegildo Zegna in Trivero, Biella Province of the Piedmont region of Northern Italy. Ermenegildo Zegna Group is the largest menswear brand in the world by revenue. As of 2018, Ermenegildo Zegna […] | Ransomware | ||
|
2021-08-06 12:05:45 | Conti Leak Indicators – What to block, in your SOC…. (lien direct) | Security expert provided leak indicators for Conti ransomware operations that were recently disclosed by a disgruntled affiliate. An affiliate of the Conti RaaS has leaked the training material provided by the group to the customers of its RaaS, he also published the info about one of the operators. The Conti Ransomware operators offer their services to their […] | Ransomware | ||
|
2021-08-06 06:53:20 | BlackMatter ransomware also targets VMware ESXi servers (lien direct) | BlackMatter gang rapidly evolves, the group has developed a Linux version that allows operators to targets VMware’s ESXi VM platform. The BlackMatter ransomware gang has implemented a Linux encryptor to targets VMware ESXi virtual machine platform. This is the last ransomware in order of time that is able to target VM platforms, some of the […] | Ransomware | ||
|
2021-08-05 21:49:51 | Conti ransomware affiliate leaked gang\'s training material and tools (lien direct) | An affiliate of the Conti RaaS has leaked the training material shared by the group with its network along with the info about one of the operators. An affiliate of the Conti RaaS has leaked the training material provided by the group to the customers of its RaaS, he also published the info about one […] | Ransomware | ||
|
2021-08-05 12:28:27 | Italian energy company ERG hit by LockBit 2.0 ransomware gang (lien direct) | ERG SPA, an Italian energy company, reports a minor impact on its operations after the recent ransomware attack conducted by LockBit 2.0 gang. Recently the Italian energy company ERG was hit by the LockBit 2.0 ransomware gang, now the company reported “only a few minor disruptions” for its ICT infrastructure. The company is active in the production of […] | Ransomware | ||
|
2021-08-04 21:39:51 | (Déjà vu) Advanced Technology Ventures discloses ransomware attack and data breach (lien direct) | The American venture capital firm Advanced Technology Ventures (ATV) disclosed a ransomware attack, crooks also stole data of some private investors. Advanced Technology Ventures (ATV) is an American venture capital firm with more than $1.8 billion in capital under management. The venture capital firm this week disclosed a ransomware attack, threat actors have also stolen the personal information of some […] | Ransomware Data Breach Threat | ||
|
2021-08-02 09:18:05 | (Déjà vu) More evidence suggests that DarkSide and BlackMatter are the same group (lien direct) | Researchers found evidence that the DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation. BleepingComputer found evidence that after the clamorous Colonia Pipeline attack, the DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation. The experts analyzed encryption algorithms in a decryptor used by BlackMatter, which is actively attacking corporate entities. […] | Ransomware | ||
|
2021-07-30 06:02:08 | Meteor was the wiper used against Iran\'s national railway system (lien direct) | The recent attack against Iran's national railway system was caused by a wiper malware dubbed Meteor and not by a ransomware as initially thought. According to research from Amnpardaz and SentinelOne, the recent attack against Iran's national railway system was caused by a wiper malware dubbed Meteor and not by ransomware as initially thought. Meteor was a previously undetected strain of malware, but experts […] | Ransomware Malware | ||
|
2021-07-29 18:08:49 | BlackMatter and Haron, two new ransomware gangs in the threat landscape (lien direct) | The cyber threat landscape change continuously, recently two new ransomware-as-service (RaaS) operations named BlackMatter and Haron made the headlines. Recently, two new ransomware gangs, named BlackMatter and Haron, announced the beginning of the operations. The Haron malware was first described by the South Korean security firm S2W Lab, three day after a first sample of […] | Ransomware Malware Threat | ||
|
2021-07-29 10:54:12 | LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains (lien direct) | A new variant of the LockBit 2.0 ransomware is now able to encrypt Windows domains by using Active Directory group policies. Researchers from MalwareHunterTeam and BleepingComputer, along with the malware expert Vitali Kremez reported spotted a new version of the LockBit 2.0 ransomware that encrypts Windows domains by using Active Directory group policies. Kramez explained that this is the […] | Ransomware Malware | ||
|
2021-07-28 07:16:58 | BlackMatter ransomware group claims to be Darkside and REvil succesor (lien direct) | BlackMatter ransomware gang, a new threat actor appears in the threat landscape and claims to combine TTPs of Darkside and REvil. BlackMatter is a new ransomware gang that started its activity this week, the cybercriminals group claims to be the successor of Darkside and REvil groups. Lile other ransomware operations, BlackMatter also set up its […] | Ransomware Threat | ★★★★★ | |
|
2021-07-27 14:36:19 | South Africa\'s logistics company Transnet SOC hit by a ransomware attack (lien direct) | Transnet SOC Ltd, a large South African rail, port and pipeline company, announced it was hit by a disruptive cyber attack. South Africa's logistics company Transnet SOC was hit last week by a disruptive cyberattack that halted its operations at all the port's terminals. The attack took place on Thursday, 22 July. “Port terminals are operational across the system, with […] | Ransomware | ||
|
2021-07-27 09:20:23 | Hackers flooded the Babuk ransomware gang\'s forum with gay porn images (lien direct) | The Babuk ransomware operators seem to have suffered a ransomware attack, threat actors flooded their forum gay orgy porn images. At the end of June, the Babuk Locker ransomware was leaked online allowing threat actors to use it to create their own version of the popular ransomware. The Babuk Locker operators halted their operations at the end […] | Ransomware Threat | ||
|
2021-07-26 19:31:06 | No More Ransom helped ransomware victims to save almost €1B (lien direct) | The No More Ransom initiative celebrates its fifth anniversary, over 6 million victims of ransomware attacks recover their files for free saving almost €1 billion in payments. No More Ransom is celebrating its 5th anniversary, the initiative allowed more than 6 million ransomware victims to recover their files for free saving roughly $1 billion in […] | Ransomware | ||
|
2021-07-25 11:19:39 | Security Affairs newsletter Round 324 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. HelloKitty ransomware gang targets vulnerable SonicWall devices Instagram implements 'Security Checkup to help users recover compromised accounts Chinese […] | Ransomware | ||
|
2021-07-23 10:03:07 | Kaseya obtained a universal decryptor for REvil ransomware attack (lien direct) | The software provider Kaseya announced to have obtained a universal decryptor for the REvil ransomware. Earlier this month, a massive supply chain attack conducted by the REvil ransomware gang hit the cloud-based managed service provider platform Kaseya, impacting both other MSPs using its VSA software and their customers. The VSA tool is used by MSPs to perform […] | Ransomware Tool | ||
|
2021-07-18 08:46:50 | (Déjà vu) HelloKitty ransomware gang targets vulnerable SonicWall devices (lien direct) | BleepingComputer became aware that the recent wave of attacks targeting vulnerable SonicWall devices was carried out by HelloKitty ransomware operators. SonicWall this week has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL). Threat actors could target unpatched devices belonging to Secure Mobile Access […] | Ransomware Threat | ||
|
2021-07-18 08:36:46 | Security Affairs newsletter Round 323 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Biden discussed Russian ransomware gangs with Putin in a phone call Hackers accessed Mint Mobile subscribers data and […] | Ransomware | ||
|
2021-07-15 17:34:17 | (Déjà vu) SpearTip Finds New Diavol Ransomware Does Steal Data (lien direct) | Security researchers have linked a new ransomware strain called Diavol to the Wizard Spider threat group behind the Trickbot botnet. BleepingComputer noted the ransomware families utilize the same I/O operations for file encryption queueing and use nearly identical command-line parameters for the same functionality. There may be some similarities, but as they've explained and SpearTip […] | Ransomware Threat | ||
|
2021-07-15 17:07:34 | HelloKitty ransomware now targets VMware ESXi servers (lien direct) | HelloKitty ransomware gang is using a Linux variant of their malware to target VMware ESXi virtual machine platform. A Linux variant of the HelloKitty ransomware was employed in attacks against VMware ESXi systems. The move of the ransomware gang aims at expanding the operations targeting enterprises that are largely adopting virtualizing platforms. Targeting VMware ESXi […] | Ransomware Malware | ||
|
2021-07-15 14:29:47 | SonicWall warns of \'imminent ransomware\' attacks on its EOL products (lien direct) | SonicWall has issued an urgent security alert to warn customers of “an imminent ransomware campaing” targeting EOL equipment. SonicWall has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL). Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series […] | Ransomware Threat | ||
|
2021-07-14 04:56:17 | The infrastructure and websites used by REvil ransomware gang are not reachable (lien direct) | The infrastructure and leak sites used by the REvil ransomware gang for its operations went offline last night. Starting last night, the infrastructure and the websites used by the REvil ransomware gang were mysteriously unreachable, BleepingComputer first reported. “The REvil ransomware operation, aka Sodinokibi, operates through numerous clear web and dark web sites used as […] | Ransomware | ||
|
2021-07-13 07:04:18 | (Déjà vu) American retailer Guess discloses data breach after ransomware attack (lien direct) | American clothing brand and retailer Guess discloses a data breach after the February ransomware attack and is notifying the affected customers. In February, American fashion brand Guess was hit by a ransomware attack, now the company is disclosing a data breach and is notifying affected customers. The attack was likely carried out by the DarkSide ransomware gang […] | Ransomware Data Breach | ||
|
2021-07-12 08:22:15 | (Déjà vu) Kaseya releases patches for flaws exploited in massive ransomware supply-chain attack (lien direct) | Kaseya has released a security update to address the VSA zero-day vulnerabilities exploited by REvil gang in the massive ransomware supply chain attack. Software vendor Kaseya has released a security update to fix the zero-day vulnerabilities in its VSA software that were exploited by the REvil ransomware gang in the massive ransomware supply chain attack. […] | Ransomware | ||
|
2021-07-11 18:24:53 | Biden discussed Russian ransomware gangs with Putin in a phone call (lien direct) | President Joe Biden expressed concerns about ransomware attacks carried out by Russian gangs during a phone call with President Vladimir Putin. The recent wave of ransomware attacks carried out by Russian gangs like REvil and Darkside worries US authorities and was discussed by Presidents Biden and Putin during a phone call. The ransomware attacks against […] | Ransomware | ||
|
2021-07-11 05:15:07 | Security Affairs newsletter Round 322 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Coop supermarket closes hundreds of stores after Kaseya supply chain ransomware attack Hackers spread backdoor after compromising the […] | Ransomware | ||
|
2021-07-10 05:09:35 | Kaseya warns customers of ongoing malspam campaign posing as security updates (lien direct) | Threat actors are conducting a spam campaign aimed at infecting Kaseya customers, posing as legitimate VSA security updates Kaseya is warning customers of threat actors attempting to exploit the recent massive supply chain ransomware attack suffered by the company. The software provider is warning of an ongoing malspam campaign aimed at delivering malware into their […] | Ransomware Spam Malware Threat | ||
|
2021-07-09 14:10:50 | Insurance firm CNA discloses data breach after March ransomware attack (lien direct) | Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance giant CNA is notifying customers of a data breach after the ransomware attack that it suffered in March. The insurance firm paid a $40 ransom to restore access to its files following the ransomware attack. […] | Ransomware Data Breach | ||
|
2021-07-07 21:33:50 | Wiregrass Electric Cooperative hit by a ransomware attack (lien direct) | Wiregrass Electric Cooperative, a rural Alabama electric cooperative was hit by a ransomware attack. Wiregrass Electric Cooperative, a rural Alabama electric cooperative that serves about 25,000 members, was hit by a ransomware attack. The cyberattack temporarily blocked the customers’ access to their account information, the cooperative is working to restore the impacted system. According to […] | Ransomware | ||
|
2021-07-07 12:11:21 | Researchers uncovered the network infrastructure of REVil – The notorious ransomware group that hit Kaseya (lien direct) | Resecurity® HUNTER, cyber threat intelligence and R&D unit, identified a strong connection to a cloud hosting and IoT company servicing the domain belonging to cybercriminals. According to the recent research published by ReSecurity on Twitter, starting January 2021 REVil leveraged a new domain 'decoder[.]re' in addition to a ransomware page available in the TOR network. […] | Ransomware Threat | ||
|
2021-07-06 12:47:07 | Approximatively 1,500 businesses impacted by the ransomware attack that hit Kaseya (lien direct) | Kaseya confirmed that the REvil supply-chain ransomware attack hit fewer than 60 of its customers and their customers. Software provider Kaseya announced that fewer than 60 of its customers and less than 1,500 businesses have been impacted by the recent supply-chain ransomware attack. Up to 1,500 downstream organizations, which were customers of MSPs using Kaseya VSA management […] | Ransomware | ||
|
2021-07-05 20:35:47 | (Déjà vu) CISA, FBI share guidance for MSPs and their customers impacted in Kaseya attack (lien direct) | CISA and the FBI published guidance for the victims impacted by the REvil supply-chain ransomware attack against Kaseya. CISA and the Federal Bureau of Investigation (FBI) have published guidance for the organizations impacted by the massive REvil supply-chain ransomware attack that hit Kaseya ‘s cloud-based MSP platform. The US agencies provides instructions to affected MSPs and their customers […] | Ransomware | ||
|
2021-07-05 13:44:27 | Revil ransomware gang hit Spanish telecom giant MasMovil (lien direct) | Revil ransomware gang hit Spanish telecom giant MasMovil and claims to have stolen sensitive data from the group. MasMovil is one of the largest Spanish telecom operators, last week the group was hit by the REvil ransomware gang that claims to have stolen sensitive data from the company. “We have downloaded databases and other important […] | Ransomware | ||
|
2021-07-05 11:17:19 | REvil ransomware gang demanded $70M for universal decryptor for Kaseya victims (lien direct) | REvil ransomware is demanding $70 million for decrypting all systems locked during the Kaseya supply-chain ransomware attack. REvil ransomware is asking $70 million worth of Bitcoin for decrypting all systems impacted in the Kaseya supply-chain ransomware attack. On Friday the REvil ransomware gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers. The […] | Ransomware | ||
|
2021-07-05 07:00:30 | US water company WSSC Water hit by a ransomware attack (lien direct) | US water company WSSC Water is investigating a ransomware attack that affected non-essential business systems in May. WSSC Water is investigating a ransomware attack that took place on May 24 and that targeted a portion of their network that operates non-essential business systems. According to reports from WJZ13 Baltimore, the company removed the malware just hours later and locked out […] | Ransomware Malware | ||
|
2021-07-04 17:30:38 | REvil gang exploited a zero-day in the Kaseya supply chain attack (lien direct) | Kaseya was addressing the zero-day vulnerability that REvil ransomware gang exploited to breach on-premise Kaseya VSA servers. A new supply chain attack made the headlines, on Friday the REvil ransomware gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers. The REvil ransomware operators initially compromised the Kaseya VSA's infrastructure, then pushed out […] | Ransomware Vulnerability | ||
|
2021-07-04 09:15:06 | Coop supermarket closes hundreds of stores after Kaseya supply chain ransomware attack (lien direct) | Swedish supermarket chain Coop is the first company to disclose the impact of the recent supply chain ransomware attack that hit Kaseya. The supermarket chain Coop shut down approximately 500 stores as a result of the supply chain ransomware attack that hit the provider Kaseya. The REvil ransomware operators initially compromised the Kaseya VSA's infrastructure, […] | Ransomware | ||
|
2021-07-03 18:01:06 | Kaseya VSA supply-chain ransomware attack hit hundreds of companies (lien direct) | A supply attack by REvil ransomware operators against Kaseya VSA impacted multiple managed service providers (MSPs) and their clients. A new supply chain attack made the headlines, this afternoon, the REvil ransomware gang hit the cloud-based MSP platform impacting MSPs and their customers. Kaseya has 40,000 customers, not all use the VSA tool which is […] | Ransomware Tool | ||
|
2021-07-03 05:14:09 | Diavol ransomware appears in the threat landscape. Is it the work of the Wizard Spider gang? (lien direct) | Wizard Spider, the cybercrime gang behind the TrickBot botnet, is believed to be the author of a new ransomware family dubbed Diavol, Fortinet researchers report. Researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been developed by Wizard Spider, the cybercrime gang behind the TrickBot botnet. The Trickbot botnet was used […] | Ransomware Threat | ||
|
2021-07-02 11:43:04 | (Déjà vu) Experts warn of Babuk Locker attacks with recently leaked ransomware builder (lien direct) | The recently leaked Babuk Locker ransomware builder was used by a threat actor in an ongoing campaign targeting victims worldwide. At the end of June, The Record first reported that the builder for the Babuk Locker ransomware was leaked online allowing threat actors to use it to create their own version of the popular ransomware. […] | Ransomware Threat |
To see everything:
Our RSS (filtrered)
