What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-07-01 11:33:44 | (Déjà vu) US CISA releases a Ransomware Readiness Assessment (RRA) tool (lien direct) | The US CISA has released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool. The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool for the agency’s Cyber Security Evaluation Tool (CSET). RRA could be used by organizations to determine […] | Ransomware Tool | ||
|
2021-06-29 13:24:14 | (Déjà vu) Linux version of REvil ransomware targets ESXi VM (lien direct) | The REvil ransomware operators added a Linux encryptor to their arsenal to encrypt Vmware ESXi virtual machines. The REvil ransomware operators are now using a Linux encryptor to encrypts Vmware ESXi virtual machines which are widely adopted by enterprises. The availability of the Linux encryptor was announced by the REvil gang in May, a circumstance […] | Ransomware | ||
|
2021-06-29 08:18:16 | Experts developed a free decryptor for the Lorenz ransomware (lien direct) | Researchers analyzed a recently discovered threat, the Lorenz ransomware, and developed a free decryptor for the victims of this new operation. The Lorenz ransomware gang has been active since April and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransoms to the victims. Like other ransomware gangs, Lorenz operators also implement double-extortion […] | Ransomware | ||
|
2021-06-26 15:14:01 | New ransomware group Hive leaks Altus group sample files (lien direct) | On June 14th, Altus Group, a commercial real estate software solutions firm, disclosed a security breach, now Hive ransomware gang leaked its files. On June 14th, Altus Group, a commercial real estate software solutions company, has announced that its data was breached. A week later, they reported “no evidence of impact”. Now, we have information […] | Ransomware | ||
|
2021-06-26 05:11:34 | Epsilon Red – our research reveals more than 3.5 thousand servers are still vulnerable (lien direct) | CyberNews researchers analyzed the recently discovered Epsilon Red operations and found that more than 3.5K servers are still vulnerable Several weeks later, security researchers from Sophos have discovered a new ransomware variant known as Epsilon Red. Now, we know exactly how it was carried out – and what you should do to be safe from it. Seemingly, […] | Ransomware | ||
|
2021-06-25 20:01:03 | Marketo Marketplace – Cybercriminals are targeting major law firms (lien direct) | Cybercriminals published for sale in Dark Web 58GB of data stolen from Hollingsworth LLP. One of the emerging underground marketplaces of stolen data ‘Marketo’ available in TOR network announced the publication of data presumably stolen from Hollingsworth LLP, one of the largest U.S.-based law firms. The information about the new victim of ransomware activity first […] | Ransomware | ||
|
2021-06-25 10:02:32 | Clop gang members recently arrested laundered over $500M in payments (lien direct) | The Clop ransomware members that were recently arrested laundered over $500M in ransomware payments for several malicious actors. The members of the Clop ransomware gang that were recently arrested in Ukraine laundered over $500M for several cybercrime groups. Data related to the money laundering activities were provided by the cryptocurrency exchange portal Binance, who tracked the group as […] | Ransomware | ||
|
2021-06-24 13:13:25 | ChaChi, a GoLang Trojan used in ransomware attacks on US schools (lien direct) | A new Trojan written in the Go programming language, tracked as ChaChi, was involved in ransomware attacks against government agencies and US schools. Researchers from BlackBerry Threat Research and Intelligence spotted a new RAT written in the Go programming language, dubbed ChaChi, which has been used by PYSA (aka Mespinoza) operators to target victims globally. The […] | Ransomware Threat | ||
|
2021-06-23 12:01:37 | Clop ransomware is back into action after the recent police operation (lien direct) | A week after the law enforcement operation that targeted the Clop ransomware operators, the gang is back into action. A week after the international operation conducted by law enforcement that targeted several members of the Clop ransomware gang, the group is back into action. Last week, Ukraine police arrested multiple individuals that are believed to […] | Ransomware | ||
|
2021-06-22 20:59:09 | Wormable bash DarkRadiation Ransomware targets Linux distros and docker containers (lien direct) | DarkRadiation is a new strain of ransomware implemented in Bash that targets Linux and Docker cloud containers and leverages Telegram for C2. Trend Micro researchers spotted a new strain of ransomware, dubbed DarkRadiation, which is writted in Bash script and target Linux distributions (Red Hat/CentOS and Debian) and Docker cloud containers. The ransomware uses OpenSSL’s […] | Ransomware | ||
|
2021-06-22 17:14:35 | A ransomware attack disrupted the IT network of the City of Liege (lien direct) | Belgium city of Liege has suffered today a ransomware attack that has disrupted the IT network of the municipality and its online services. Liege, one of the biggest cities in Belgium, was hit by a ransomware attack that has disrupted the IT network of the municipality and its online services. “The City of Liège is […] | Ransomware | ||
|
2021-06-21 20:27:22 | Ragnar Locker ransomware leaked data stolen from ADATA chipmaker (lien direct) | The Taiwanese memory and storage chip maker ADATA was hit by the Ragnar Locker ransomware gang that also published more than 700GB of stolen data. The Ragnar Locker ransomware gang has published on its leak sites more than 700GB of data stolen from Taiwanese memory and storage chip maker ADATA. The group published the link […] | Ransomware | ||
|
2021-06-17 08:53:31 | UNC2465 cybercrime group launched a supply chain attack on CCTV vendor (lien direct) | UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. An affiliate of the Darkside ransomware gang, tracked as UNC2465, has conducted a supply chain attack against a CCTV vendor, Mandiant researchers discovered. UNC2465 is considered one of the main affiliated of the […] | Ransomware Malware | ||
|
2021-06-16 20:41:24 | An international joint operation resulted in the arrest of Clop ransomware members (lien direct) | Ukraine police arrested multiple individuals that are believed to be linked to the Clop ransomware gang as part of an international joint operation. Ukraine police arrested multiple individuals that are believed to be linked to the Clop ransomware gang as part of an international operation conducted by law enforcement from Ukraine, South Korea, and the […] | Ransomware | ||
|
2021-06-15 21:17:27 | Fujifilm restores operations after recent ransomware attack (lien direct) | Japanese multinational conglomerate Fujifilm announced that it has restored operations following the recent ransomware attack. On June 4, the Japanese multinational conglomerate Fujifilm announced that it was hit by a ransomware attack and shut down its network in response to the incident. Around two weeks later the Japanese giant announced that it has restored operations following […] | Ransomware | ||
|
2021-06-15 18:53:53 | The source code of the Paradise Ransomware was leaked on XSS hacking forum (lien direct) | The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their customized variant. The source code for the Paradise Ransomware has been released on the hacking forum XSS allowing threat actors to develop their own customized ransomware operation. The news of the availability of the source […] | Ransomware Threat | ||
|
2021-06-15 09:33:43 | REvil ransomware gang hit US nuclear weapons contractor Sol Oriens (lien direct) | The REvil ransomware gang made the headlines again, the group hit the US nuclear weapons contractor Sol Oriens and stole the victim’s data. US nuclear weapons contractor Sol Oriens was hit by a cyberattack carried out by the REvil ransomware operators, which claims to have stolen data. Sol Orien provides consultant services to the National Nuclear […] | Ransomware | ||
|
2021-06-14 13:32:08 | G7 calls on Russia to dismantle operations of ransomware gangs within its borders (lien direct) | The member states of the G7 group have called on Russia and other states to dismantle operations of the ransomware gangs operating within their countries. G7 member states have called on Russia and other states to dismantle operations of ransomware gangs operating within their countries. The call to action follows the large number of ransomware […] | Ransomware | ||
|
2021-06-13 12:23:17 | Security Affairs newsletter Round 318 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. REvil Ransomware spokesman releases an interview on recent attacks Chinese SharpPanda APT developed a new backdoor in the […] | Ransomware | ||
|
2021-06-11 22:12:06 | (Déjà vu) Avaddon ransomware gang shuts down their operations and releases decryption keys (lien direct) | The Avaddon ransomware gang has shut down its operations and released the decryption keys to allow victims to recover their files for free. Good news for the victims of the Avaddon ransomware gang, the cybercrime group has shut down its operations and provided the decryption keys to BleepingComputer website. The group has also shut down […] | Ransomware | ||
|
2021-06-10 16:21:29 | (Déjà vu) JBS paid $11 million to REvil ransomware out of $22.5M requested (lien direct) | The beef producer JBS has admitted to have paid an $11 million ransom to the REvil ransomware gang after the group initially demanded $22.5 million. The meat processing giant JBS confirmed it paid the REvil ransomware gang $11 million in bitcoins to decrypt its files following the attack that took place at the end of […] | Ransomware | ||
|
2021-06-08 07:21:57 | US authorities recovered most of the ransom paid by Colonial Pipeline (lien direct) | US officials announced to have recovered most of the $4.3 million ransom that Colonial Pipeline paid to the DarkSide ransomware gang last month. During a video press conference, US officials announced to have recovered most of the $4.3 million ransomware that Colonial Pipeline paid to the DarkSide ransomware gang. The Colonial Pipeline facility in Pelham, […] | Ransomware | ||
|
2021-06-06 08:39:54 | REvil Ransomware spokesman releases an interview on recent attacks (lien direct) | The REvil ransomware operators said in an interview on the “Russian OSINT” Telegram channel that they accidentally targeted United States-based firms. The recent attack against JBS Foods conducted by REvil ransomware gang (aka Sodinokibi) triggered the response of US authorities, US DoJ announced its decision to equate investigations into ransomware attacks with investigations into terrorism in […] | Ransomware | ||
|
2021-06-05 12:17:41 | DoJ: Investigations into ransomware attacks must have similar priority as terrorism (lien direct) | The U.S. Department of Justice was to assign investigation on ransomware attacks the same priority as terrorism in the wake of the Colonial Pipeline hack. The U.S. Department of Justice plans to equate investigations into ransomware attacks with investigations into terrorism in the wake of the Colonial Pipeline hack. Colonial Pipeline before, and recently the […] | Ransomware | ||
|
2021-06-03 12:52:24 | (Déjà vu) FBI confirmed that JBS was hit by the REvil ransomware gang (lien direct) | The US FBI announced that REvil ransomware gang (also known as Sodinokibi) is behind the attack that hit JBS Foods. On May 30, the American food processing giant JBS Foods, the world's largest processor of fresh beef, was forced to shut down production at multiple sites worldwide following a cyberattack. The cyberattack impacted multiple production plants of […] | Ransomware | ||
|
2021-06-01 22:03:01 | (Déjà vu) JBS attack has likely a Russian origin (lien direct) | White House spokeswoman speculates threat actors behind the JBS ransomware attack have a Russian origin. The American food processing giant JBS Foods, the world's largest processor of fresh beef, was forced to shut down production at multiple sites worldwide following a cyberattack. The cyberattack impacted multiple production plants of the company worldwide, including facilities located […] | Ransomware Threat | ||
|
2021-06-01 19:26:50 | New Epsilon Red Ransomware appears in the threat landscape (lien direct) | Researchers spotted a new piece of ransomware named Epsilon Red that was employed at least in an attack against a US company. Researchers from Sophos spotted a new piece of ransomware, named Epsilon Red, that infected at least one organization in the hospitality sector in the United States. The name Epsilon Red comes from an […] | Ransomware Threat | ||
|
2021-06-01 07:07:18 | Prometheus and Grief – two new emerging ransomware gangs targeting enterprises. Mexican Government data is published for sale. (lien direct) | “Prometheus” and “Grief” – a multi-billion dollar ransomware market obtained two new emerging players. In today’s world, information and data means money and the people that are stealing the information have now reached new levels of sophistication. The number of cases reported has exploded in the last few years and continue to grow rapidly. Prometheus […] | Ransomware | ||
|
2021-05-30 11:55:17 | Security Affairs newsletter Round 316 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A malware attack hit the Alaska Health Department CVE-2021-31166 Windows HTTP flaw also impacts WinRM servers Zeppelin ransomware gang is back after a temporary pause 13 flaws in Nagios IT […] | Ransomware Malware | ||
|
2021-05-28 09:13:11 | Canada Post disclosed a ransomware attack on a third-party service provider (lien direct) | Canada Post disclosed a ransomware attack on a third-party service provider that exposed shipping information for their customers. Canada Post announced that a ransomware attack on a third-party service provider exposed shipping information for their customers. Canada Post is a Crown corporation that functions as the primary postal operator in Canada, it provides service to more than 16 million Canadian […] | Ransomware | ||
|
2021-05-26 06:20:14 | Agrius group targets Israel with data-wipers disguised as ransomware (lien direct) | An Iran-linked threat actor tracked as Agrius employed data-wipers disguised as ransomware to destroy targeted IT infrastructure. Researchers from cyber-security firm SentinelOne discovered a new Iran-linked threat actor, tracked as Agrius, which relied on data-wiping malware disguised as ransomware to destroy the targeted systems. In order to hide the real nature of the threat, the […] | Ransomware Malware Threat | ||
|
2021-05-25 10:04:58 | Audio equipment maker Bose Corporation discloses a ransomware attack (lien direct) | The audio equipment manufacturer Bose Corporation said it was the victim of a ransomware attack that took place earlier this year, on March 7. Bose Corporation has announced it was the victim of a ransomware attack that took place earlier this year, on March 7. According to the breach notification letter filed by Bose, the […] | Ransomware | ||
|
2021-05-24 18:10:21 | Zeppelin ransomware gang is back after a temporary pause (lien direct) | Operators behind the Zeppelin ransomware-as-a-service (RaaS) have resumed their operations after a temporary interruption. Researchers from BleepingComputer reported that operators behind the Zeppelin ransomware-as-a-service (RaaS), aka Buran, have resumed their operations after a temporary interruption. Unlike other ransomware, Zeppelin operators do not steal data from the victims and don’t run a leak site. Zeppelin ransomware […] | Ransomware | ||
|
2021-05-23 12:33:32 | Security Affairs newsletter Round 315 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Avaddon Ransomware gang hacked France-based Acer Finance and AXA Asia MSBuild tool used to deliver RATs filelessly Pakistan-linked Transparent Tribe APT expands its arsenal Two flaws could allow bypassing AMD […] | Ransomware Tool | APT 36 | |
|
2021-05-22 20:15:23 | Qlocker ransomware leverages HBS flaw to infect QNAP NAS devices (lien direct) | QNAP warns customers of updating the HBS 3 disaster recovery app to prevent Qlocker ransomware attack. Taiwanese vendor QNAP is warning its customers of updating the HBS 3 disaster recovery app running on their Network Attached Storage (NAS) devices to prevent Qlocker ransomware infections. At the end of April, experts warned of a new strain […] | Ransomware | ||
|
2021-05-22 13:53:00 | (Déjà vu) Conti Ransomware hit 16 US health and emergency Services, said FBI (lien direct) | Conti ransomware targeted over 400 organizations worldwide, 290 in the US, and at least 16 healthcare and first responder networks. The Federal Bureau of Investigation (FBI) revealed that the Conti ransomware gang has hit at least 16 healthcare and first responder organizations. According to a flash alert issued by the FBI over 400 organizations worldwide […] | Ransomware | ||
|
2021-05-21 15:02:43 | Insurance giant CNA Financial paid a $40 million ransom (lien direct) | The US insurance giant CNA Financial reportedly paid a $40 million ransom to restore access to its files following a ransomware attack. CNA Financial, one of the largest insurance companies in the US, reportedly paid a $40 ransom to restore access to its files following a ransomware attack that took place in March. According to Bloomberg, […] | Ransomware | ||
|
2021-05-21 10:55:26 | Bitcoins of DarkSide ransomware gang still locked in hacker forum\'s escrow (lien direct) | After DarkSide ransomware gang shut down operations, multiple affiliates have complained about not receiving the payments for successful breaches. The decision of the DarkSide ransomware gang to shut down operations is causing chaos among its network of affiliates, who have complained about not receiving the payments for their successful breaches. The affiliated are asking the […] | Ransomware | ||
|
2021-05-20 20:39:41 | STRRAT RAT spreads masquerading as ransomware (lien direct) | Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. The RAT was designed to steal data from victims while masquerading as a ransomware attack. The Java-based STRRAT RAT […] | Ransomware Malware | ||
|
2021-05-19 11:33:28 | Conti ransomware gang also breached Ireland Department of Health (DoH) (lien direct) | Conti ransomware also breached the network of Ireland’s Department of Health (DoH) but the ransomware failed to encrypt the systems. Last week, Conti ransomware gang targeted the Ireland's Health Service Executive that was forced to shut down its IT systems on Friday after being targeted with a significant ransomware attack. The Health Service Executive opted to […] | Ransomware | ||
|
2021-05-19 05:53:29 | DarkSide ransomware made $90 million since October 2020 (lien direct) | Researchers from blockchain analysis firm Elliptic estimated that Darkside ransomware gang has made over $90 million from its attacks. Experts from blockchain analysis firm Elliptic estimated that the Darkside ransomware gang has earned over $90 million from ransom payments from its victims since October 2020. The researchers examined the Bitcoin wallets used by ransomware gang […] | Ransomware | ||
|
2021-05-18 09:22:59 | Analysis of NoCry ransomware: A variant of the Judge ransomware (lien direct) | Researchers at Tesorion released a decryptor for Judge ransomware that also decrypts files encrypted by the NoCry ransomware. In January this year, we published a blog post on our analysis of the Judge ransomware. We announced a free decryptor for Judge victims in this blog post, which is available through the NoMoreRansom initiative. Our decryptor has been helping […] | Ransomware | ||
|
2021-05-17 06:19:59 | Conti ransomware demanded $20M ransom to Ireland Health Service Executive (lien direct) | Ireland Health Service Executive (HSE) refuses to pay a $20 million ransom demand after its systems were hit by the Conti ransomware gang. Ireland's Health Service Executive that was forced to shut down its IT systems on Friday after being targeted with a significant ransomware attack. The Health Service Executive opted to shut down its infrastructure as a […] | Ransomware | ||
|
2021-05-16 17:44:58 | Avaddon Ransomware gang hacked France-based Acer Finance and AXA Asia (lien direct) | Avaddon ransomware gang has breached the France-based financial consultancy firm Acer Finance. Avaddon ransomware gang made the headlines again, the cybercrime gang has breached the France-based financial consultancy firm Acer Finance. Acer Finance operates as an investment management company. The Company offers risk management, mutual funds, analysis, financial planning, and advisory services. Acer Finance serves […] | Ransomware | ★★★★★ | |
|
2021-05-16 09:51:58 | Security Affairs newsletter Round 314 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. CISA MAR report provides technical details of FiveHands Ransomware SQL injection issue in Anti-Spam WordPress Plugin exposes User Data TsuNAME flaw exposes DNS servers to DDoS attacks City of Tulsa, […] | Ransomware | ||
|
2021-05-15 12:31:40 | Major hacking forums XSS and Exploit ban ads from ransomware gangs (lien direct) | XSS forum (previously known as DaMaGeLab) one of the most popular hacking forums, announced that it would ban the ads published by ransomware gangs. The popular hacking forum XSS forum, previously known as DaMaGeLab, announced that that it would ban the ads published by ransomware gangs. The forum is one the most important places of […] | Ransomware | ||
|
2021-05-15 08:41:55 | QNAP warns of eCh0raix ransomware and Roon Server zero-day attacks (lien direct) | QNAP warns of an actively exploited Roon Server zero-day flaw and eCh0raix ransomware attacks on its NAS devices. QNAP warns customers of threat actors that are targeting its Network Attached Storage (NAS) devices with eCh0raix ransomware attacks and exploiting a Roon Server zero-day vulnerability. The Taiwanese vendor was informed of ongoing eCh0raix ransomware attacks that […] | Ransomware Threat | ||
|
2021-05-14 19:29:43 | Darkside gang lost control of their servers and funds (lien direct) | The operators of the Darkside ransomware announced that they have lost control of their infrastructure and part of the funds the gang obtained from the victims. Darkside ransomware operators say they have lost control of their servers and funds resulting from their extortion activity, the funds were transferred to an unknown wallet. “The funds, which […] | Ransomware | ||
|
2021-05-14 11:30:06 | (Déjà vu) Ireland\'s Health Service Executive hit by ransomware attack (lien direct) | Ireland's Health Service Executive service shut down its IT systems after they were hit with a “significant ransomware attack.” Another major ransomware attack made the headlines, this time the victim is Ireland's Health Service Executive that was forced to shut down its IT systems on Friday. After being targeted with a significant ransomware attack the Health Service […] | Ransomware | ||
|
2021-05-13 20:16:55 | Security at Bay: Critical Infrastructure Under Attack (lien direct) | The recent Colonial Pipeline attack highlights the dangers that are facing Critical Infrastructure worldwide. The attack perpetrated by hackers on oil company Colonial Pipeline highlights the dangers that are facing Industrial Control Systems (ICS) and the need for change in the information security landscape, The attack took place on May 7th where hackers used ransomware […] | Ransomware |
To see everything:
Our RSS (filtrered)
