What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-26 07:07:33 | GuidePoint rapporte une augmentation alarmante des ransomwares, impactant principalement des industries de la fabrication et de la technologie GuidePoint reports alarming rise in ransomware, mostly impacting manufacturing and technology industries (lien direct) |
La sécurité des points de guidage a révélé que 2023 a observé la plupart des impacts affectant un sous-ensemble limité d'industries.62% de tous ...
GuidePoint Security disclosed that 2023 observed most impacts affecting a limited subset of industries. 62 percent of all... |
Ransomware | ★★★ | |
 |
2024-01-25 23:58:06 | Trickbot Malware Scumbag obtient cinq ans pour infecter les hôpitaux, les entreprises Trickbot malware scumbag gets five years for infecting hospitals, businesses (lien direct) |
Le reste de l'équipage toujours en général Un ancien développeur TrickBot a été envoyé depuis cinq ans et quatre mois pour son rôle dans l'infecticule des hôpitaux et des entreprises américaines avec des ransomwares et d'autres logiciels malveillants, ce qui coûte aux victimes des dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizaines de dizainesdes millions de dollars de pertes…
Rest of the crew still at large A former Trickbot developer has been sent down for five years and four months for his role in infecting American hospitals and businesses with ransomware and other malware, costing victims tens of millions of dollars in losses.… |
Ransomware Malware | ★★★ | |
 |
2024-01-25 20:18:28 | Kasseika Ransomware déploie BYOVD ATTAQUES ABUS Psexec et exploite le pilote Martini Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver (lien direct) |
#### Description
L'opération de ransomware nommée \\ 'Kasseika \' a adopté Bring vos propres tactiques de pilote vulnérable (BYOVD) pour désactiver le logiciel antivirus avant de crypter des fichiers.
Kasseika exploite le pilote Martini, qui fait partie du système d'agent Virtt Soft \\ de TG Soft, pour désactiver les produits antivirus protégeant le système ciblé.Trend Micro a découvert Kasseika en décembre 2023, notant ses similitudes avec Blackmatter, suggérant qu'il pourrait avoir été construit par d'anciens membres ou acteurs qui ont acheté le code de Blackmatter \\.L'attaque commence par un e-mail de phishing, volant des informations d'identification pour l'accès initial, suivie de l'outil d'abus de Psexec Windows pour le mouvement latéral.Kasseika utilise des attaques BYOVD pour gagner des privilèges, résilier les processus antivirus et exécuter son ransomware binaire, exigeant une rançon de Bitcoin et offrant aux victimes une option de décryptage dans les 120 heures.
#### URL de référence (s)
1. https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attades-abuses-psexec-and-expl.html
#### Date de publication
25 janvier 2024
#### Auteurs)
Chercheurs Trendmicro
#### Description The ransomware operation named \'Kasseika\' has adopted Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files. Kasseika exploits the Martini driver, part of TG Soft\'s VirtIT Agent System, to disable antivirus products protecting the targeted system. Trend Micro discovered Kasseika in December 2023, noting its similarities with BlackMatter, suggesting it may have been built by former members or actors who purchased BlackMatter\'s code. The attack begins with a phishing email, stealing credentials for initial access, followed by the abuse of Windows PsExec tool for lateral movement. Kasseika utilizes BYOVD attacks to gain privileges, terminate antivirus processes, and execute its ransomware binary, demanding a Bitcoin ransom and providing victims with a decryption option within 120 hours. #### Reference URL(s) 1. https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html #### Publication Date January 25, 2024 #### Author(s) TrendMicro Researchers |
Ransomware Tool Prediction | ★★★ | |
 |
2024-01-25 17:43:48 | Le nombre de victimes d'attaque ransomware augmente en 2023 à plus de 4000 The Number of Ransomware Attack Victims Surge in 2023 to over 4000 (lien direct) |
La poussée de ransomware -As-A-Service Affiliates est probablement la raison de l'augmentation spectaculaire du nombre d'organisations victimes, avec tous les indicateurs suggérant que cette tendance persistera en 2024.
The surge in Ransomware-as-a-Service affiliates is likely the reason behind the dramatic increase in the number of victimized organizations, with all indicators suggesting that this trend will persist into 2024.
|
Ransomware Prediction | ★★★ | |
 |
2024-01-25 17:28:00 | Les gouvernements locaux du Colorado, de la Pennsylvanie et du Missouri traitant des ransomwares Local governments in Colorado, Pennsylvania and Missouri dealing with ransomware (lien direct) |
Plusieurs gouvernements locaux traitent des cyberattaques, notamment des incidents de ransomwares, cette semaine, provoquant des pannes et des problèmes pour les hôpitaux du comté, les bibliothèques et autres services locaux.Bucks County, Pennsylvanie - abritant près de 650 000 personnes - a déclaré mercredi qu'il était toujours aux prises avec un incident de cybersécurité qui avait éliminé les communications d'urgence \\ 'du département \\.
Multiple local governments are dealing with cyberattacks, including ransomware incidents, this week, causing outages and problems for county hospitals, libraries and other local services. Bucks County, Pennsylvania - home to nearly 650,000 people - said on Wednesday that it is still grappling with a cybersecurity incident that has knocked out the Emergency Communications\' Department\'s computer-aided |
Ransomware | ★★★ | |
 |
2024-01-25 16:00:00 | Une autre variante de ransomware Phobos lance l'attaque & # 8211;Fauve Another Phobos Ransomware Variant Launches Attack – FAUST (lien direct) |
Fortiguard Labs dévoile une récente attaque de ransomware Faust, une variante de la famille Phobos quiexploite un document Office et se déploie sur les systèmes Windows.Apprendre encore plus.
Fortiguard Labs unveils a recent FAUST ransomware attack, a variant of the Phobos family that exploits an Office document and deploys on Windows systems. Learn more. |
Ransomware | ★★★ | |
 |
2024-01-25 13:44:28 | L'IA augmentera le nombre et l'impact des cyberattaques, disent les officiers Intel AI will increase the number and impact of cyber attacks, intel officers say (lien direct) |
Le ransomware est probablement le plus grand bénéficiaire au cours des 2 prochaines années, explique GCHQ de l'UK \\.
Ransomware is likely to be the biggest beneficiary in the next 2 years, UK\'s GCHQ says. |
Ransomware | ★★★ | |
 |
2024-01-25 12:00:00 | Southern Water confirme la violation des données après les réclamations Black Basta Southern Water Confirms Data Breach Following Black Basta Claims (lien direct) |
Southern Water a confirmé qu'une violation de données s'est produite après que le groupe Black Basta Ransomware a prétendument publié des informations personnelles détenues par l'entreprise
Southern Water confirmed a data breach had occurred after the Black Basta ransomware group purportedly published personal information held by the firm |
Ransomware Data Breach | ★★★ | |
 |
2024-01-25 11:00:00 | Le côté obscur de la cybersécurité 2023: évolution des logiciels malveillants et cyber-menaces The dark side of 2023 Cybersecurity: Malware evolution and Cyber threats (lien direct) |
In the ever-evolving cybersecurity landscape, 2023 witnessed a dramatic surge in the sophistication of cyber threats and malware. AT&T Cybersecurity Alien Labs reviewed the big events of 2023 and how malware morphed this year to try new ways to breach and wreak havoc. This year\'s events kept cybersecurity experts on their toes, from expanding malware variants to introducing new threat actors and attack techniques. Here are some of the most compelling developments, highlighting malware\'s evolving capabilities and the challenges defenders face. Highlights of the year: Emerging trends and notable incidents As the year unfolded, several trends and incidents left an indelible mark on the cybersecurity landscape: Exploiting OneNote for malicious payloads Cybercriminals leveraged Microsoft OneNote to deliver many malicious payloads to victims, including Redline, AgentTesla, Quasar RAT, and others. This previously underutilized Office program became a favored tool due to its low suspicion and widespread usage. SEO poisoning and Google Ads Malicious actors resorted to SEO poisoning tactics, deploying phishing links through Google Ads to deceive unsuspecting victims. These links led to cloned, benign web pages, avoiding Google\'s detection and remaining active for extended periods. Prominent malware families, including Raccoon Stealer and IcedID, capitalized on this strategy. Exploiting geopolitical events Cybercriminals exploited the geopolitical climate, particularly the Middle East conflict, as a lure for their attacks. This trend mirrored the previous year\'s Ukraine-related phishing campaigns and crypto scams. APTs: State-sponsored espionage continues to present challenges Advanced Persistent Threats (APTs) continued to pose a significant threat in 2023: Snake: CISA reported on the Snake APT, an advanced cyber-espionage tool associated with the Russian Federal Security Service (FSB). This malware had been in use for nearly two decades. Volt Typhoon: A campaign targeting critical infrastructure organizations in the United States was attributed to Volt Typhoon, a state-sponsored actor based in China. Their focus lay on espionage and information gathering. Storm-0558: This highly sophisticated intrusion campaign, orchestrated by the Storm-0558 APT from China, infiltrated the email accounts of approximately 25 organizations, including government agencies. Ransomware\'s relentless rise Ransomware remained a prevalent and lucrative threat throughout the year: Cuba and Snatch: Ransomware groups like Cuba and Snatch targeted critical infrastructure in the United States, causing concern for national security. ALPHV/BlackCat: Beyond SEO poisoning, this group compromised the computer systems of Caesar and MGM casinos. They also resorted to filing complaints with the US Securities and Exchange Commission (SEC) against their victims, applying additional pressure to pay ransoms. Exploiting new vulnerabilities: Cybercriminals wasted no time exploiting newly discovered vulnerabilities, such as CVE-2023-22518 in Atlassian\'s Confluence, CVE-2023-4966 (Citrix bleed), and others. These vulnerabilities became gateways for ransomware attacks. Evolving ransom | Ransomware Spam Malware Tool Vulnerability Threat Prediction | Guam | ★★★ |
 |
2024-01-25 10:45:00 | Analyse des ransomwares industriels de Dragos: Q4 2023 Dragos Industrial Ransomware Analysis: Q4 2023 (lien direct) |
> Alors que les efforts incessants de l'international ont entraîné des arrestations et le démantèlement des opérations de ransomware, la bataille contre les ransomwares ...
Le post Dragos Industrial Ransomware Analysis: Q4 2023 = "https://www.dragos.com"> dragos .
>While international law enforcement’s relentless efforts have resulted in arrests and the dismantling of ransomware operations, the battle against ransomware... The post Dragos Industrial Ransomware Analysis: Q4 2023 first appeared on Dragos. |
Ransomware Industrial | ★★★★ | |
 |
2024-01-25 09:50:55 | NCSC prévient que l'IA est déjà utilisée par les gangs de ransomware NCSC Warns That AI is Already Being Used by Ransomware Gangs (lien direct) |
Dans un rapport nouvellement publié, le National Cyber Security Center (NCSC) du Royaume-Uni a averti que les attaquants malveillants profitent déjà de l'intelligence artificielle et que le volume et l'impact des menaces - y compris le ransomware - augmenteront au cours des deux prochaines années.Le NCSC, qui fait partie de GCHQ - l'intelligence, la sécurité et la cyber-agence du Royaume-Uni, évalue que l'IA a permis aux pirates relativement non qualifiés de "effectuer des opérations d'accès et de collecte d'informations plus efficaces ... en abaissant la barrière de l'entréeaux cybercriminels novices, aux pirates-pour-location et aux hacktivistes. "Nous avons vu ...
In a newly published report , the UK\'s National Cyber Security Centre (NCSC) has warned that malicious attackers are already taking advantage of artificial intelligence and that the volume and impact of threats - including ransomware - will increase in the next two years. The NCSC , which is part of GCHQ - the UK\'s intelligence, security and cyber agency, assesses that AI has enabled relatively unskilled hackers to "carry out more effective access and information gathering operations... by lowering the barrier of entry to novice cybercriminals, hacker-for-hire and hacktivists." We\'ve seen... |
Ransomware | ★★★ | |
|
2024-01-25 08:51:18 | Veolia North America et Southern Water frappé par des attaques de ransomwares, des problèmes de violation de données surviennent Veolia North America and Southern Water hit by ransomware attacks, data breach concerns arise (lien direct) |
> La division de l'eau municipale de l'Amérique du Nord de Veolia aurait connu un incident de ransomware qui a eu un impact sur certaines applications logicielles ...
>Veolia North America’s Municipal Water division has reportedly experienced a ransomware incident that has impacted certain software applications... |
Ransomware Data Breach | ★★★ | |
 |
2024-01-24 23:30:00 | Détection de ransomwares gérés & amp;Réponse (RDR) Offrande de Zyston Managed Ransomware Detect & Respond (RDR) Offering From Zyston (lien direct) |
> La division de l'eau municipale de l'Amérique du Nord de Veolia aurait connu un incident de ransomware qui a eu un impact sur certaines applications logicielles ...
>Veolia North America’s Municipal Water division has reportedly experienced a ransomware incident that has impacted certain software applications... |
Ransomware | ★★★ | |
|
2024-01-24 20:59:31 | Mimo CoinMiner and Mimus Ransomware Installed via Vulnerability Attacks (lien direct) | #### Description
Ahnlab Security Intelligence Center (ASEC) a récemment observé les circonstances d'un acteur de menace de Coinmin appelé MIMO exploitant diverses vulnérabilités pour installer des logiciels malveillants.MIMO, également surnommé HezB, a été retrouvé pour la première fois lorsqu'ils ont installé des co -miners grâce à une exploitation de vulnérabilité Log4Shell en mars 2022.
L'acteur MIMO Threat a installé divers logiciels malveillants, notamment MIMUS Ransomware, Proxyware et Inverse Shell MALWWare, en plus du mimo de mineur.La majorité des attaques de l'acteur de menace de MIMO ont été des cas qui utilisent XMRIG Coinmin, mais des cas d'attaque par ransomware ont également été observés en 2023.
Le ransomware Mimus a été installé avec le malware par lots et a été fabriqué sur la base du code source révélé sur GitHub par le développeur «Mauri870» qui a développé les codes à des fins de recherche.Le ransomware a été développé en Go, et l'acteur de menace l'a utilisé pour développer des ransomwares et l'a nommé Mimus Ransomware.MIMUS Ransomware n'a pas de différences particulières par rapport au code source de Mauricrypt \\.Seule l'adresse C&C de l'acteur de menace, l'adresse du portefeuille, l'adresse e-mail et d'autres données de configuration ont été modifiées.
#### URL de référence (s)
1. https://asec.ahnlab.com/en/60440/
#### Date de publication
17 janvier 2024
#### Auteurs)
Sanseo
#### Description AhnLab SEcurity intelligence Center (ASEC) recently observed circumstances of a CoinMiner threat actor called Mimo exploiting various vulnerabilities to install malware. Mimo, also dubbed Hezb, was first found when they installed CoinMiners through a Log4Shell vulnerability exploitation in March 2022. The Mimo threat actor has installed various malware, including Mimus ransomware, proxyware, and reverse shell malware, besides the Mimo miner. The majority of the Mimo threat actor\'s attacks have been cases that use XMRig CoinMiner, but ransomware attack cases were also observed in 2023. The Mimus ransomware was installed with the Batch malware and was made based on the source code revealed on GitHub by the developer “mauri870” who developed the codes for research purposes. The ransomware was developed in Go, and the threat actor used this to develop ransomware and named it Mimus ransomware. Mimus ransomware does not have any particular differences when compared to MauriCrypt\'s source code. Only the threat actor\'s C&C address, wallet address, email address, and other configuration data were changed. #### Reference URL(s) 1. https://asec.ahnlab.com/en/60440/ #### Publication Date January 17, 2024 #### Author(s) Sanseo |
Ransomware Malware Vulnerability Threat | ★★ | |
 |
2024-01-24 20:38:38 | Étude du National Cyber Security Center: L'IA générative peut augmenter la menace mondiale des ransomwares National Cyber Security Centre Study: Generative AI May Increase Global Ransomware Threat (lien direct) |
Voir les prédictions de NCSC \\ pour l'IA générative pour la cyberattaque et la défense jusqu'en 2025.
See NCSC\'s predictions for generative AI for cyber attack and defense through 2025. |
Ransomware Threat Studies | ★★★ | |
|
2024-01-24 19:38:00 | Qui paie et pourquoi: un chercheur examine l'état d'esprit de la victime de la victime de ransomware Who pays, and why: A researcher examines the ransomware victim\\'s mindset (lien direct) |
Qu'est-ce qui rend une victime de ransomware plus susceptible de payer qu'une autre?C'est ce qu'un chercheur néerlandais a entrepris de trouver, analysant les données de la police nationale et de l'incident sur des centaines de cas au cours des quatre dernières années.Les entreprises qui travaillent avec une société de réponse aux incidents tierces sont les plus disposées à payer leurs extorqueurs, il
What makes one ransomware victim more likely to pay up than another? That\'s what one Dutch researcher set out to find, analyzing national police and incident response data on hundreds of cases over the last four years. Companies that work with a third-party incident response firm are the most willing to pay their extortionists, he |
Ransomware | ★★★ | |
|
2024-01-24 17:57:00 | Ransomware Kasseika lié à Blackmatter dans BYOVD Attack Kasseika Ransomware Linked to BlackMatter in BYOVD Attack (lien direct) |
Un acteur émergent est le dernier à déployer une tactique qui met fin aux processus et services AV avant de déployer sa charge utile;La campagne fait partie d'une plus grande tendance "apporter votre propre conducteur vulnérable".
An emerging actor is the latest to deploy a tactic that terminates AV processes and services before deploying its payload; the campaign is part of a bigger "bring your own vulnerable driver" trend. |
Ransomware Prediction | ★★★ | |
 |
2024-01-24 16:50:00 | Ransomware Kasseika Utilisation de l'astuce BYOVD pour désarmer la sécurité pré-incrypative Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption (lien direct) |
Le groupe Ransomware connu sous le nom de Kasseika est devenu le dernier à tirer parti de l'attaque Bring Your Own Vulnerable Driver (BYOVD) pour désarmer les processus liés à la sécurité sur des hôtes Windows compromis, en rejoignant d'autres groupes comme Akira, Avoslocker, Blackbyte et Robbinhood.
La tactique permet "aux acteurs de menace de résilier les processus et services antivirus pour le déploiement de ransomwares"
The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. The tactic allows "threat actors to terminate antivirus processes and services for the deployment of ransomware," Trend |
Ransomware Prediction | ★★★ | |
 |
2024-01-24 15:20:27 | Niveau de la menace, IA, rationalisation des outils, consolidation du marché, cyber assurances : ce qui vous attend pour 2024 (lien direct) | >Multiplication des attaques par ransomware, tensions géopolitiques en Europe et au Moyen-Orient, incertitude économique : l'année 2023 fut tumultueuse et marquée par une succession de crises protéiformes. Dans ce contexte, les organisations ont eu fort à faire pour préserver l'intégrité de leur système d'information, ou encore se prémunir et remédier aux éventuelles cyberattaques. 2024 ne dérogera […] The post Niveau de la menace, IA, rationalisation des outils, consolidation du marché, cyber assurances : ce qui vous attend pour 2024 first appeared on UnderNews. | Ransomware Tool | ★★★ | |
|
2024-01-24 14:25:00 | États-Unis, Royaume-Uni, Australie Sanction Russian Revil Hacker derrière Medibank Breach U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach (lien direct) |
Les gouvernements d'Australie, du Royaume-Uni et des États-Unis ont imposé des sanctions financières à un ressortissant russe pour son rôle présumé dans l'attaque des ransomwares en 2022 contre le fournisseur d'assurance maladie Medibank.
Alexander Ermakov (alias Blade_runner, Gistavedore, Gustavedore ou Jimjones), 33
Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank. Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or JimJones), 33, has been tied to the breach of the Medibank network as well as the theft and release of Personally Identifiable |
Ransomware | ★★★ | |
 |
2024-01-24 13:40:19 | L'intelligence artificielle augmente la menace des ransomwares, le centre de cybersécurité britannique avertit Artificial Intelligence Heightens Ransomware Threat, UK Cyber Security Center Warns (lien direct) |
> Par waqas
Le côté obscur de l'intelligence artificielle (AI) - L'évaluation de la cyber-menace du NCSC du Royaume-Uni avertit la montée en puissance dans la surtension des ransomwares dirigés par l'IA.
Ceci est un article de HackRead.com Lire le post original: L'intelligence artificielle augmente la menace des ransomwares, UK Cyber Security Center avertit
>By Waqas The dark side of the Artificial Intelligence (AI) - UK\'s NCSC Cyber Threat Assessment warns surge in AI-driven ransomware Surge. This is a post from HackRead.com Read the original post: Artificial Intelligence Heightens Ransomware Threat, UK Cyber Security Center Warns |
Ransomware Threat | ★★ | |
 |
2024-01-24 12:20:57 | Critical Auth Typass dans Goanywhere MFT: est-ce une nouvelle passerelle de ransomwares?(CVE-2024-0204) Critical Auth Bypass in GoAnywhere MFT: Is It a New Ransomware Gateway? (CVE-2024-0204) (lien direct) |
Fortra a divulgué une vulnérabilité critique dans son logiciel Goanywhere MFT (transfert de fichiers géré) & # 8211; ...
Fortra has disclosed a critical vulnerability in its GoAnywhere MFT (Managed File Transfer) software –... |
Ransomware Vulnerability | ★★★ | |
 |
2024-01-24 11:56:13 | Le Royaume-Uni dit que l'IA autonomisera les ransomwares au cours des deux prochaines années UK says AI will empower ransomware over the next two years (lien direct) |
Le National Cyber Security Center (NCSC) du Royaume-Uni avertit que les outils d'intelligence artificielle (IA) auront un impact défavorable à court terme sur la cybersécurité, ce qui contribue à dégénérer la menace de ransomware.[...]
The United Kingdom\'s National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware. [...] |
Ransomware Tool Threat | ★★★ | |
 |
2024-01-24 11:39:53 | Le nouveau rapport de Barracuda \\'s Cybernomics 101 révèle les forces financières qui conduisent les cyberattaques Barracuda\\'s new Cybernomics 101 report uncovers the financial forces driving cyberattacks (lien direct) |
Le nouveau rapport Cybernomics 101 de Barracuda \\ révèle les forces financières qui stimulent les cyberattaques
50% des répondants pensent que l'IA permettra aux pirates de lancer plus d'attaques
Faits saillants: de nouvelles recherches de Barracuda montrent que 50% des répondants croient que l'IA permettra aux pirates de lancer plus d'attaques.
Parmi les personnes interrogées, le coût annuel moyen pour répondre aux compromis était de 5,34 millions de dollars.
L'enquête a également identifié 71% des répondants ont connu une attaque de ransomware au cours de la dernière année, et 61% ont payé la rançon.
-
rapports spéciaux
Barracuda\'s new Cybernomics 101 report uncovers the financial forces driving cyberattacks 50% of respondents believe AI will enable hackers to launch more attacks Highlights: New research from Barracuda shows that 50% of respondents believe AI will enable hackers to launch more attacks. Of those surveyed, the average annual cost to respond to compromises was $5.34 million. The survey also identified 71% of respondents had experienced a ransomware attack over the last year, and 61% paid the ransom. - Special Reports |
Ransomware | ★★ | |
|
2024-01-24 11:29:31 | La recherche de Sécurine révèle que les menaces de ransomware augmentent au milieu des changements géopolitiques et des défis de cybersécurité Securin research reveals ransomware threats surge amidst geopolitical shifts and cybersecurity challenges (lien direct) |
Les chercheurs de Securin ont publié mardi leurs dernières résultats sur les menaces de ransomware en 2023. La recherche fournit des informations précieuses sur ...
Securin researchers published Tuesday their latest findings on ransomware threats in 2023. The research provides valuable insights into... |
Ransomware | ★★★ | |
|
2024-01-24 11:00:00 | Obtenez le rapport AT & amp; T Cybersecurity Insights Rapport: Focus sur la finance Get the AT&T Cybersecurity Insights Report: Focus on Finance (lien direct) |
We’re pleased to announce the availability of the 2023 AT&T Cybersecurity Insights Report: Focus on Finance. The report examines the edge ecosystem, surveying finance IT leaders from around the world, and provides benchmarks for assessing your edge computing plans. This is the 12th edition of our vendor-neutral and forward-looking report. Last year’s focus on finance report documented how we secure the data, applications, and endpoints that rely on edge computing (get the 2022 report). Get the complimentary 2023 report. The robust quantitative field survey reached 1,418 security, IT, application development, and line of business professionals worldwide. The qualitative research tapped subject matter experts across the cybersecurity industry. Finance-specific respondents equal 204. At the onset of our research, we established the following hypotheses. Momentum edge computing has in the market. Approaches to connecting and securing the edge ecosystem – including the role of trusted advisors to achieve edge goals. Perceived risk and perceived benefit of the common use cases in each industry surveyed. The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED - delivering actionable advice for securing and connecting an edge ecosystem, including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases. The role of IT is shifting, embracing stakeholders at the ideation phase of development. Edge computing is a transformative technology that brings together various stakeholders and aligns their interests to drive integrated business outcomes. The emergence of edge computing has been fueled by a generation of visionaries who grew up in the era of smartphones and limitless possibilities. Look at the infographic below for a topline summary of key findings in the finance industry. In this paradigm, the role of IT has shifted from being the sole leader to a collaborative partner in delivering innovative edge computing solutions. In addition, we found that finance leaders are budgeting differently for edge use cases. These two things, along with an expanded approach to securing edge computing, were prioritized by our respondents in the 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem. One of the most promising aspects of edge computing is its potential to effectively use near-real-time data for tighter control of variable operations such as inventory and supply chain management that deliver improved operational efficiency. Adding new endpoints is essential for collecting the data, but how they’re connected can make them vulnerable to cyberattacks. Successful cyberattacks can disrupt services, highlighting the need for robust cybersecurity measures. Edge computing brings the data closer to where decisions are made. With edge computing, the intelligence required to make decisions, the networks used to capture and transmit data, and the use case management are distributed. Distributed means things work faster because nothing is backhauled to a central processing area such as a data center and delivers the near-real-time experience. With this level of complexity, it’s common to re-evaluate decisions regarding security, data storage, or networking. The report shares emerging trends as finance continues exploring edge computing use cases. One area that’s examined is expense allocation | Ransomware | ★★★ | |
|
2024-01-24 09:47:15 | La bataille de Genai: Défendre contre les ransomwares, la désinformation et les préjugés The battle of GenAI: Defending against ransomware, misinformation and bias (lien direct) |
La montée de l'IA générative doit être gérée avec prudence, explique Simon Bain, PDG et fondateur d'OmniIndex.
-
opinion
The rise of Generative AI must be managed with caution, says Simon Bain, CEO and founder at OmniIndex. - Opinion |
Ransomware | ★★★ | |
|
2024-01-24 09:30:00 | L'IA est définie sur la menace des ransomwares suralimente, explique NCSC AI Set to Supercharge Ransomware Threat, Says NCSC (lien direct) |
Le National Cyber Security Center affirme dans un nouveau rapport selon lequel l'IA augmentera le volume et l'impact des attaques de ransomwares
The National Cyber Security Centre claims in a new report that AI will increase volume and impact of ransomware attacks |
Ransomware Threat | ★★ | |
 |
2024-01-24 09:07:32 | US, Royaume-Uni, Australie sanctionner l'homme russe sur l'attaque des ransomwares contre l'assureur de la santé US, UK, Australia Sanction Russian Man Over Ransomware Attack on Healthcare Insurer (lien direct) |
> Les États-Unis, le Royaume-Uni et l'Australie annoncent des sanctions contre Alexander Ermakov pour son rôle dans l'attaque des ransomwares en 2022 contre l'assureur de la santé Medibank.
>US, UK and Australia announce sanctions against Alexander Ermakov for his role in the 2022 ransomware attack on healthcare insurer Medibank. |
Ransomware | ★★★ | |
|
2024-01-24 00:01:00 | British Intelligence avertit L'IA entraînera une augmentation du volume et de l'impact des ransomwares British intelligence warns AI will cause surge in ransomware volume and impact (lien direct) |
Les attaques de ransomwares augmenteront à la fois en volume et en impact au cours des deux prochaines années en raison des technologies de l'intelligence artificielle (IA), a averti l'intelligence britannique.Dans une évaluation des renseignements toutes source publiée mercredi - sur la base de l'intelligence classifiée, des connaissances de l'industrie, du matériel académique et de l'open source - le National Cyber Security Center (NCSC) a déclaré qu'il était «presque
Ransomware attacks will increase in both volume and impact over the next two years due to artificial intelligence (AI) technologies, British intelligence has warned. In an all-source intelligence assessment published on Wednesday - based on classified intelligence, industry knowledge, academic material and open source - the National Cyber Security Centre (NCSC) said it was “almost |
Ransomware | ★★ | |
|
2024-01-23 21:50:00 | États-Unis, Royaume-Uni, les responsables de l'AU sanctionnent le pirate de Medibank russe de 33 ans US, UK, AU Officials Sanction 33-Year-Old Russian Medibank Hacker (lien direct) |
Aleksandr Ermakov, aux côtés d'autres membres du gang Revil Ransomware, est responsable de l'une des plus grandes cyberattaques de l'histoire de l'Australie.
Aleksandr Ermakov, alongside other members of the REvil ransomware gang, are responsible for one of the biggest cyberattacks in Australia\'s history. |
Ransomware | ★★ | |
 |
2024-01-23 17:31:26 | États-Unis, Royaume-Uni, Australie Sanctionner le National russe après une grande attaque australienne australienne US, UK, Australia sanction Russian national after major Australian ransomware attack (lien direct) |
L'attaque d'octobre 2022 a ciblé le plus grand assureur privé de l'Australie \\, Medibank.
The October 2022 attack targeted Australia\'s largest private health insurer, Medibank. |
Ransomware | ★★★ | |
|
2024-01-23 17:01:35 | Lockbit Ransomware Gang revendique le métro comme une nouvelle victime LockBit Ransomware Gang Claims Subway as New Victim (lien direct) |
> Par deeba ahmed
des pieds aux octets volés: le métro fait face à un cauchemar potentiel de ransomware.
Ceci est un article de HackRead.com Lire le post d'origine: Lockbit Ransomware Gang revendique le métro comme nouvelle victime
>By Deeba Ahmed From Footlongs to Stolen Bytes: Subway Faces Potential Ransomware Nightmare. This is a post from HackRead.com Read the original post: LockBit Ransomware Gang Claims Subway as New Victim |
Ransomware | ★★★ | |
|
2024-01-23 16:52:56 | La géante des services de l'eau Veolia North America frappé par une attaque de ransomware Water services giant Veolia North America hit by ransomware attack (lien direct) |
Veolia North America, une filiale du conglomérat transnational Veolia, a révélé une attaque de ransomware qui a eu un impact sur les systèmes d'une partie de sa division municipale de l'eau et a perturbé ses systèmes de paiement de factures.[...]
Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems. [...] |
Ransomware | ★★★ | |
|
2024-01-23 13:04:59 | Le bailleur d'avion aercap confirme l'attaque des ransomwares Aircraft Lessor AerCap Confirms Ransomware Attack (lien direct) |
> AERCAP confirme l'attaque des ransomwares après une émergence de gangs de cybercrimes répertorie la société sur son site Web de fuite.
>AerCap confirms ransomware attack after emerging cybercrime gang lists the company on its leak website. |
Ransomware | ★★ | |
 |
2024-01-23 12:51:12 | Le paysage des menaces est toujours en train de changer: à quoi s'attendre en 2024 The Threat Landscape Is Always Changing: What to Expect in 2024 (lien direct) |
Gather \'round, cyber friends, and I\'ll let you in on a little secret: no one knows what the Next Big Thing on the threat landscape will be. But we can look back on 2023, identify notable changes and actor behaviors, and make educated assessments about what 2024 will bring. This month on the DISCARDED podcast my co-host Crista Giering and I sat down with our Threat Research leaders Daniel Blackford, Alexis Dorais-Joncas, Randy Pargman, and Rich Gonzalez, leaders of the ecrime, advanced persistent threat (APT), threat detection, and Emerging Threats teams, respectively. We discussed what we learned over the last year, and what\'s on the horizon for the future. While the discussions touched on different topics and featured different opinions on everything from artificial intelligence (AI) to living off the land binaries (LOLBins) to vulnerability exploitation to ransomware, there were some notable themes that are worth writing down. We can\'t say for sure what surprises are in store, but with our cyber crystals balls fully charged – and a deep knowledge of a year\'s worth of threat actor activity based on millions of email threats per day – we can predict with high confidence what\'s going to be impactful in the coming year. 1: Quick response (QR) codes will continue to proliferate 2023 was the year of the QR code. Although not new, QR codes burst on the scene over the last year and were used in many credential phishing and malware campaigns. The use was driven by a confluence of factors, but ultimately boiled down to the fact that people are now way more accustomed to scanning QR codes for everything from instructions to menus. And threat actors are taking advantage. Proofpoint recently launched new in-line sandboxing capabilities to better defend against this threat, and our teams anticipate seeing more of it in 2024. Notably, however, Dorais-Joncas points out that QR codes still just exist in the realm of ecrime – APT actors have not yet jumped on the QR code bandwagon. (Although, some of those APT actors bring ecrime energy to their campaigns, so it\'s possible they may start QR code phishing, too.) 2: Zero-day and N-day vulnerability exploitation A theme that appeared throughout our conversations was the creative use of vulnerabilities – both known and unreported – in threat actor activity. APT actors used a wide variety of exploits, from TA473 exploiting publicly-facing webmail servers to espionage actors using a zero-day in an email security gateway appliance that ultimately forced users to rip out and reinstall physical hardware. But ecrime actors also exploited their share of vulnerabilities, including the MOVEit file transfer service vulnerability from the spring of 2023 that had cascading repercussions, and the ScreenConnect flaw announced in the fall of 2023 – both of which were used by ecrime actors before being officially published. Proofpoint anticipates vulnerability exploitation will continue, driven in part by improved defense making old school techniques – like macro-enabled documents – much less useful, as well as the vast financial resources now available to cybercriminals that were once just the domain of APT. Pargman says the creativity from ecrime threat actors is a direct response of defenders imposing cost on our adversaries. 3: Continuing, unexpected behavior changes Avid listeners of the podcast know I have regularly said the ecrime landscape is extremely chaotic, with TA577 demonstrating the most chaotic vibes of them all. The tactics, techniques, and procedures (TTPs) of some of the most sophisticated actors continue to change. The cost imposed on threat actors that Pargman mentioned – from law enforcement takedowns of massive botnets like Qbot to improved detections and automated defenses – have forced threat actors, cybercriminals in particular, to regularly change their behaviors to figure out what is most effective. For example, recently Proofpoint has observed the increased use of: traffic dis | Ransomware Malware Tool Vulnerability Threat Prediction | ★★★ | |
|
2024-01-23 11:48:50 | Le géant de l'eau britannique admet que les attaquants sont entrés par effraction dans le système alors que Gang le tient à rançon UK water giant admits attackers broke into system as gang holds it to ransom (lien direct) |
vient des mois seulement après que les agences de renseignement occidentales ont mis en garde contre les attaques contre les fournisseurs d'eau Southern Water a confirmé ce matin que les criminels ont fait irruption dans ses systèmes informatiques, réalisant une "quantité limitée de données".p>
Comes mere months after Western intelligence agencies warned of attacks on water providers Southern Water confirmed this morning that criminals broke into its IT systems, making off with a "limited amount of data."… |
Ransomware Industrial | ★★★ | |
|
2024-01-23 11:47:06 | TeamViewer a exploité pour obtenir un accès à distance, déploier des ransomwares TeamViewer Exploited to Obtain Remote Access, Deploy Ransomware (lien direct) |
> Par deeba ahmed
TeamViewer a été identifié comme le point d'accès dans deux attaques de ransomwares distinctes ciblant différentes entreprises.
Ceci est un article de HackRead.com Lire le post original: TeamViewer exploitéPour obtenir un accès à distance, déployez des ransomwares
>By Deeba Ahmed TeamViewer has been identified as the access point in two separate ransomware attacks targeting different companies. This is a post from HackRead.com Read the original post: TeamViewer Exploited to Obtain Remote Access, Deploy Ransomware |
Ransomware | ★★★ | |
|
2024-01-23 11:36:28 | Des pirates russes soupçonnés de cyberattaque suédoise Russian Hackers Suspected of Sweden Cyberattack (lien direct) |
> Les agences gouvernementales suédoises et les magasins ont été perturbées par une attaque de ransomware qui aurait été menée par des pirates russes.
>Swedish government agencies and shops were disrupted by a ransomware attack believed to have been carried out by Russian hackers. |
Ransomware | ★★★ | |
|
2024-01-23 11:00:00 | La montée des ransomwares: stratégies de prévention The rise of ransomware: Strategies for prevention (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The exponential rise of ransomware attacks in recent times has become a critical concern for organizations across various industries. Ransomware, a malicious software that encrypts data and demands a ransom for its release, can wreak havoc on an organization\'s operations, finances, and reputation. This comprehensive guide delves into the intricate landscape of ransomware, exploring sophisticated attack vectors, common vulnerabilities, and providing detailed strategies for prevention. Ransomware is a type of malicious software designed to deny access to a computer system or data until a sum of money is paid. It often gains unauthorized access through exploiting vulnerabilities or employing social engineering tactics like phishing emails and malicious attachments. Over the years, ransomware attacks have evolved from indiscriminate campaigns to highly targeted and sophisticated operations. Notorious strains such as WannaCry, Ryuk, and Maze have demonstrated the devastating impact of these attacks on organizations worldwide. Common vulnerabilities exploited Outdated software and patch management: Ransomware often exploits vulnerabilities in outdated software. Robust patch management is crucial for closing these security gaps. Social engineering and phishing: Human error remains a significant factor in ransomware attacks. Employees need comprehensive training to recognize and avoid phishing attempts. Weak authentication practices: Inadequate password policies and the absence of multi-factor authentication create entry points for threat actors. Poorly configured remote desktop protocol (RDP): RDP misconfigurations can provide a direct path for ransomware to infiltrate a network. Comprehensive prevention strategies Regular software updates and patch management: Implement a proactive approach to software updates and patch vulnerabilities promptly. Employee training and awareness: Conduct regular cybersecurity training sessions to educate employees about the dangers of phishing and best practices for online security. Multi-factor authentication (MFA): Enforce MFA to add an additional layer of security, mitigating the risk of unauthorized access. Network segmentation: Divide networks into segments to contain the spread of ransomware in case of a breach. Data backup and recovery: Establish regular backups of critical data and ensure that recovery processes are tested and reliable. Post-infection recovery plans: The aftermath of a ransomware attack can be chaotic and detrimental to an organization\'s operations. Developing a robust post-infection recovery plan is essential to minimize damage, restore functionality, and ensure a swift return to normalcy. This detailed guide outlines the key components of an effective recovery plan tailored for organizations recovering from a ransomware incident. Key components of post-infection recovery plans: Incident response team activation: Swift action: Activate the incident response team immediately upo | Ransomware Data Breach Vulnerability Threat | ★★ | |
|
2024-01-23 08:40:23 | US, Royaume-Uni, Australie Sanction Revil Hacker derrière Medibank Data Breach US, UK, Australia sanction REvil hacker behind Medibank data breach (lien direct) |
Le gouvernement australien a annoncé des sanctions pour Aleksandr Gennavich Ermakov, un ressortissant russe considéré comme responsable du hack de Medibank 2022 et membre du Revil Ransomware Group.[...]
The Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. [...] |
Ransomware Data Breach Hack | ★★★ | |
 |
2024-01-23 00:00:00 | Kasseika Ransomware déploie les attaques BYOVD, abuse du psexec et exploite le pilote martini Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver (lien direct) |
Dans ce blog, nous détaillons notre enquête sur le ransomware de Kasseika et les indicateurs que nous avons trouvés suggérant que les acteurs derrière lui ont acquis l'accès au code source du célèbre ransomware de Blackmatter.
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware. |
Ransomware | ★★ | |
 |
2024-01-22 18:52:34 | Le code source du ransomware ALPHV est à vendre pour 30 000 dollars (lien direct) | Le groupe de maîtres chanteurs ALPHV / BlackCat continue de faire des vagues même après sa disparition. Le code source du rançongiciel est proposé sur le marché.... | Ransomware | ★★★ | |
|
2024-01-22 15:06:40 | Brasse de Loandepot: 16,6 millions de personnes touchées LoanDepot Breach: 16.6 Million People Impacted (lien direct) |
> Le géant des prêts Loandepot (NYSE: LDI) a déclaré qu'environ 16,6 millions d'individus étaient touchés à la suite d'une attaque de ransomware.
>Lending giant LoanDepot (NYSE: LDI) said that roughly 16.6 million individuals were impacted as a result of a ransomware attack. |
Ransomware | ★★ | |
|
2024-01-22 14:29:09 | Profil Web sombre: ransomware de loups-garous Dark Web Profile: WereWolves Ransomware (lien direct) |
> Émergeant comme un nouveau groupe dans le paysage de la cybercriminalité, ce groupe russe, ransomware de loups-garous, a ...
>Emerging as a new group in the cybercrime landscape, this Russian-speaking group, WereWolves Ransomware, has... |
Ransomware | ★★★ | |
|
2024-01-22 14:00:09 | Les données de Subway \\ sont torpées par Lockbit, Ransomware Gang Gang Gang Subway\\'s data torpedoed by LockBit, ransomware gang claims (lien direct) |
La chaîne de restauration rapide pourrait faire face à un processus de récupération d'une longueur de pied si les allégations sont vraies Le gang de ransomware de Lockbit revendique une attaque contre le Sandwich sous-marin Slinger Subway, alléguant qu'il a réussi avec un plateau de données.…
Fast food chain could face a footlong recovery process if allegations are true The LockBit ransomware gang is claiming an attack on submarine sandwich slinger Subway, alleging it has made off with a platter of data.… |
Ransomware | ★★★ | |
|
2024-01-22 12:59:00 | Ransomware frappe le service cloud Tietoevry;De nombreux clients suédois touchés Ransomware hits cloud service Tietoevry; numerous Swedish customers affected (lien direct) |
Le fournisseur de services d'hébergement cloud, Tietoevry, a annoncé que l'un de ses centres de données en Suède «était en partie soumis à une attaque de ransomware» ce week-end, affectant de nombreux clients et forçant les magasins à fermer à travers le pays.Selon la société technologique basée en Finlande \\ 's déclaration , l'attaque était limitée à« une partie de l'un de nos centres de données suédois »et est
Cloud hosting services provider Tietoevry announced that one of its datacenters in Sweden “was partially subject to a ransomware attack” this weekend, affecting numerous customers and forcing stores to close across the country. According to the Finland-based technology company\'s statement, the attack was limited to “one part of one of our Swedish datacenters” and is |
Ransomware Cloud | ★★★ | |
|
2024-01-22 10:59:24 | La cyberattaque LOANDEPOT provoque une violation des données pour 16,6 millions de personnes loanDepot cyberattack causes data breach for 16.6 million people (lien direct) |
Le prêteur hypothécaire Loandepot dit qu'environ 16,6 millions de personnes ont fait voler leurs informations personnelles dans une attaque de ransomware divulguée plus tôt ce mois-ci.[...]
Mortgage lender loanDepot says that approximately 16.6 million people had their personal information stolen in a ransomware attack disclosed earlier this month. [...] |
Ransomware Data Breach | ★★ | |
|
2024-01-21 15:13:25 | Attaque des ransomwares tietoevry provoque des pannes pour les entreprises suédoises, les villes Tietoevry ransomware attack causes outages for Swedish firms, cities (lien direct) |
Tietoevry, le fournisseur d'hébergement de cloud de services informatiques finlandais et d'entreprise, a subi une attaque de ransomware ayant un impact sur les clients d'hébergement cloud dans l'un de ses centres de données en Suède, l'attaque aurait été menée par le gang Akira Ransomware.[...]
Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered a ransomware attack impacting cloud hosting customers in one of its data centers in Sweden, with the attack reportedly conducted by the Akira ransomware gang. [...] |
Ransomware Cloud | ★★★ | |
|
2024-01-19 21:30:00 | L'acteur de ransomware utilise TeamViewer pour obtenir un accès initial aux réseaux Ransomware Actor Uses TeamViewer to Gain Initial Access to Networks (lien direct) |
Les attaquants ont de plus en plus exploité l'outil d'accès à distance largement utilisé, installé sur des centaines de millions de points de terminaison, pour pénétrer dans les environnements des victimes.
Attackers have increasingly leveraged the widely used remote access tool, installed on hundreds of millions of endpoints, to break into victim environments. |
Ransomware Tool | ★★★ |
To see everything:
Our RSS (filtrered)
