What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-19 20:15:33 | FBI: Akira Ransomware Group a fait 42 millions de dollars sur plus de 250 orgs FBI: Akira Ransomware Group Made $42 Million From 250+ Orgs (lien direct) |
The Akira ransomware group has breached the networks of over 250 organizations and claimed approximately $42 million (USD) in ransomware proceeds, according to a recent joint cybersecurity advisory issued by the United States Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Europol\'s European Cybercrime Centre (EC3), and the Netherlands\' National Cyber Security Centre (NCSC-NL). According to FBI investigations, Akira ransomware has targeted a wide range of businesses and critical infrastructure entities across North America, Europe, and Australia since March 2023. While the ransomware initially targeted Windows systems, the FBI recently found Akira\'s Linux variant targeting VMware ESXi virtual machines that are used widely across many large businesses and organizations. ? #StopRansomare: Review our ? #cybersecurity advisory, outlining known #AkiraRansomware #TTPs & #IOCs, developed with @FBI, @EC3Europol, & @NCSC_NL to reduce the exploitation of businesses and critical infrastructure. https://t.co/2VBMKhoAXK pic.twitter.com/Nn0fEK4HRw — CISA Cyber (@CISACyber) April 18, 2024 “Early versions of the Akira ransomware variant were written in C++ and encrypted files with a .akira extension; however, beginning in August 2023, some Akira attacks began deploying Megazord, using Rust-based code which encrypts files with a .powerranges extension. Akira threat actors have continued to use both Megazord and Akira, including Akira_v2 (identified by trusted third party investigations) interchangeably,” the joint cybersecurity advisory reads. The FBI and cybersecurity researchers have observed Akira threat actors obtaining initial access to organizations through a virtual private network (VPN) service without multifactor authentication (MFA) configured, mostly using known Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269. Additional methods of initial access include the use of external-facing services such as Remote Desktop Protocol (RDP), spear phishing attacks, and credential abuse. Once initial access is obtained, Akira threat actors attempt to exploit the functions of domain controllers by creating new domain accounts to establish persis | Ransomware Vulnerability Threat Studies | ★★★ | |
 |
2024-04-19 18:11:07 | PNUD, Ville de Copenhague ciblée dans la cyberattaque de données d'exposition des données UNDP, City of Copenhagen Targeted in Data-Extortion Cyberattack (lien direct) |
Un gang de ransomwares a revendiqué la responsabilité de l'attaque, bien qu'il ne sache pas si une rançon a été demandée ou payée.
A ransomware gang claimed responsibility for the attack, though it is unknown if a ransom was demanded or paid. |
Ransomware | ★★ | |
 |
2024-04-19 16:31:00 | Akira Ransomware Gang éteint 42 millions de dollars;Cible désormais les serveurs Linux Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers (lien direct) |
Les acteurs de la menace derrière le groupe Akira Ransomware ont extorqué environ 42 millions de dollars en produit illicite après avoir enfreint les réseaux de plus de 250 victimes au 1er janvier 2024.
"Depuis mars 2023, Akira Ransomware a eu un impact
Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia," cybersecurity agencies from the Netherlands and the U.S., |
Ransomware Threat | ★★ | |
 |
2024-04-19 14:03:31 | L'agence des Nations Unies enquête sur l'attaque des ransomwares, le vol de données United Nations agency investigates ransomware attack, data theft (lien direct) |
Le programme des Nations Unies pour le développement (PNUD) étudie une cyberattaque après que les acteurs de la menace ont enfreint ses systèmes informatiques pour voler des données sur les ressources humaines.[...]
The United Nations Development Programme (UNDP) is investigating a cyberattack after threat actors breached its IT systems to steal human resources data. [...] |
Ransomware Threat | ★★★ | |
 |
2024-04-19 11:25:16 | Akira Ransomware a gagné plus de 42 millions de dollars en un an: agences Akira Ransomware Made Over $42 Million in One Year: Agencies (lien direct) |
> Akira Ransomware a frappé plus de 250 organisations dans le monde et a reçu plus de 42 millions de dollars en paiements de rançon.
>Akira ransomware has hit over 250 organizations worldwide and received over $42 million in ransom payments. |
Ransomware | ★★★ | |
 |
2024-04-19 11:05:11 | CISA, FBI, EUROPOL et NCSC-NL Émission de consultation conjointe de cybersécurité sur les menaces de ransomware Akira CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats (lien direct) |
> L'Agence américaine de sécurité de la cybersécurité et des infrastructures (CISA), le Federal Bureau of Investigation (FBI), European Cybercrime Center d'Europol ...
>The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), Europol\'s European Cybercrime Centre... |
Ransomware | ★★ | |
 |
2024-04-19 10:17:00 | Akira Ransomware Group Rakes dans 42 M $, 250 organisations touchées Akira Ransomware Group Rakes in $42m, 250 Organizations Impacted (lien direct) |
Un avis conjoint d'Europol et des agences gouvernementales américaines et néerlandaises a estimé qu'Akira a fait environ 42 millions de dollars en cours de ransomware de mars 2023 à janvier 2024
A joint advisory from Europol and US and Dutch government agencies estimated that Akira made around $42m in ransomware proceeds from March 2023 to January 2024 |
Ransomware | ★★ | |
 |
2024-04-18 19:16:16 | Akira Ransomware Gang a effectué 42 millions de dollars à partir de 250 attaques depuis mars 2023: FBI Akira ransomware gang made $42 million from 250 attacks since March 2023: FBI (lien direct) |
Un avis conjoint d'Europol et des agences gouvernementales américaines et néerlandaises a estimé qu'Akira a fait environ 42 millions de dollars en cours de ransomware de mars 2023 à janvier 2024
A joint advisory from Europol and US and Dutch government agencies estimated that Akira made around $42m in ransomware proceeds from March 2023 to January 2024 |
Ransomware | ★★★★ | |
|
2024-04-18 16:47:00 | Récupérez des ransomwares en 5 minutes-nous vous apprendrez comment! Recover from Ransomware in 5 Minutes-We will Teach You How! (lien direct) |
RPO super bas avec protection continue des données: reposez-vous à quelques secondes avant une attaque
Zerto, une entreprise d'entreprise Hewlett Packard, peut vous aider à détecter et à vous remettre de ransomwares en temps réel.Cette solution exploite la protection des données continue (CDP) pour s'assurer que toutes les charges de travail ont l'objectif de point de récupération le plus bas (RPO) possible.La chose la plus précieuse à propos du CDP est qu'elle n'utilise pas
Super Low RPO with Continuous Data Protection:Dial Back to Just Seconds Before an Attack Zerto, a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use |
Ransomware | ★★ | |
 |
2024-04-18 16:39:02 | \\ 'grand volume \\' des données volées à l'agence des Nations Unies après une attaque de ransomware \\'Large volume\\' of data stolen from UN agency after ransomware attack (lien direct) |
> L'attaque n'est que la dernière d'une chaîne ciblant le corps multilatéral ces dernières années.
>The attack is just the latest in a string targeting the multilateral body in recent years. |
Ransomware | ★★ | |
|
2024-04-18 14:21:42 | Agence des Nations Unies enquêtant sur une attaque de ransomware impliquant un vol de données United Nations Agency Investigating Ransomware Attack Involving Data Theft (lien direct) |
> Programme des Nations Unies (PNUD) Enquêtant sur une attaque de ransomware dans laquelle les pirates ont volé des données sensibles.
>United Nations Development Programme (UNDP) investigating a ransomware attack in which hackers stole sensitive data. |
Ransomware | ★★★ | |
|
2024-04-18 14:11:29 | FBI: Akira Ransomware a récolté 42 millions de dollars de plus de 250 victimes FBI: Akira ransomware raked in $42 million from 250+ victims (lien direct) |
Selon un avis conjoint du FBI, de la CISA, du centre de cybercriminalité européen d'Europol (EC3) et du National Cyber Security Center (NCSC-NL), l'opération Ransomware Akira a violé les réseaux de plus de 250les organisations et ont ratissé environ 42 millions de dollars en paiements de rançon.[...]
According to a joint advisory from the FBI, CISA, Europol\'s European Cybercrime Centre (EC3), and the Netherlands\' National Cyber Security Centre (NCSC-NL), the Akira ransomware operation has breached the networks of over 250 organizations and raked in roughly $42 million in ransom payments. [...] |
Ransomware | ★★★★ | |
|
2024-04-18 11:30:39 | 180k touchés par la violation de données à l'organisation de la santé du Michigan 180k Impacted by Data Breach at Michigan Healthcare Organization (lien direct) |
> Cherry Health indique que les informations personnelles de plus de 180 000 personnes ont été volées dans une attaque de ransomware.
>Cherry Health says the personal information of over 180,000 individuals was stolen in a ransomware attack. |
Ransomware Data Breach Medical | ★★★ | |
 |
2024-04-18 09:27:16 | CVSS score 10! Atlassian Confluence Linux instances targeted with Cerber ransomware (lien direct) | CVSS score 10! Atlassian Confluence Linux instances targeted with Cerber ransomware by Sylvain Cortes, VP Strategy, Hackuity - Security Vulnerability | Ransomware | ★★ | |
|
2024-04-17 19:17:10 | \\ 'brut \\' outils de ransomware proliférant sur le Web sombre pour pas cher, les chercheurs trouvent \\'Crude\\' ransomware tools proliferating on the dark web for cheap, researchers find (lien direct) |
CVSS score 10! Atlassian Confluence Linux instances targeted with Cerber ransomware by Sylvain Cortes, VP Strategy, Hackuity - Security Vulnerability | Ransomware Tool | ★★ | |
|
2024-04-17 17:17:53 | L'agence des Nations Unies affirme que les données ont été volées dans l'attaque des ransomwares UN agency says data stolen in ransomware attack (lien direct) |
CVSS score 10! Atlassian Confluence Linux instances targeted with Cerber ransomware by Sylvain Cortes, VP Strategy, Hackuity - Security Vulnerability | Ransomware | ★★ | |
 |
2024-04-17 17:00:47 | La menace évolutive des ransomwares - un appel à l'action pour la cybersécurité The Evolving Threat of Ransomware - A Call to Action for Cybersecurity (lien direct) |
> Témoignage devant le sous-comité des services financiers de la Chambre sur la sécurité nationale, la finance illicite et les institutions financières internationales sur les ransomwares.
>Testifying before the House Financial Services Subcommittee on National Security, Illicit Finance and International Financial Institutions on ransomware. |
Ransomware Threat | ★★ | |
|
2024-04-17 16:27:00 | Flaw atlassien critique exploité pour déployer la variante Linux de Cerber Ransomware Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (lien direct) |
Les acteurs de la menace exploitent les serveurs Atlassian non corrigés pour déployer une variante Linux du ransomware Cerber (AKA C3RB3R).
Les attaques Levier et NBSP; CVE-2023-22518 & NBSP; (Score CVSS: 9.1), une vulnérabilité de sécurité critique ayant un impact sur le centre de données de Confluence Atlassian qui permet un attaquant non authentifié pour réinitialiser la confluence et créer un compte administrateur.
Armé de cet accès, un
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account. Armed with this access, a |
Ransomware Vulnerability Threat | ★★ | |
|
2024-04-17 16:21:42 | L'Organisation des soins de santé du Michigan affirme que le ransomware a violé les données de 185 000 Michigan healthcare organization says ransomware breached data of 185,000 (lien direct) |
Les acteurs de la menace exploitent les serveurs Atlassian non corrigés pour déployer une variante Linux du ransomware Cerber (AKA C3RB3R).
Les attaques Levier et NBSP; CVE-2023-22518 & NBSP; (Score CVSS: 9.1), une vulnérabilité de sécurité critique ayant un impact sur le centre de données de Confluence Atlassian qui permet un attaquant non authentifié pour réinitialiser la confluence et créer un compte administrateur.
Armé de cet accès, un
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account. Armed with this access, a |
Ransomware Medical | ★★ | |
|
2024-04-17 16:00:00 | Variante de ransomware Linux Cerber Exploite les serveurs atlassiens Linux Cerber Ransomware Variant Exploits Atlassian Servers (lien direct) |
Les attaques exploitent CVE-2023-22518, une faille critique dans le centre de données et le serveur Atlassian Confluence
The attacks exploit CVE-2023-22518, a critical flaw in Atlassian Confluence Data Center and Server |
Ransomware Threat | ★★ | |
|
2024-04-17 11:52:40 | Cerber ransomware hits Confluence: Cado Security dissects the three heads (lien direct) | Cerber Ransomware frappe Confluence: Cado Security dissèque les trois têtes
-
mise à jour malveillant
Cerber ransomware hits Confluence: Cado Security dissects the three heads - Malware Update |
Ransomware | ★★ | |
|
2024-04-17 08:21:29 | Tendances mondiales de la cybersécurité au 1er trimestre 2024 : les cyberattaques en hausse de 28 % dans le monde (lien direct) | Tendances mondiales de la cybersécurité au 1er trimestre 2024 : les cyberattaques en hausse de 28 % dans le monde Une recrudescence des cyberattaques : au premier trimestre 2024, le nombre moyen de cyberattaques par entreprise a augmenté de 28 % par rapport à fin 2023, avec toutefois une hausse de 5 % au premier trimestre en glissement annuel La priorité aux attaques de l'industrie : les fabricants de matériel informatique ont vu une augmentation substantielle de 37 % des cyberattaques par rapport à l'année précédente, mais les secteurs de l'éducation/recherche, du gouvernement/militaire et de la santé restent les secteurs les plus attaqués au 1er trimestre 2024 Des variations régionales contrastées : la région de l'Afrique a enregistré une hausse notable de 20 % des cyberattaques contrairement à l'Amérique latine, qui a de son côté fait état d'une baisse de 20 % par rapport à l'année précédente Les ransomwares continuent de faire des ravages : en Europe, les attaques de ransomware ont augmenté de 64 % par rapport à l'année précédente, suivies par l'Afrique avec une hausse de 18 % même si l'Amérique du Nord reste la région la plus touchée, avec 59 % des près de 1 000 attaques de ransomware enregistrées sur des " shame sites " du ransomware - Malwares | Ransomware Studies | ★★★ | |
|
2024-04-16 21:12:45 | L'ancien responsable du cyber house blanc dit que l'interdiction de paiement des ransomwares Ex-White House cyber official says ransomware payment ban is a ways off (lien direct) |
> Kemba Walden, l'ancien directeur national du cyber, a déclaré qu'une interdiction de paiement de rançon est l'objectif ultime.
>Kemba Walden, the former acting national cyber director, said that a ransom payment ban is the ultimate goal. |
Ransomware | ★★ | |
|
2024-04-16 20:45:38 | Le corps de la pêche de l'Atlantique confirme le cyber-incident après une infraction au gang ransomware de 8 basses Atlantic fisheries body confirms cyber incident after 8Base ransomware gang claims breach (lien direct) |
> Kemba Walden, l'ancien directeur national du cyber, a déclaré qu'une interdiction de paiement de rançon est l'objectif ultime.
>Kemba Walden, the former acting national cyber director, said that a ransom payment ban is the ultimate goal. |
Ransomware | ★★ | |
|
2024-04-16 20:18:19 | Le Congrès se répercute contre UnitedHealth Group après une attaque de ransomware Congress rails against UnitedHealth Group after ransomware attack (lien direct) |
> Les législateurs de la Chambre soutiennent que la consolidation croissante dans le secteur des soins de santé a créé des vulnérabilités aux cyberattaques.
>House lawmakers argue that growing consolidation in the health care sector has created vulnerabilities to cyberattacks. |
Ransomware Vulnerability | ★★ | |
|
2024-04-16 19:33:34 | Le secteur de l'alimentation et de l'agriculture a frappé avec plus de 160 attaques de ransomwares l'année dernière Food and agriculture sector hit with more than 160 ransomware attacks last year (lien direct) |
> Les législateurs de la Chambre soutiennent que la consolidation croissante dans le secteur des soins de santé a créé des vulnérabilités aux cyberattaques.
>House lawmakers argue that growing consolidation in the health care sector has created vulnerabilities to cyberattacks. |
Ransomware | ★★★ | |
 |
2024-04-16 19:09:01 | Changer le nouveau Ransomware Nightmare de Healthcare \\ va de mal en pis Change Healthcare\\'s New Ransomware Nightmare Goes From Bad to Worse (lien direct) |
Un gang cybercriminal appelé RansomHub prétend vendre des informations très sensibles sur les patients de Change Healthcare à la suite d'une attaque de ransomware par un autre groupe en février.
A cybercriminal gang called RansomHub claims to be selling highly sensitive patient information stolen from Change Healthcare following a ransomware attack by another group in February. |
Ransomware Medical | ★★ | |
 |
2024-04-16 18:00:00 | Couverture des menaces de netskope: ransomware de fourmis maléfique Netskope Threat Coverage: Evil Ant Ransomware (lien direct) |
> Résumé Netskope Threat Labs a récemment analysé une nouvelle souche de ransomware nommée Evil Ant.Evil Ant Ransomware est un logiciel malveillant basé sur Python compilé à l'aide de Pyinstaller qui cherche à crypter tous les fichiers stockés sur les dossiers personnels et les lecteurs externes de la victime.Cette souche de ransomware nécessite la continuité du traitement du chiffrement jusqu'à la récupération du fichier.Redémarrer, fermer ou mettre fin au [& # 8230;]
>Summary Netskope Threat Labs recently analyzed a new ransomware strain named Evil Ant. Evil Ant ransomware is a Python-based malware compiled using PyInstaller that looks to encrypt all files stored on the victim’s personal folders and external drives. This ransomware strain requires process continuity from encryption until file recovery. Rebooting, shutting down, or ending the […] |
Ransomware Malware Threat | ★★ | |
|
2024-04-16 15:45:34 | Ransomware Attack a coûté à UnitedHealth 872 millions de dollars;Total s'attendait à dépasser 1 milliard de dollars Ransomware attack has cost UnitedHealth $872 million; total expected to surpass $1 billion (lien direct) |
> Résumé Netskope Threat Labs a récemment analysé une nouvelle souche de ransomware nommée Evil Ant.Evil Ant Ransomware est un logiciel malveillant basé sur Python compilé à l'aide de Pyinstaller qui cherche à crypter tous les fichiers stockés sur les dossiers personnels et les lecteurs externes de la victime.Cette souche de ransomware nécessite la continuité du traitement du chiffrement jusqu'à la récupération du fichier.Redémarrer, fermer ou mettre fin au [& # 8230;]
>Summary Netskope Threat Labs recently analyzed a new ransomware strain named Evil Ant. Evil Ant ransomware is a Python-based malware compiled using PyInstaller that looks to encrypt all files stored on the victim’s personal folders and external drives. This ransomware strain requires process continuity from encryption until file recovery. Rebooting, shutting down, or ending the […] |
Ransomware | ★★ | |
 |
2024-04-16 12:59:00 | Changer les soins de santé \\'s Ransomware coûte que les coûts de 1 milliard de dollars jusqu'à présent Change Healthcare\\'s ransomware attack costs edge toward $1B so far (lien direct) |
Le premier aperçu de l'attaque Financials révèle d'énormes douleurs UnitedHealth, société mère de Ransomware-Beeged Change Healthcare, indique que les coûts totaux de la tenue de la cyberattaque de février pour le premier trimestre civil de 2024 se situe actuellement à 872 $ à 872 $.millions.… | Ransomware Medical | ★★ | |
|
2024-04-16 10:53:04 | Omni Hotels dit des informations personnelles volées dans une attaque de ransomware Omni Hotels Says Personal Information Stolen in Ransomware Attack (lien direct) |
> Omni Hotels affirme que les informations sur les clients ont été compromises dans une cyberattaque affirmée par le groupe de ransomware de l'équipe de Daixin.
>Omni Hotels says customer information was compromised in a cyberattack claimed by the Daixin Team ransomware group. |
Ransomware | ★★ | |
|
2024-04-16 10:24:54 | UnitedHealth: Change Healthcare Cyberattack a provoqué une perte de 872 millions de dollars UnitedHealth: Change Healthcare cyberattack caused $872 million loss (lien direct) |
UnitedHealth Group a déclaré un impact de 872 millions de dollars sur ses bénéfices du premier trimestre en raison de l'attaque des ransomwares perturbant le système de santé américain depuis février.[...]
UnitedHealth Group reported an $872 million impact on its Q1 earnings due to the ransomware attack disrupting the U.S. healthcare system since February. [...] |
Ransomware Medical | ★★★ | |
 |
2024-04-15 20:47:50 | Crowdstrike Falcon Next-Gen SIEM dévoile une détection avancée de ransomware ciblant les environnements VMware ESXi CrowdStrike Falcon Next-Gen SIEM Unveils Advanced Detection of Ransomware Targeting VMware ESXi Environments (lien direct) |
Crowdsstrike Falcon & Reg;La nouvelle génération SIEM permet aux entreprises de rechercher, d'enquêter et de chasser les menaces, y compris la détection de ransomware avancés ciblant VMware ESXi l'accès initial à l'infrastructure ESXi est généralement acquis par un mouvement latéral en utilisant des informations d'identification valides cibler et déploier des ransomwares dans les environnements ESXI pour augmenter leImpact et échelle de leurs attaques, qui [& # 8230;]
CrowdStrike Falcon® Next-Gen SIEM enables companies to search, investigate and hunt down threats, including detection of advanced ransomware targeting VMware ESXi Initial access to the ESXi infrastructure1 is typically gained through lateral movement using valid credentials eCrime actors target and deploy ransomware in ESXi environments to increase the impact and scale of their attacks, which […] |
Ransomware | ★★★ | |
 |
2024-04-15 15:15:00 | Faits saillants hebdomadaires, 15 avril 2024 Weekly OSINT Highlights, 15 April 2024 (lien direct) |
## Snapshot Last week\'s OSINT reporting reveals a landscape of diverse cyber threats characterized by sophisticated attack tactics and adaptable threat actors. One key trend was the increasing use of artificial intelligence (AI) by cybercriminals, including AI-powered malvertising on social media platforms and suspected LLM-generated content in a malware campaign targeting German organizations. Additionally, several OSINT articles reported on the trend of exploiting popular platforms like YouTube and GitHub to distribute malware. Threat actors demonstrate a keen understanding of user behavior, leveraging enticing content and fake webpages to lure victims into downloading malicious payloads, highlighting the importance of proactive defense strategies to mitigate evolving threats effectively. ## Description 1. **[German Organizations Targeted with Rhadamanthys Malware](https://security.microsoft.com/intel-explorer/articles/119bde85):** Proofpoint identifies TA547 launching an email campaign targeting German organizations with Rhadamanthys malware, representing a shift in techniques for the threat actor. The campaign involves impersonating a German retail company in emails containing password-protected ZIP files containing LNK files triggering PowerShell scripts to load Rhadamanthys into memory, bypassing disk writing. The incorporation of suspected LLM-generated content into the attack chain provides insight into how threat actors are leveraging LLM-generated content in malware campaigns. 2. **[Russian-Language Cybercrime Operation Leveraging Fake Web3 Gaming Projects](https://security.microsoft.com/intel-explorer/articles/0cdc08b5):** The Insikt Group uncovers a large-scale Russian-language cybercrime operation distributing infostealer malware through fake Web3 gaming projects targeting both macOS and Windows users. Threat actors entice users with the potential for cryptocurrency earnings, distributing malware like Atomic macOS Stealer (AMOS), Stealc, Rhadamanthys, or RisePro upon visiting imitation Web3 gaming projects\' webpages. 3. **[AI-Powered Malvertising Campaigns on Social Media](https://security.microsoft.com/intel-explorer/articles/1e1b0868):** Bitdefender discusses the use of artificial intelligence (AI) by cybercriminals in malvertising campaigns on social media platforms, impersonating popular AI software to distribute stealers like Rilide, Vidar, IceRAT, and Nova Stealer. These campaigns target European users through fake AI software webpages on Facebook, organized by taking over existing accounts and boosting page popularity through engaging content. 4. **[Exploitation of YouTube Channels for Infostealer Distribution](https://security.microsoft.com/intel-explorer/articles/e9f5e219):** AhnLab identifies a trend where threat actors exploit YouTube channels to distribute Infostealers like Vidar and LummaC2, disguising them as cracked versions of legitimate software. Attackers hijack popular channels with hundreds of thousands of subscribers, distributing malicious links through video descriptions and comments, highlighting concerns about the potential reach and impact of distributed malware. 5. **[VenomRAT Distribution via Phishing Email with Malicious SVG Files](https://security.microsoft.com/intel-explorer/articles/98d69c76):** FortiGuard Labs reveals a threat actor distributing VenomRAT and other plugins through phishing emails containing malicious Scalable Vector Graphics (SVG) files. The email attachment downloads a ZIP file containing an obfuscated Batch file, subsequently loading VenomRAT using ScrubCrypt to maintain a connection with a command and control (C2) server and install plugins on victims\' environments. 6. **[Malware Distribution through GitHub Repositories Manipulation](https://security.microsoft.com/intel-explorer/articles/4d0ffb2c):** Checkmarx reports a cybercriminal attack campaign manipulating GitHub\'s search functionality to distribute malware through repositories. Attackers create repositories with popular names and topics, hiding malicious code withi | Ransomware Spam Malware Tool Threat Prediction | ★★ | |
|
2024-04-15 12:35:00 | Chipmaker Giant Nexperia confirme la cyberattaque au milieu des réclamations du groupe ransomware Chipmaker Giant Nexperia Confirms Cyber-Attack Amid Ransomware Group Claims (lien direct) |
Nexperia a confirmé que ses serveurs informatiques étaient accessibles par les attaquants, le groupe Ransomware Dunghill prétendant avoir volé des conceptions de puces et d'autres documents sensibles
Nexperia confirmed its IT servers were accessed by attackers, with the Dunghill ransomware group claiming to have stolen chip designs and other sensitive documents |
Ransomware | ★★ | |
|
2024-04-15 12:18:08 | La société de semi-conducteurs appartenant à des Chinois Nexperia a frappé par une attaque de ransomware Chinese-owned semiconductor company Nexperia hit by ransomware attack (lien direct) |
Nexperia a confirmé que ses serveurs informatiques étaient accessibles par les attaquants, le groupe Ransomware Dunghill prétendant avoir volé des conceptions de puces et d'autres documents sensibles
Nexperia confirmed its IT servers were accessed by attackers, with the Dunghill ransomware group claiming to have stolen chip designs and other sensitive documents |
Ransomware | ★★ | |
|
2024-04-15 12:00:01 | Chipmaker Nexperia confirme la violation après la fuite de gangs de ransomware qui divulgue Chipmaker Nexperia confirms breach after ransomware gang leaks data (lien direct) |
Le fabricant de puces néerlandais Nexperia a confirmé à la fin de la semaine dernière que les pirates ont violé son réseau en mars 2024 après qu'un gang de ransomware ait divulgué des échantillons de données prétendument volées.[...]
Dutch chipmaker Nexperia confirmed late last week that hackers breached its network in March 2024 after a ransomware gang leaked samples of allegedly stolen data. [...] |
Ransomware | ★★ | |
 |
2024-04-15 11:16:11 | 15 avril & # 8211;Rapport de renseignement sur les menaces 15th April – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyberLes principales attaques et violation du géant de l'optique japonaise Hoya Corporation ont été victimes d'une attaque de ransomware qui a eu un impact sur sa principale infrastructure informatique et diverses divisions commerciales.Hunters International Ransomware Gang a revendiqué la responsabilité de l'attaque et [& # 8230;]
>For the latest discoveries in cyber research for the week of 15th April, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Japanese optics giant Hoya Corporation has been a victim of a ransomware attack that impacted its major IT infrastructure and various business divisions. Hunters International ransomware gang claimed responsibility for the attack and […] |
Ransomware Threat | ★★ | |
|
2024-04-15 11:01:54 | Daixin Ransomware Gang affirme une attaque sur les hôtels Omni Daixin ransomware gang claims attack on Omni Hotels (lien direct) |
Le gang de ransomware de l'équipe de Daixin a revendiqué une récente cyberattaque sur Omni Hotels & Resorts et menace désormais de publier des clients sensibles si une rançon n'est pas payée.[...]
The Daixin Team ransomware gang claimed a recent cyberattack on Omni Hotels & Resorts and is now threatening to publish customers\' sensitive information if a ransom is not paid. [...] |
Ransomware | ★★ | |
 |
2024-04-15 10:00:28 | Utilisation du constructeur de verrouillage pour générer des ransomwares ciblés Using the LockBit builder to generate targeted ransomware (lien direct) |
Les chercheurs de Kaspersky revisitent le constructeur Lockbit 3.0 divulgué et partagent des informations sur un incident réel impliquant une variante de ransomware ciblée personnalisée créée avec ce constructeur.
Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder. |
Ransomware | ★★ | |
|
2024-04-13 10:30:00 | Roku Breach frappe 567 000 utilisateurs Roku Breach Hits 567,000 Users (lien direct) |
Plus: Apple prévient les utilisateurs d'iPhone des attaques de logiciels espions, la CISA émet une directive d'urgence sur une violation de Microsoft et un pirate de ransomware enchevêtrement avec un gestionnaire de RH non impressionné nommé Beth.
Plus: Apple warns iPhone users about spyware attacks, CISA issues an emergency directive about a Microsoft breach, and a ransomware hacker tangles with an unimpressed HR manager named Beth. |
Ransomware Mobile | ★★ | |
 |
2024-04-12 15:44:26 | Étude Sophos: 94% des victimes de ransomwares ont leurs sauvegardes ciblées par les attaquants Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted By Attackers (lien direct) |
La recherche a révélé que les criminels peuvent exiger une rançon plus élevée lorsqu'ils compromettent les données de sauvegarde d'une organisation dans une attaque de ransomware.Découvrez les conseils d'experts en sécurité sur la façon de protéger correctement votre sauvegarde.
Research has found that criminals can demand higher ransom when they compromise an organisation\'s backup data in a ransomware attack. Discover advice from security experts on how to properly protect your backup. |
Ransomware Studies | ★★★ | |
|
2024-04-11 14:15:24 | Le géant de l'optique Hoya a frappé avec une demande de ransomware de 10 millions de dollars Optics giant Hoya hit with $10 million ransomware demand (lien direct) |
Une récente cyberattaque sur Hoya Corporation a été réalisée par l'opération de ransomware \\ 'Hunters International \', qui exigeait une rançon de 10 millions de dollars pour un décrypteur de dossier et de ne pas publier des fichiers volés pendant l'attaque.[...]
A recent cyberattack on Hoya Corporation was conducted by the \'Hunters International\' ransomware operation, which demanded a $10 million ransom for a file decryptor and not to release files stolen during the attack. [...] |
Ransomware | ★★★ | |
 |
2024-04-11 13:00:00 | Les paiements de ransomwares atteignent un haut tous les temps, mais ce n'est pas toute l'histoire Ransomware payouts hit all-time high, but that\\'s not the whole story (lien direct) |
> Les paiements de ransomwares ont atteint un sommet de 1,1 milliard de dollars en 2023, après une forte baisse du total des paiements en 2022. Certains facteurs qui peuvent avoir contribué à la baisse en 2022 étaient le conflit ukrainautorités judiciaires.En 2023, cependant, les paiements de ransomwares sont revenus à [& # 8230;]
>Ransomware payments hit an all-time high of $1.1 billion in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities. In 2023, however, ransomware payouts came roaring back to […] |
Ransomware | ★★ | |
 |
2024-04-11 10:00:55 | Dragonforce Ransomware - ce que vous devez savoir DragonForce Ransomware - What You Need To Know (lien direct) |
Que se passe-t-il?Une souche relativement nouvelle de ransomwares appelée DragonForce a fait la une des journaux après une série d'attaques de haut niveau.Comme de nombreux autres groupes de ransomwares, Dragonforce tente d'extorquer de l'argent de ses victimes de deux manières - verrouiller les entreprises de leurs ordinateurs et de leurs données par le cryptage, et exfiltrant les données de systèmes compromis avec la menace de le libérer à d'autres via le Web Dark.Jusqu'à présent, si normal.Comment Dragonforce est-il arrivé à l'importance?La première attaque de ransomware connue de DragonForce était contre la loterie de l'Ohio.Dans ce cas, Dragonforce s'est vanté qu'il avait ...
What\'s going on? A relatively new strain of ransomware called DragonForce has making the headlines after a series of high-profile attacks. Like many other ransomware groups, DragonForce attempts to extort money from its victims in two ways - locking companies out of their computers and data through encryption, and exfiltrating data from compromised systems with the threat of releasing it to others via the dark web. So far, so normal. How did DragonForce come to prominence? DragonForce\'s earliest known ransomware attack was against the Ohio Lottery . In that case, DragonForce boasted it had... |
Ransomware Threat | ★★ | |
 |
2024-04-11 06:23:43 | FAQS de l'état de l'État 2024 du rapport Phish, partie 1: Le paysage des menaces FAQs from the 2024 State of the Phish Report, Part 1: The Threat Landscape (lien direct) |
In this two-part blog series, we will address many of the frequently asked questions submitted by attendees. In our first installment, we address questions related to the threat landscape. Understanding the threat landscape is paramount in crafting a human-centric security strategy. That\'s the goal behind our 10th annual State of the Phish report. When you know what threats are out there and how people are interacting with them, you can create a modern cybersecurity strategy that puts the complexity of human behavior and interaction at the forefront. Our report was launched a month ago. Since then, we\'ve followed up with a few webinars to discuss key findings from the report, including: Threat landscape findings: Over 1 million phishing threats involved EvilProxy, which bypasses multifactor authentication (MFA). Yet, 89% of security pros still believe that MFA provides complete protection against account takeover. BEC threat actors benefit from generative AI. Proofpoint detected and stopped over 66 million targeted business email compromise (BEC) attacks per month on average in 2023. User behavior and attitude findings: 71% of surveyed users took at least one risky action, and 96% of them knew that those actions were associated with risk. 58% of those risky actions were related to social engineering tactics. 85% of security pros believed that most employees know they are responsible for security. Yet nearly 60% of employees either weren\'t sure or disagreed. These findings inspired hundreds of questions from audiences across the world. What follows are some of the questions that repeatedly came up. Frequently asked questions What are the definitions of BEC and TOAD? Business email compromise (BEC) essentially means fraud perpetrated through email. It can take many forms, such as advance fee fraud, payroll redirection, fraudulent invoicing or even extortion. BEC typically involves a deception, such as the spoofing of a trusted third party\'s domain or the impersonation of an executive (or literally anyone the recipient trusts). BEC is hard to detect because it is generally pure social engineering. In other words, there is often no credential harvesting portal or malicious payload involved. Threat actors most often use benign conversation to engage the victim. Once the victim is hooked, attackers then convince that person to act in favor of them, such as wiring money to a specified account. Similarly, telephone-oriented attack delivery (TOAD) attacks also use benign conversations. But, in this case, a threat actor\'s goal is to motivate the victim to make a phone call. From there, they will walk their target through a set of steps, which usually involve tricking the victim into giving up their credentials or installing a piece of malware on their computer. TOAD attacks have been associated with high-profile malware families known to lead to ransomware, as well as with a wide variety of remote access tools like AnyDesk that provide the threat actors direct access to victims\' machines. The end goal might still be fraud; for example, there have been cases where payment was solicited for “IT services” or software (Norton LifeLock). But the key differentiator for TOAD, compared with BEC, is the pivot out of the email space to a phone call., is the pivot out of the email space to the phone. What is the difference between TOAD and vishing? TOAD often starts with an email and requires victims to call the fraudulent number within that email. Vishing, on the other hand, generally refers to fraudulent solicitation of personally identifiable information (PII) and may or may not involve email (it could result from a direct call). Some TOAD attempts may fall into this category, but most perpetrators focus on getting software installed on a victim\'s machine. How do you see artificial intelligence (AI) affecting phishing? What are security best practices to help defend against these novel phishing attacks? AI allows threat actors to tighten up grammatical and s | Ransomware Malware Tool Threat Cloud Technical | ★★★ | |
|
2024-04-10 20:26:45 | Les universités du Nouveau-Mexique, l'Oklahoma répondent aux attaques de ransomwares Universities in New Mexico, Oklahoma respond to ransomware attacks (lien direct) |
In this two-part blog series, we will address many of the frequently asked questions submitted by attendees. In our first installment, we address questions related to the threat landscape. Understanding the threat landscape is paramount in crafting a human-centric security strategy. That\'s the goal behind our 10th annual State of the Phish report. When you know what threats are out there and how people are interacting with them, you can create a modern cybersecurity strategy that puts the complexity of human behavior and interaction at the forefront. Our report was launched a month ago. Since then, we\'ve followed up with a few webinars to discuss key findings from the report, including: Threat landscape findings: Over 1 million phishing threats involved EvilProxy, which bypasses multifactor authentication (MFA). Yet, 89% of security pros still believe that MFA provides complete protection against account takeover. BEC threat actors benefit from generative AI. Proofpoint detected and stopped over 66 million targeted business email compromise (BEC) attacks per month on average in 2023. User behavior and attitude findings: 71% of surveyed users took at least one risky action, and 96% of them knew that those actions were associated with risk. 58% of those risky actions were related to social engineering tactics. 85% of security pros believed that most employees know they are responsible for security. Yet nearly 60% of employees either weren\'t sure or disagreed. These findings inspired hundreds of questions from audiences across the world. What follows are some of the questions that repeatedly came up. Frequently asked questions What are the definitions of BEC and TOAD? Business email compromise (BEC) essentially means fraud perpetrated through email. It can take many forms, such as advance fee fraud, payroll redirection, fraudulent invoicing or even extortion. BEC typically involves a deception, such as the spoofing of a trusted third party\'s domain or the impersonation of an executive (or literally anyone the recipient trusts). BEC is hard to detect because it is generally pure social engineering. In other words, there is often no credential harvesting portal or malicious payload involved. Threat actors most often use benign conversation to engage the victim. Once the victim is hooked, attackers then convince that person to act in favor of them, such as wiring money to a specified account. Similarly, telephone-oriented attack delivery (TOAD) attacks also use benign conversations. But, in this case, a threat actor\'s goal is to motivate the victim to make a phone call. From there, they will walk their target through a set of steps, which usually involve tricking the victim into giving up their credentials or installing a piece of malware on their computer. TOAD attacks have been associated with high-profile malware families known to lead to ransomware, as well as with a wide variety of remote access tools like AnyDesk that provide the threat actors direct access to victims\' machines. The end goal might still be fraud; for example, there have been cases where payment was solicited for “IT services” or software (Norton LifeLock). But the key differentiator for TOAD, compared with BEC, is the pivot out of the email space to a phone call., is the pivot out of the email space to the phone. What is the difference between TOAD and vishing? TOAD often starts with an email and requires victims to call the fraudulent number within that email. Vishing, on the other hand, generally refers to fraudulent solicitation of personally identifiable information (PII) and may or may not involve email (it could result from a direct call). Some TOAD attempts may fall into this category, but most perpetrators focus on getting software installed on a victim\'s machine. How do you see artificial intelligence (AI) affecting phishing? What are security best practices to help defend against these novel phishing attacks? AI allows threat actors to tighten up grammatical and s | Ransomware | ★★ | |
|
2024-04-10 17:42:30 | Le gang de Medusa frappe à nouveau, frappe près de 300 propriétaires de Fort Worth Medusa Gang Strikes Again, Hits Nearly 300 Fort Worth Property Owners (lien direct) |
Bien qu'une agence municipale assure au public que peu de gens sont touchés, des centaines ont leurs données rançonnées pour 100 000 $ par le gang de ransomware.
Though a municipal agency assures the public that few are affected, hundreds have their data held ransom for $100,000 by the ransomware gang. |
Ransomware | ★★★ | |
|
2024-04-10 15:00:12 | Après avoir échoué une attaque de ransomware, les pirates ont volé des données sur 533k de personnes de la Wisconsin Insurance Company After failed ransomware attack, hackers stole data on 533k people from Wisconsin insurance company (lien direct) |
L'une des plus grandes compagnies d'assurance maladie du Wisconsin a déclaré que les pirates qui avaient lancé une attaque de ransomware défaillante étaient toujours en mesure de voler des trox d'informations sensibles sur plus d'un demi-million de personnes.Dans des avis sur son site Web et avec les régulateurs, Group Health Cooperative du South Central Wisconsin (GHC-SCW) a déclaré que son équipe informatique a découvert
One of the largest health insurance companies in Wisconsin said hackers that launched a failed ransomware attack were still able to steal troves of sensitive information on more than half a million people. In notices on its website and with regulators, Group Health Cooperative of South Central Wisconsin (GHC-SCW) said its IT team discovered |
Ransomware Data Breach | ★★ | |
|
2024-04-10 13:00:24 | Changements de paysages d'attaque et de secteurs au T1 2024 avec une augmentation de 28% des cyberattaques à l'échelle mondiale Shifting Attack Landscapes and Sectors in Q1 2024 with a 28% increase in cyber attacks globally (lien direct) |
> Augmentation récurrente des cyberattaques: le premier trimestre 2024 a connu une augmentation marquée de 28% du nombre moyen de cyberattaques par organisation à partir du dernier trimestre de 2023, bien qu'une augmentation de 5% de la fonction d'attaques soutenues par l'industrie soutenue: le fournisseur de matérielL'industrie a connu une augmentation substantielle de 37% de cyberattaques en glissement annuel, alors que le secteur de l'éducation / de la recherche, du gouvernement / militaire et de la santé a maintenu ses pistes en tant que secteurs les plus attaqués du premier trimestre 2024, contrastant les variances régionales: la région de l'Afrique a connu une augmentation notable de 20% dansLes cyberattaques, par opposition à l'Amérique latine, qui ont signalé une diminution de 20% des ransomwares en YOY continue de monter: l'Europe [& # 8230;]
>Recurring increase in cyber attacks: Q1 2024 saw a marked 28% increase in the average number of cyber attacks per organization from the last quarter of 2023, though a 5% increase in Q1 YoY Sustained Industry Attacks focus: The Hardware Vendor industry saw a substantial rise of 37% cyber attacks YoY, as the Education/Research, Government/Military and Healthcare sector maintained their leads as the most heavily attacked sectors in Q1 2024 Contrasting Regional Variances: The Africa region saw a notable 20% increase in cyber attacks, as opposed to Latin America, which reported a 20% decrease YoY Ransomware continues to surge: Europe […] |
Ransomware Medical | ★★★ |
To see everything:
Our RSS (filtrered)
