What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-10 11:23:55 | (Déjà vu) March 2024\'s Most Wanted Malware: Hackers Discover New Infection Chain Method to Deliver Remcos (lien direct) | mars 2024 \\ est le malware le plus recherché: les pirates découvrent une nouvelle méthode de chaîne d'infection pour livrer des remcos
Les chercheurs ont découvert une nouvelle méthode de déploiement des remcos de Troie (rat) d'accès à distance, contournant les mesures de sécurité communes pour obtenir un accès non autorisé aux victimes \\ '.Pendant ce temps, Blackbasta est entré dans les trois premiers des groupes de ransomwares les plus recherchés et les communications ont sauté à la troisième place dans les industries les plus exploitées
-
mise à jour malveillant
March 2024\'s Most Wanted Malware: Hackers Discover New Infection Chain Method to Deliver Remcos Researchers have discovered a new method of deploying the Remote Access Trojan (RAT) Remcos, bypassing common security measures to gain unauthorised access to victims\' devices. Meanwhile, Blackbasta entered the top three of the most wanted ransomware groups and Communications jumped into third place in the most exploited industries - Malware Update |
Ransomware Malware | ★★ | |
 |
2024-04-10 10:00:00 | Les risques de sécurité du chat Microsoft Bing AI pour le moment The Security Risks of Microsoft Bing AI Chat at this Time (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. AI has long since been an intriguing topic for every tech-savvy person, and the concept of AI chatbots is not entirely new. In 2023, AI chatbots will be all the world can talk about, especially after the release of ChatGPT by OpenAI. Still, there was a past when AI chatbots, specifically Bing’s AI chatbot, Sydney, managed to wreak havoc over the internet and had to be forcefully shut down. Now, in 2023, with the world relatively more technologically advanced, AI chatbots have appeared with more gist and fervor. Almost every tech giant is on its way to producing large Language Model chatbots like chatGPT, with Google successfully releasing its Bard and Microsoft and returning to Sydney. However, despite the technological advancements, it seems that there remains a significant part of the risks that these tech giants, specifically Microsoft, have managed to ignore while releasing their chatbots. What is Microsoft Bing AI Chat Used for? Microsoft has released the Bing AI chat in collaboration with OpenAI after the release of ChatGPT. This AI chatbot is a relatively advanced version of ChatGPT 3, known as ChatGPT 4, promising more creativity and accuracy. Therefore, unlike ChatGPT 3, the Bing AI chatbot has several uses, including the ability to generate new content such as images, code, and texts. Apart from that, the chatbot also serves as a conversational web search engine and answers questions about current events, history, random facts, and almost every other topic in a concise and conversational manner. Moreover, it also allows image inputs, such that users can upload images in the chatbot and ask questions related to them. Since the chatbot has several impressive features, its use quickly spread in various industries, specifically within the creative industry. It is a handy tool for generating ideas, research, content, and graphics. However, one major problem with its adoption is the various cybersecurity issues and risks that the chatbot poses. The problem with these cybersecurity issues is that it is not possible to mitigate them through traditional security tools like VPN, antivirus, etc., which is a significant reason why chatbots are still not as popular as they should be. Is Microsoft Bing AI Chat Safe? Like ChatGPT, Microsoft Bing Chat is fairly new, and although many users claim that it is far better in terms of responses and research, its security is something to remain skeptical over. The modern version of the Microsoft AI chatbot is formed in partnership with OpenAI and is a better version of ChatGPT. However, despite that, the chatbot has several privacy and security issues, such as: The chatbot may spy on Microsoft employees through their webcams. Microsoft is bringing ads to Bing, which marketers often use to track users and gather personal information for targeted advertisements. The chatbot stores users\' information, and certain employees can access it, which breaches users\' privacy. - Microsoft’s staff can read chatbot conversations; therefore, sharing sensitive information is vulnerable. The chatbot can be used to aid in several cybersecurity attacks, such as aiding in spear phishing attacks and creating ransomware codes. Bing AI chat has a feature that lets the chatbot “see” what web pages are open on the users\' other tabs. The chatbot has been known to be vulnerable to prompt injection attacks that leave users vulnerable to data theft and scams. Vulnerabilities in the chatbot have led to data le | Ransomware Tool Vulnerability | ChatGPT | ★★ |
 |
2024-04-09 16:54:00 | Cl0p \\'s Ransomware Rampage - Mesures de sécurité pour 2024 CL0P\\'s Ransomware Rampage - Security Measures for 2024 (lien direct) |
2023 CL0P Growth & NBSP;
Émergeant début 2019, CL0P a été présenté pour la première fois comme une version plus avancée de son prédécesseur le ransomware \\ 'Cryptomix \', provoqué par son propriétaire Ransomware CL0P, une organisation de cybercriminalité.Au fil des ans, le groupe est resté actif avec des campagnes importantes de 2020 à 2022. Mais en 2023, le gang de ransomware CL0P s'est amené à de nouveaux sommets et est devenu l'un des
2023 CL0P Growth Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the \'CryptoMix\' ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 to 2022. But in 2023 the CL0P ransomware gang took itself to new heights and became one of the |
Ransomware | ★★ | |
 |
2024-04-09 15:16:07 | Genios de la société de base de données allemande confirme l'attaque des ransomwares German database company Genios confirms ransomware attack (lien direct) |
GBI Genios, une société de base de données utilisé par de nombreuses organisations de médias en Allemagne, a annoncé mardi que ses serveurs n'étaient pas disponibles «en raison d'une attaque de pirate massive».Dans un article sur LinkedIn, Genios a déclaré que l'incident était une attaque de ransomware et a mis en garde: "Malheureusement, nous devons assumer une panne pendant plusieurs jours."«Nos options de communication sont
GBI Genios, a database company used by numerous media organizations in Germany, announced on Tuesday its servers were unavailable “due to a massive hacker attack.” In a post on LinkedIn, Genios said the incident was a ransomware attack and cautioned, “unfortunately we have to assume an outage for several days.” “Our communication options are |
Ransomware | ★★ | |
|
2024-04-09 14:03:25 | Les chercheurs découvrent un nouveau gang de ransomware \\ 'muliaka \\' attaquant des entreprises russes Researchers discover new ransomware gang \\'Muliaka\\' attacking Russian businesses (lien direct) |
Un gang de ransomware auparavant inconnu a attaqué les entreprises russes avec des logiciels malveillants basés sur le code source divulgué du groupe de piratage Conti.Le gang, que les chercheurs de la société de cybersécurité basée à Moscou F.A.C.C.T.ont surnommé «muliaka» ou eau boueuse en anglais, a laissé des traces minimales de ses attaques mais a probablement été active depuis
A previously unknown ransomware gang has been attacking Russian businesses with malware based on the leaked source code from the Conti hacking group. The gang, which researchers at the Moscow-based cybersecurity company F.A.C.C.T. have dubbed “Muliaka," or Muddy Water in English, has left minimal traces from its attacks but has likely been active since |
Ransomware Malware | ★★ | |
 |
2024-04-09 14:00:00 | Cadres, directives et ampli;Les primes à elles seules ont vaincu les ransomwares de vaincre Frameworks, Guidelines & Bounties Alone Won\\'t Defeat Ransomware (lien direct) |
Nous avons besoin de plus que des approches de «bricolage» des menaces qui atteignent clairement le niveau des problèmes de sécurité nationale.
We need more than "do-it-yourself" approaches to threats that clearly rise to the level of national security issues. |
Ransomware | ★★ | |
|
2024-04-09 13:04:47 | Panzura, LLC a annoncé la disponibilité de la détection et du sauvetage de Panzura Panzura, LLC announced the availability of Panzura Detect and Rescue (lien direct) |
Panzura lance une solution de détection et de récupération des ransomwares en temps réel
La détection et le sauvetage de Panzura offrent une détection des menaces de ransomware à proximité et une récupération rapide guidée par des experts, permettant aux entreprises de prendre une position proactive contre la menace croissante de ransomware
-
revues de produits
Panzura Launches Near Real-Time Ransomware Detection and Recovery Solution Panzura Detect and Rescue offers near real-time ransomware threat detection and expert-guided rapid recovery, allowing businesses to take a proactive stance against the mounting threat of ransomware - Product Reviews |
Ransomware Threat | ★★ | |
 |
2024-04-09 13:00:24 | Mars 2024 \\'s Mostware le plus recherché: les pirates découvrent une nouvelle méthode de la chaîne d'infection pour livrer des remcos March 2024\\'s Most Wanted Malware: Hackers Discover New Infection Chain Method to Deliver Remcos (lien direct) |
> Les chercheurs ont découvert une nouvelle méthode de déploiement des remcos de Troie (rat) d'accès à distance, contournant les mesures de sécurité communes pour obtenir un accès non autorisé aux victimes \\ '.Pendant ce temps, Blackbasta est entré dans les trois premiers des groupes de ransomwares les plus recherchés et les communications ont sauté à la troisième place dans les industries les plus exploitées que notre dernier indice de menace mondial pour les chercheurs de mars 2024 a révélé des pirates en utilisant des fichiers de disque dur virtuel (VHD) pour déployer un accès à distance Trojan (Rat) remcos.Pendant ce temps, Lockbit3 est resté le groupe de ransomwares le plus répandu en mars malgré le retrait des forces de l'ordre en février, bien que sa fréquence sur les 200 points de contrôle ait surveillé les ransomwares [& # 8230;]
>Researchers have discovered a new method of deploying the Remote Access Trojan (RAT) Remcos, bypassing common security measures to gain unauthorized access to victims\' devices. Meanwhile, Blackbasta entered the top three of the most wanted ransomware groups and Communications jumped into third place in the most exploited industries Our latest Global Threat Index for March 2024 saw researchers reveal hackers utilizing Virtual Hard Disk (VHD) files to deploy Remote Access Trojan (RAT) Remcos. Meanwhile, Lockbit3 remained the most prevalent ransomware group in March despite the law enforcement takedown in February, although its frequency on the 200 Check Point monitored ransomware […] |
Ransomware Malware Threat Legislation | ★★ | |
|
2024-04-09 12:53:08 | MEDUSA Cybercrime Gang prend le crédit pour une autre attaque contre la municipalité américaine Medusa cybercrime gang takes credit for another attack on US municipality (lien direct) |
Le MEDUSA Ransomware Group affirme qu'il est responsable d'une attaque contre une agence gouvernementale au Texas. & NBSP;Le district d'évaluation du comté de Tarrant - qui détermine la valeur des propriétés à des fins fiscales dans la région de Fort Worth - a confirmé à la future nouvelle enregistrée il y a deux semaines qu'il a été victime d'une attaque de ransomware. & Nbsp;Sur
The Medusa ransomware group says it is responsible for an attack on a government agency in Texas. The Tarrant County Appraisal District - which determines property values for tax purposes in the Fort Worth area - confirmed to Recorded Future News two weeks ago that it was a victim of a ransomware attack. On |
Ransomware | ★★ | |
 |
2024-04-09 10:18:23 | Deuxième groupe de ransomwares extorquant le changement de santé Second Ransomware Group Extorting Change Healthcare (lien direct) |
> RansomHub extorque les soins de santé des changements, menaçant de publier des données volées dans une attaque de ransomware Blackcat de février 2024.
>RansomHub is extorting Change Healthcare, threatening to release data stolen in a February 2024 BlackCat ransomware attack. |
Ransomware Medical | ★★ | |
|
2024-04-09 10:00:00 | La menace cachée à la vue: analyse des attaques sous-textuelles dans les communications numériques The Hidden Threat in Plain Sight: Analyzing Subtextual Attacks in Digital Communications (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In our always-online world, we\'re facing a new kind of cyber threat that\'s just as sneaky as it is harmful: subtextual attacks. These aren\'t your run-of-the-mill security breaches; they\'re cunningly crafted messages that may look harmless—but they actually carry a dangerous payload within them. Join me as we take a closer look at this under-the-radar, but still dangerous, threat. We\'ll explore how these deceptive messages can sneak past our defenses, trick people into taking unwanted actions, and steal sensitive information without ever tripping an alarm. The Rise of Subtextual Attacks Unlike traditional cyber attacks, which are often direct and identifiable, subtextual attacks rely on subtlety and deception. Attackers craft messages that on the surface appear harmless or unrelated to any malicious activity. However, embedded within these communications are instructions, links, or information that can compromise security, manipulate behavior, or extract sensitive data. And not only is big data paramount in advertising and other avenues, but it’s also like keeping everything in your wallet—it’s convenient, helpful even, but signals to attackers that you’re indeed willing to put all your eggs in one basket when it comes to communications. These attacks exploit the nuances of language and context and require a sophisticated understanding of human communication and digital interaction patterns. For instance, a seemingly benign email might include a specific choice of words or phrases that, when interpreted correctly, reveal a hidden command or a disguised link to a malicious site. Psychological Manipulation Through Subtext Subtextual attacks also leverage psychological manipulation, influencing individuals to act in ways that compromise security or divulge confidential information. By understanding the psychological triggers and behavioral patterns of targets, attackers craft messages that subtly guide the recipient\'s actions. For instance, an attacker might use social engineering techniques combined with subtextual cues to convince a user to bypass normal security protocols. An email that seems to come from a trusted colleague or superior, containing subtle suggestions or cues, can be more effective in eliciting certain actions than a direct request or command. Attackers can also exploit the principle of urgency or scarcity, embedding subtle cues in communications that prompt the recipient to act quickly, bypassing their usual critical thinking or security procedures. The Evolution of Digital Forensics To combat the growing rise of subtextual attacks, the field of digital forensics has evolved significantly over the past decade. Initially focused on recovering and analyzing electronic information to investigate crime, digital forensics now incorporates advanced linguistic analysis, data pattern recognition, and machine learning to detect hidden threats. Modern digital forensic tools can analyze vast qua | Ransomware Tool Vulnerability Threat Medical | ★★ | |
|
2024-04-08 20:49:32 | Round 2: Modifier les soins de santé ciblés dans la deuxième attaque de ransomware Round 2: Change Healthcare Targeted in Second Ransomware Attack (lien direct) |
RansomHub, qui est supposé avoir un certain lien avec ALPHV, a volé 4 To de données sensibles de la société de soins de santé assiégée.
RansomHub, which is speculated to have some connection to ALPHV, has stolen 4TB of sensitive data from the beleaguered healthcare company. |
Ransomware Medical | ★★ | |
|
2024-04-08 19:32:02 | \\ 'ils mentent \\': Palau nie les allégations de Ransomware Gang au cours de la cyberattaque récente \\'They\\'re lying\\': Palau denies claims by ransomware gang over recent cyberattack (lien direct) |
Le gouvernement de Palau a nié plusieurs nouvelles affirmations par un gang de ransomware que les deux parties étaient en contact à la suite d'une attaque le mois dernier. & NBSP;Le gang de ransomware de Dragonforce a officiellement publié des Palao sur son site de fuite dimanche, menaçant de publier des données volées au gouvernement de l'île de la nation \\ en trois jours. & Nbsp;Le groupe a répondu à un
The government of Palau denied several new claims by a ransomware gang that the two sides were in contact following an attack last month. The DragonForce ransomware gang officially posted Palau to its leak site on Sunday, threatening to publish data stolen from the island-nation\'s government in three days. The group responded to a |
Ransomware | ★★ | |
|
2024-04-08 16:53:00 | La baisse des attaques des ransomwares en 2024 et ce que cela signifie The Drop in Ransomware Attacks in 2024 and What it Means (lien direct) |
L'industrie & nbsp; les ransomwares ont bondi en 2023 & NBSP; car il a vu une augmentation alarmante de 55,5% des victimes du monde entier, atteignant une échelle de 5 070. & NBSP; Mais 2024 commence à montrer une image très différente. & NBSP; Alors que les chiffres sont en flèche au quatrième trimestre 2023 avec 1309 cas., au premier trimestre 2024, l'industrie du ransomware était tombée à 1 048 cas.Il s'agit d'une diminution de 22% des attaques de ransomwares par rapport au T4 2023.
Chiffre
The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023. Figure |
Ransomware | ★★★ | |
 |
2024-04-08 15:09:15 | Faits saillants hebdomadaires, 8 avril 2024 Weekly OSINT Highlights, 8 April 2024 (lien direct) |
Last week\'s OSINT reporting reveals several key trends emerge in the realm of cybersecurity threats. Firstly, there is a notable diversification and sophistication in attack techniques employed by threat actors, ranging from traditional malware distribution through phishing emails to advanced methods like DLL hijacking and API unhooking for evading detection. Secondly, the threat landscape is characterized by the presence of various actors, including state-sponsored groups like Earth Freybug (a subset of APT41) engaging in cyberespionage and financially motivated attacks, as well as cybercrime actors orchestrating malware campaigns such as Agent Tesla and Rhadamanthys. Thirdly, the targets of these attacks span across different sectors and regions, with organizations in America, Australia, and European countries facing significant threats. Additionally, the emergence of cross-platform malware like DinodasRAT highlights the adaptability of threat actors to target diverse systems, emphasizing the need for robust cybersecurity measures across all platforms. Overall, these trends underscore the dynamic and evolving nature of cyber threats, necessitating continuous vigilance and proactive defense strategies from organizations and cybersecurity professionals. **1. [Latrodectus Loader Malware Overview](https://sip.security.microsoft.com/intel-explorer/articles/b4fe59bf)** Latrodectus is a new downloader malware, distinct from IcedID, designed to download payloads and execute arbitrary commands. It shares characteristics with IcedID, indicating possible common developers. **2. [Earth Freybug Cyberespionage Campaign](https://sip.security.microsoft.com/intel-explorer/articles/327771c8)** Earth Freybug, a subset of APT41, engages in cyberespionage and financially motivated attacks since at least 2012. The attack involved sophisticated techniques like DLL hijacking and API unhooking to deploy UNAPIMON, evading detection and enabling malicious commands execution. **3. [Agent Tesla Malware Campaign](https://sip.security.microsoft.com/intel-explorer/articles/cbdfe243)** Agent Tesla malware targets American and Australian organizations through phishing campaigns aimed at stealing email credentials. Check Point Research identified two connected cybercrime actors behind the operation. **4. [DinodasRAT Linux Version Analysis](https://sip.security.microsoft.com/intel-explorer/articles/57ab8662)** DinodasRAT, associated with the Chinese threat actor LuoYu, is a cross-platform backdoor primarily targeting Linux servers. The latest version introduces advanced evasion capabilities and is installed to gain additional footholds in networks. **5. [Rhadamanthys Information Stealer Malware](https://sip.security.microsoft.com/intel-explorer/articles/bf8b5bc1)** Rhadamanthys utilizes Google Ads tracking to distribute itself, disguising as popular software installers. After installation, it injects into legitimate Windows files for data theft, exploiting users through deceptive ad redirects. **6. [Sophisticated Phishing Email Malware](https://sip.security.microsoft.com/intel-explorer/articles/abfabfa1)** A phishing email campaign employs ZIP file attachments leading to a series of malicious file downloads, culminating in the deployment of PowerShell scripts to gather system information and download further malware. **7. [AceCryptor Cryptors-as-a-Service (CaaS)](https://sip.security.microsoft.com/intel-explorer/articles/e3595388)** AceCryptor is a prevalent cryptor-as-a-service utilized in Rescoms campaigns, particularly in European countries. Threat actors behind these campaigns abuse compromised accounts to send spam emails, aiming to obtain credentials for further attacks. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to ge | Ransomware Spam Malware Tool Threat Cloud | APT 41 | ★★★ |
|
2024-04-08 14:04:13 | Le gouvernement britannique a exhorté à monter sur le pied avant \\ 'avec des ransomwares au lieu d'absorber les coups de poing \\' UK government urged to get on \\'forward foot\\' with ransomware instead of \\'absorbing the punches\\' (lien direct) |
Les responsables de Westminster sont invités à mettre plus d'argent derrière les opérations pour perturber les gangs de ransomware à la suite d'un nombre croissant d'attaques ayant un large éventail de services. & NBSP;L'objectif actuel du gouvernement britannique pour lutter contre la crise des ransomwares - encourageant les organisations à améliorer leur cybersécurité et à se préparer à récupérer rapidement
Officials in Westminster are being urged to put more money behind operations to disrupt ransomware gangs in the wake of a growing number of attacks impacting a wide range of services. The British government\'s current focus for tackling the ransomware crisis - encouraging organizations to improve their cybersecurity, and to prepare to recover quickly |
Ransomware | ★★ | |
 |
2024-04-08 13:00:09 | Changer les soins de santé fait face à un deuxième dilemme de ransomware des semaines après l'attaque d'ALPHV Change Healthcare faces second ransomware dilemma weeks after ALPHV attack (lien direct) |
Les théories abondent sur qui est vraiment responsable Change Healthcare serait extorqué par un deuxième gang de ransomwares, quelques semaines seulement après s'être remis d'une attaque alphv.…
Theories abound over who\'s truly responsible Change Healthcare is allegedly being extorted by a second ransomware gang, mere weeks after recovering from an ALPHV attack.… |
Ransomware Medical | ★★ | |
 |
2024-04-08 10:38:41 | En miroir de la NIS2, l\'ANSSI américaine s\'interroge sur les ransomwares (lien direct) | Chargée d'établir un cadre de signalement des attaques par ransomware, la CISA en questionne encore de multiples aspects. | Ransomware | ★★★ | |
|
2024-04-08 06:28:13 | Chef de l'unité de cyber-espion israélienne exposée ... par sa propre erreur de confidentialité Head of Israeli cyber spy unit exposed ... by his own privacy mistake (lien direct) |
plus: un autre gouvernement local entravé par les ransomwares;Énorme augmentation des logiciels malveillants infostabilité;et les vulns critiques en bref protéger votre vie privée en ligne est difficile.Si dur, en fait, que même un grand espion israélien qui a réussi à rester incognito pendant 20 ans s'est retrouvé exposé après une erreur de base.…
PLUS: Another local government hobbled by ransomware; Huge rise in infostealing malware; and critical vulns In Brief Protecting your privacy online is hard. So hard, in fact, that even a top Israeli spy who managed to stay incognito for 20 years has found himself exposed after one basic error.… |
Ransomware Malware | ★★★ | |
|
2024-04-05 19:48:48 | Panera pain alimente les soupçons des ransomwares avec silence Panera Bread Fuels Ransomware Suspicions With Silence (lien direct) |
La chaîne de restaurants n'a pas fourni d'informations sur ce qui a conduit à une panne informatique généralisée, et les clients et les employés demandent des réponses.
The restaurant chain hasn\'t provided any information regarding what led to a widespread IT outage, and customers and employees are asking for answers. |
Ransomware | ★★ | |
|
2024-04-05 19:15:19 | Tentative de piratage sur New York continue une vague de cyberattaques contre les gouvernements municipaux Attempted hack on NYC continues wave of cyberattacks against municipal governments (lien direct) |
2024 a déjà vu des dizaines de gouvernements locaux critiqués par des incidents de ransomwares et des cyberattaques, limitant les services de millions de personnes aux États-Unis.Le dernier incident de haut niveau concerne New York, qui a été contraint de retirer un site Web de paie de la ville hors ligne et de le retirer de la vue du public après avoir traité un incident de phishing.
2024 has already seen dozens of local governments slammed by ransomware incidents and cyberattacks, limiting services for millions of people across the United States. The latest high-profile incident involves New York City, which was forced to take a city payroll website offline and remove it from public view after dealing with a phishing incident. |
Ransomware Hack | ★★ | |
 |
2024-04-05 17:59:20 | La semaine en ransomware - 5 avril 2024 - Machines virtuelles attaquées The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack (lien direct) |
Les attaques de ransomware ciblant VMware ESXi et d'autres plates-formes de machines virtuelles font des ravages parmi l'entreprise, provoquant une perturbation et une perte de services généralisées.[...]
Ransomware attacks targeting VMware ESXi and other virtual machine platforms are wreaking havoc among the enterprise, causing widespread disruption and loss of services. [...] |
Ransomware | ★★ | |
 |
2024-04-05 17:25:00 | Alphv intensifie le blanchiment du changement de santé des soins de santé ALPHV steps up laundering of Change Healthcare ransom payments (lien direct) |
> Alors que le groupe de ransomwares se déplace pour cacher ses 22 millions de dollars, son encoche d'affiliation est à la hauteur après avoir été affaibli en paiement.
>As the ransomware group moves to hide its $22 million, its affiliate notchy is laying low after reportedly being stiffed on payment. |
Ransomware Medical | ★★ | |
|
2024-04-05 13:00:05 | Protéger le maillon le plus faible: comment les erreurs humaines peuvent mettre une entreprise en risque Protecting the weakest link: how human errors can put a company in risk (lien direct) |
> selon & # 8220; le rapport mondial des risques 2022 & # 8221;95% des problèmes de cybersécurité proviennent des erreurs humaines.Le logiciel de point de contrôle met en évidence les mesures essentielles que les entreprises doivent mettre en œuvre pour assurer leur protection.Dans l'ère numérique d'aujourd'hui, la cybersécurité est devenue une priorité pour les entreprises, car les cyberattaques peuvent endommager leur économie et leur réputation.Selon Check Point, 71% des entreprises ont été victimes d'attaques de ransomwares en 2023, avec un paiement moyen de 4,35 millions de dollars.Les employés sont le premier lien de la chaîne de cybersécurité et le point d'entrée le plus vulnérable.Les statistiques brossent un tableau d'étournage de l'impact de l'erreur humaine dans la cybersécurité.Selon [& # 8230;]
>According to “The Global Risks Report 2022” 95% of cybersecurity issues originate from human errors. Check Point Software highlights essential measures that companies must implement to ensure their protection. In today’s digital age, cybersecurity has become a priority for businesses, as cyber attacks can damage their economy and reputation. According to Check Point, 71% of businesses were victims of ransomware attacks in 2023, with an average payout of $4.35 million. Employees are the first link in the cybersecurity chain and the most vulnerable entry point. Statistics paint a starling picture of the impact of human error in cybersecurity. According to […] |
Ransomware | ★★ | |
|
2024-04-05 09:52:22 | Panera Bread d'une semaine d'une semaine provoquée par une attaque de ransomware Panera Bread week-long IT outage caused by ransomware attack (lien direct) |
La récente panne de Panera Bread \\ d'une semaine a été causée par une attaque de ransomware, selon des personnes familières avec la question et les e-mails vus par BleepingComputer.[...]
Panera Bread\'s recent week-long outage was caused by a ransomware attack, according to people familiar with the matter and emails seen by BleepingComputer. [...] |
Ransomware | ★★★ | |
 |
2024-04-05 06:00:25 | Amélioration de la détection et de la réponse: plaider en matière de tromperies Improving Detection and Response: Making the Case for Deceptions (lien direct) |
Let\'s face it, most enterprises find it incredibly difficult to detect and remove attackers once they\'ve taken over user credentials, exploited hosts or both. In the meantime, attackers are working on their next moves. That means data gets stolen and ransomware gets deployed all too often. And attackers have ample time to accomplish their goals. In July 2023, the reported median dwell time was eight days. That\'s the time between when an attacker accesses their victim\'s systems and when the attack is either detected or executed. Combine that data point with another one-that attackers take only 16 hours to reach Active Directory once they have landed-and the takeaway is that threats go undetected for an average of seven days. That\'s more than enough time for a minor security incident to turn into a major business-impacting breach. How can you find and stop attackers more quickly? The answer lies in your approach. Let\'s take a closer look at how security teams typically try to detect attackers. Then, we can better understand why deceptions can work better. What is the problem with current detection methods? Organizations and their security vendors have evolved when it comes to techniques for detecting active threats. In general, detection tools have focused on two approaches-finding files or network traffic that are “known-bad” and detecting suspicious or risky activity or behavior. Often called signature-based detection, finding “known-bad” is a broadly used tool in the detection toolbox. It includes finding known-bad files like malware, or detecting traffic from known-bad IPs or domains. It makes you think of the good old days of antivirus software running on endpoints, and about the different types of network monitoring or web filtering systems that are commonplace today. The advantage of this approach is that it\'s relatively inexpensive to build, buy, deploy and manage. The major disadvantage is that it isn\'t very effective against increasingly sophisticated threat actors who have an unending supply of techniques to get around them. Keeping up with what is known-bad-while important and helpful-is also a bit like a dog chasing its tail, given the infinite internet and the ingenuity of malicious actors. The rise of behavior-based detection About 20 years ago, behavioral-based detections emerged in response to the need for better detection. Without going into detail, these probabilistic or risk-based detection techniques found their way into endpoint and network-based security systems as well as SIEM, email, user and entity behavior analytics (UEBA), and other security systems. The upside of this approach is that it\'s much more nuanced. Plus, it can find malicious actors that signature-based systems miss. The downside is that, by definition, it can generate a lot of false positives and false negatives, depending on how it\'s tuned. Also, the high cost to build and operate behavior-based systems-considering the cost of data integration, collection, tuning, storage and computing-means that this approach is out of reach for many organizations. This discussion is not intended to discount the present and future benefits of newer analytic techniques such as artificial intelligence and machine learning. I believe that continued investments in behavior-based detections can pay off with the continued growth of security data, analytics and computing power. However, I also believe we should more seriously consider a third and less-tried technique for detection. Re-thinking detection Is it time to expand our view of detection techniques? That\'s the fundamental question. But multiple related questions are also essential: Should we be thinking differently about what\'s the best way to actively detect threats? Is there a higher-fidelity way to detect attackers that is cost-effective and easy to deploy and manage? Is there another less-tried approach for detecting threat actors-beyond signature-based and behavior-based methods-that can dra | Ransomware Malware Tool Vulnerability Threat | ★★ | |
|
2024-04-04 22:29:05 | Sexi Ransomware désire les hyperviseurs VMware dans la campagne en cours SEXi Ransomware Desires VMware Hypervisors in Ongoing Campaign (lien direct) |
Une variante BABUK a été impliquée dans au moins quatre attaques contre les serveurs VMware ESXi au cours des six dernières semaines, dans un cas exigeant 140 millions de dollars d'une entreprise de centre de données chilien.
A Babuk variant has been involved in at least four attacks on VMware EXSi servers in the last six weeks, in one case demanding $140 million from a Chilean data center company. |
Ransomware | ★★★ | |
|
2024-04-04 21:07:53 | \\ 'Une attaque contre la réputation de Palau \\': les responsables se demandent qui était vraiment derrière l'incident du ransomware \\'An attack on the reputation of Palau\\': officials question who was really behind ransomware incident (lien direct) |
Les employés du gouvernement sur l'île de Palau sont entrés en œuvre le 14 mars et ont démarré leurs ordinateurs comme n'importe quel autre jour.Mais lorsque les écrans Windows ne se chargeraient pas, ils l'ont appelé. & Nbsp;Ils ont rapidement découvert deux notes de rançon distinctes: une sur une feuille de papier dans l'imprimante du gang de ransomware de verrouillage
Government employees on the island of Palau came into work on March 14 and booted up their computers like any other day. But when the Windows screens wouldn\'t load they called up IT. They quickly discovered two separate ransom notes: one on a sheet of paper in the printer from the LockBit ransomware gang |
Ransomware | ★★ | |
 |
2024-04-04 16:30:00 | Lockbit se précipite après le retrait, repopule le site de fuite avec de vieilles violations LockBit Scrambles After Takedown, Repopulates Leak Site with Old Breaches (lien direct) |
Un rapport micro tendance montre une baisse claire du nombre d'infections réelles associées au ransomware de verrouillage suivant l'opération Cronos
A Trend Micro report shows a clear drop in the number of actual infections associated with the LockBit ransomware following Operation Cronos |
Ransomware Prediction | ★★ | |
|
2024-04-04 16:00:00 | Systèmes informatiques du comté de Jackson frappés par une attaque de ransomware Jackson County IT Systems Hit By Ransomware Attack (lien direct) |
Un état d'urgence a été déclaré, causé par des incohérences opérationnelles à travers les infrastructures numériques
A state of emergency was declared, caused by operational inconsistencies across digital infrastructure |
Ransomware | ★★ | |
 |
2024-04-04 15:06:24 | Les menaces de ransomware en Asie-Pacifique dépendent du pays et du secteur, explique Rapid7 Asia-Pacific Ransomware Threats Depend on Country and Sector, Says Rapid7 (lien direct) |
Les agents de cybersécurité ont été avertis d'examiner les menaces de ransomware spécifiques auxquelles sont confrontés leur pays et leur industrie, tout en fermant les voies communes utilisées par des courtiers à accès qualifié.
Cyber security operatives have been warned to look at the specific ransomware threats facing their country and industry, while closing down common pathways being used by skilled access brokers. |
Ransomware | ★★ | |
 |
2024-04-04 13:23:08 | New Red Ransomware Group (Red Cryptoapp) expose les victimes sur Wall of Shame New Red Ransomware Group (Red CryptoApp) Exposes Victims on Wall of Shame (lien direct) |
> Par waqas
Un nouveau groupe de ransomwares, Red CryptoApp (Red Ransomware Group), fait bouger les choses.Contrairement à d'autres, ils humilient les victimes en publiant leurs noms sur un «mur de honte».Découvrez comment Red Cryptoapp cible les victimes, quelles industries sont en danger et comment vous protéger.
Ceci est un article de HackRead.com Lire la publication originale: New Red Ransomware Group (Red Cryptoapp) expose les victimes sur Wall of Shame
>By Waqas A new ransomware group, Red CryptoApp (Red Ransomware Group), is shaking things up. Unlike others, they humiliate victims by publishing their names on a "wall of shame." Learn how Red CryptoApp targets victims, what industries are at risk, and how to protect yourself. This is a post from HackRead.com Read the original post: New Red Ransomware Group (Red CryptoApp) Exposes Victims on Wall of Shame |
Ransomware | ★★ | |
|
2024-04-04 12:00:00 | Leicester Council confirme les documents confidentiels divulgués dans l'attaque des ransomwares Leicester Council Confirms Confidential Documents Leaked in Ransomware Attack (lien direct) |
Le conseil municipal de Leicester a confirmé qu'environ 25 documents sensibles ont été divulgués en ligne, y compris des informations d'identité personnelle, à la suite des réclamations du gang de la rançon Inc
Leicester City Council confirmed around 25 sensitive documents have been leaked online, including personal ID information, following claims by the Inc Ransom gang |
Ransomware | ★★ | |
|
2024-04-04 11:56:12 | Le conseil municipal de Leicester confirme l'attaque des ransomwares après la fuite de documents confidentiels Leicester City Council confirms ransomware attack after confidential documents leaked (lien direct) |
Le conseil municipal de Leicester en Angleterre a confirmé que le cyber-incident du mois dernier était une attaque de ransomware après avoir été informé que les criminels derrière l'incident avaient téléchargé des documents volés sur leur site d'extorsion Web sombre.Inc Ransom avait affirmé être à l'origine de l'attaque plus tôt cette semaine, ce qui a incité le directeur stratégique de Leicester \\, Richard Sword,
Leicester City Council in England has confirmed that last month\'s cyber incident was a ransomware attack after being made aware that the criminals behind the incident had uploaded stolen documents to their dark web extortion site. INC Ransom had claimed to be behind the attack earlier this week, prompting Leicester\'s strategic director, Richard Sword, |
Ransomware | ★★ | |
|
2024-04-04 11:47:34 | Latrodectus: ces octets d'araignée comme la glace Latrodectus: This Spider Bytes Like Ice (lien direct) |
Proofpoint\'s Threat Research team joined up with the Team Cymru S2 Threat Research team, in a collaborative effort to provide the information security community with a comprehensive view of the threat activity described. Key takeaways Proofpoint first observed new malware named Latrodectus appear in email threat campaigns in late November 2023. While use of Latrodectus decreased in December 2023 through January 2024, Latrodectus use increased in campaigns throughout February and March 2024. It was first observed in Proofpoint data being distributed by threat actor TA577 but has been used by at least one other threat actor, TA578. Latrodectus is an up-and-coming downloader with various sandbox evasion functionality. While similar to IcedID, Proofpoint researchers can confirm it is an entirely new malware, likely created by the IcedID developers. Latrodectus shares infrastructure overlap with historic IcedID operations. While investigating Latrodectus, researchers identified new, unique patterns in campaign IDs designating threat actor use in previous IcedID campaigns. Overview Proofpoint identified a new loader called Latrodectus in November 2023. Researchers have identified nearly a dozen campaigns delivering Latrodectus, beginning in February 2024. The malware is used by actors assessed to be initial access brokers (IABs). Latrodectus is a downloader with the objective of downloading payloads and executing arbitrary commands. While initial analysis suggested Latrodectus was a new variant of IcedID, subsequent analysis confirmed it was a new malware most likely named Latrodectus, based on a string identified in the code. Based on characteristics in the disassembled sample and functionality of the malware, researchers assess the malware was likely written by the same developers as IcedID. This malware was first observed being distributed by TA577, an IAB known as a prolific Qbot distributor prior to the malware\'s disruption in 2023. TA577 used Latrodectus in at least three campaigns in November 2023 before reverting to Pikabot. Since mid-January 2024, researchers observed it being used almost exclusively by TA578 in email threat campaigns. Campaign details TA577 TA577 was only observed using Latrodectus in three campaigns, all occurring in November 2023. Notably, a campaign that occurred on 24 November 2023 deviated from previously observed TA577 campaigns. The actor did not use thread hijacking, but instead used contained a variety of different subjects with URLs in the email body. The URLs led to the download of a JavaScript file. If executed, the JavaScript created and ran several BAT files that leveraged curl to execute a DLL and ran it with the export “scab”. Figure 1: Example TA577 campaign delivering Latrodectus. On 28 November 2023, Proofpoint observed the last TA577 Latrodectus campaign. The campaign began with thread hijacked messages that contained URLs leading to either zipped JavaScript files or zipped ISO files. The zipped JavaScript file used curl to download and execute Latrodectus. The zipped ISO file contained a LNK file used to execute the embedded DLL, Latrodectus. Both attack chains started the malware with the export “nail”. TA578 Since mid-January 2024, Latrodectus has been almost exclusively distributed by TA578. This actor typically uses contact forms to initiate a conversation with a target. In one campaign observed on 15 December 2023, Proofpoint observed TA578 deliver the Latrodectus downloader via a DanaBot infection. This December campaign was the first observed use of TA578 distributing Latrodectus. On 20 February 2024, Proofpoint researchers observed TA578 impersonating various companies to send legal threats about alleged copyright infringement. The actor filled out a contact form on multiple targets\' websites, with text containing unique URLs and included in the URI both the domain of the site that initiated the contact form (the target), and the name of the impersonated company (to further the legitimacy | Ransomware Malware Tool Threat Prediction | ★★★ | |
|
2024-04-04 10:49:40 | Ransomware Gang a fait voler les résidents \\ 'Données confidentielles, le conseil municipal britannique admet Ransomware gang did steal residents\\' confidential data, UK city council admits (lien direct) |
La rançon Inc apparaît comme une menace croissante, car certains ex-affiliés de Lockbit / AlphV obtiennent de nouveaux concerts Le conseil municipal de Leicester admet enfin que son "cyber-incident" a été effectué par un gang de ransomware et que ces données étaientvolés, des heures après que les criminels ont forcé sa main.…
INC Ransom emerges as a growing threat as some ex-LockBit/ALPHV affiliates get new gigs Leicester City Council is finally admitting its "cyber incident" was carried out by a ransomware gang and that data was stolen, hours after the criminals forced its hand.… |
Ransomware Threat | ★★ | |
|
2024-04-03 22:11:10 | Lockbit Ransomware Takedown frappe profondément dans la viabilité de la marque \\ LockBit Ransomware Takedown Strikes Deep Into Brand\\'s Viability (lien direct) |
Près de trois mois après l'opération Cronos, il est clair que le gang ne rebondit pas de l'action innovante d'application de la loi.Les opérateurs RAAS sont en avis et les entreprises devraient faire attention.
Nearly three months after Operation Cronos, it\'s clear the gang is not bouncing back from the innovative law-enforcement action. RaaS operators are on notice, and businesses should pay attention. |
Ransomware | ★★★ | |
|
2024-04-03 17:10:56 | Comté de Jackson en état d'urgence après une attaque de ransomware Jackson County in state of emergency after ransomware attack (lien direct) |
Le comté de Jackson, Missouri, est en état d'urgence après qu'une attaque de ransomware a enlevé des services de comté mardi.[...]
Jackson County, Missouri, is in a state of emergency after a ransomware attack took down some county services on Tuesday. [...] |
Ransomware | ★★ | |
|
2024-04-03 15:32:17 | Sophos révèle que les attaques de ransomwares visent désormais des sauvegardes Sophos Reveals Ransomware Attacks Are Now Targeting Backups (lien direct) |
> Par waqas
Le stockage d'une sauvegarde de vos données est une décision judicieuse, mais avez-vous envisagé de garder une sauvegarde de votre sauvegarde?
Ceci est un article de HackRead.com Lire le post original: Sophos révèleLes attaques de ransomware ciblent désormais les sauvegardes
>By Waqas Storing a backup of your data is a wise decision, but have you considered keeping a backup of your backup? This is a post from HackRead.com Read the original post: Sophos Reveals Ransomware Attacks Are Now Targeting Backups |
Ransomware | ★★ | |
|
2024-04-03 12:01:15 | Comté du Missouri frappé par les ransomwares Missouri County Hit by Ransomware (lien direct) |
> Jackson County, Missouri, révèle \\ 'des perturbations significatives \' aux systèmes informatiques, dit l'attaque des ransomwares probablement en faute.
>Jackson County, Missouri, discloses \'significant disruptions\' to IT systems, says ransomware attack likely at fault. |
Ransomware | ★★ | |
|
2024-04-03 10:30:00 | Abus RDP présents dans 90% des violations des ransomwares RDP Abuse Present in 90% of Ransomware Breaches (lien direct) |
Sophos révèle des niveaux «sans précédent» de compromis RDP dans les attaques de ransomwares en 2023
Sophos reveals “unprecedented” levels of RDP compromise in ransomware attacks in 2023 |
Ransomware | ★★ | |
|
2024-04-03 02:00:00 | Ransomware, comptes bancaires indésirables: les cybermenaces prolifèrent au Vietnam Ransomware, Junk Bank Accounts: Cyber Threats Proliferate in Vietnam (lien direct) |
Une réussite économique en Asie, au Vietnam, voient plus de fabrication et plus d'investissement commercial.Mais avec cela, une augmentation significative de la cybercriminalité.
An economic success story in Asia, Vietnam is seeing more manufacturing and more business investment. But with that comes a significant uptick in cybercrime as well. |
Ransomware | ★★ | |
 |
2024-04-02 23:59:50 | Le comté du Missouri déclare l'état d'urgence au milieu d'une attaque de ransomware présumée Missouri county declares state of emergency amid suspected ransomware attack (lien direct) |
La panne se produit le jour même en tant qu'élections spéciales, mais les bureaux des élections restent ouverts.
Outage occurs on same day as special election, but elections offices remain open. |
Ransomware | ★★ | |
|
2024-04-02 17:32:25 | Le comté de Missouri, qui abrite Kansas City Missouri county home to Kansas City says suspected ransomware attack affecting tax payments (lien direct) |
L'un des plus grands comtés du Missouri a confirmé mardi qu'il faisait face à une attaque de ransomware présumée affectant les paiements d'impôts et les biens en ligne, les licences de mariage et les recherches de détenus.Jackson County - qui compte 715 000 résidents et qui abrite une partie de Kansas City - a déclaré qu'elle avait "identifié des perturbations importantes au sein de son
One of the largest counties in Missouri confirmed on Tuesday that it is dealing with a suspected ransomware attack affecting tax payments and online property, marriage licenses and inmate searches. Jackson County - which has 715,000 residents and is home to part of Kansas City - said it has “identified significant disruptions within its |
Ransomware | ★★ | |
|
2024-04-02 12:00:00 | Les cyberattaques produisaient une perturbation physique en augmentation Cyberattacks Wreaking Physical Disruption on the Rise (lien direct) |
Les groupes de ransomware ont entré dans la fabrication d'autres parties du secteur OT en 2023, et quelques attaques ont causé des dommages à huit et neuf chiffres.Mais le pire n'est pas encore venu en 2024.
Ransomware groups tore into manufacturing other parts of the OT sector in 2023, and a few attacks caused eight- and nine-figure damages. But worse is yet to come in 2024. |
Ransomware Industrial | ★★★ | |
|
2024-04-02 08:41:20 | Le concessionnaire de bateaux MarineMax confirme la violation des données Boat Dealer MarineMax Confirms Data Breach (lien direct) |
> MarineMax confirme une violation de données à la suite d'une récente attaque de ransomware, les attaquants affirmant avoir obtenu 180 000 fichiers.
>MarineMax confirms suffering a data breach as a result of a recent ransomware attack, with the attackers claiming to have obtained 180,000 files. |
Ransomware Data Breach | ★★★ | |
|
2024-04-02 05:00:00 | Les menaces de cybersécurité s'intensifient au Moyen-Orient pendant le Ramadan Cybersecurity Threats Intensify in the Middle East During Ramadan (lien direct) |
Comment les équipes de sécurité de la région fortifient leurs défenses au milieu de tacs à court - et ont augmenté les campagnes DDOS, phishing et ransomwares - pendant le mois sacré musulman.
How security teams in the region fortify their defenses amid short-staffing - and increased DDoS, phishing, and ransomware campaigns - during the Muslim holy month. |
Ransomware | ★★ | |
|
2024-04-01 19:09:57 | \\ 'Organisation de cybercriminalité \\' a volé les données des clients et des employés, dit le géant de la navigation \\'Cybercrime organization\\' stole customer and employee data, boating giant says (lien direct) |
Les pirates ont pu accéder aux données des serveurs de l'un des plus grands vendeurs de bateaux du monde au cours d'une attaque le mois dernier, a confirmé la société.Marinemax a déposé lundi un rapport mis à jour aux régulateurs de la Securities and Exchange Commission avertissant que les informations sur les clients et les employés ont été volées au cours de l'incident.Le ransomware de Rhysida
Hackers were able to access data from the servers of one of the world\'s largest boat sellers during an attack last month, the company confirmed. MarineMax filed an updated report to regulators at the Securities and Exchange Commission on Monday warning that customer and employee information was stolen during the incident. The Rhysida ransomware |
Ransomware | ★★ | |
|
2024-04-01 16:50:00 | Détecter les logiciels malveillants à base de fenêtres grâce à une meilleure visibilité Detecting Windows-based Malware Through Better Visibility (lien direct) |
Malgré une pléthore de solutions de sécurité disponibles, de plus en plus d'organisations sont victimes de ransomwares et d'autres menaces.Ces menaces continues ne sont pas juste un inconvénient qui nuise aux entreprises et aux utilisateurs finaux - ils endommagent l'économie, mettent en danger des vies, détruisent les entreprises et mettent en danger la sécurité nationale.Mais si ce n'était pas assez & # 8211;La Corée du Nord semble être & nbsp; en utilisant les revenus de Cyber
Despite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. These continued threats aren\'t just an inconvenience that hurt businesses and end users - they damage the economy, endanger lives, destroy businesses and put national security at risk. But if that wasn\'t enough – North Korea appears to be using revenue from cyber |
Ransomware Malware | ★★ | |
|
2024-04-01 14:00:00 | Collaboration nécessaire pour lutter contre les ransomwares Collaboration Needed to Fight Ransomware (lien direct) |
Une approche mondiale proactive et collaborative de la cybersécurité, et pas seulement dans les partenariats public / privé, est la clé de la lutte contre les gangs de ransomware de plus en plus professionnels.
A global proactive and collaborative approach to cybersecurity, not just in public/private partnerships, is key to fighting back against increasingly professional ransomware gangs. |
Ransomware | ★★ |
To see everything:
Our RSS (filtrered)
