This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-09T22:31:41+00:00 www.secnews.physaphae.fr Security Affairs - Blog Secu Several Ukrainian organizations were hit by Russia-based RansomBoggs Ransomware in the last week, ESET reports. Researchers from ESET observed multiple attacks involving a new family of ransomware, tracked as RansomBoggs ransomware, against Ukrainian organizations. The security firm first detected the attacks on November 21 and immediately alerted the CERT US. The ransomware is written in […] ]]> 2022-11-28T08:25:04+00:00 https://securityaffairs.co/wordpress/139028/cyber-warfare-2/ransomboggs-ransomware-targeted-ukraine.html www.secnews.physaphae.fr/article.php?IdArticle=8268903 False Ransomware None 2.0000000000000000 Security Affairs - Blog Secu RansomExx ransomware is the last ransomware in order of time to have a version totally written in the Rust programming language. The operators of the RansomExx ransomware (aka Defray777 and Ransom X) have developed a new variant of their malware, tracked as RansomExx2, that was ported into the Rust programming language. The move follows the […] ]]> 2022-11-24T21:19:37+00:00 https://securityaffairs.co/wordpress/138933/malware/ransomexx-ransomware-rust-language.html www.secnews.physaphae.fr/article.php?IdArticle=8206243 False Ransomware None None Security Affairs - Blog Secu Researchers warn of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US. Experts at the Cybereason Global SOC (GSOC) team have observed a surge in Qakbot infections as part of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US. In the last two […] ]]> 2022-11-24T09:59:26+00:00 https://securityaffairs.co/wordpress/138924/cyber-crime/qakbot-campaign-black-basta-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8196736 False Ransomware,Malware,Guideline None None Security Affairs - Blog Secu Experts from Cyble Research and Intelligence Labs (CRIL) discovered three new ransomware families: AXLocker, Octocrypt, and Alice Ransomware. Threat intelligence firm Cyble announced the discovery of three new ransomware families named AXLocker, Octocrypt, and Alice Ransomware. The AXLocker ransomware encrypts victims’ files and steals Discord tokens from the infected machine. The analysis of the code […] ]]> 2022-11-21T08:31:12+00:00 https://securityaffairs.co/wordpress/138783/malware/octocrypt-alice-axlocker-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8146794 False Ransomware,Threat None None Security Affairs - Blog Secu Proof-of-concept exploit code for two actively exploited Microsoft Exchange ProxyNotShell flaws released online. Proof-of-concept exploit code has been released online for two actively exploited vulnerabilities in Microsoft Exchange, known as ProxyNotShell. The two flaws are: they impact Exchange Server 2013, 2016, and 2019, an authenticated attacker can trigger them to elevate privileges to run PowerShell […] ]]> 2022-11-20T19:39:40+00:00 https://securityaffairs.co/wordpress/138768/hacking/proxynotshell-microsoft-exchange-poc.html www.secnews.physaphae.fr/article.php?IdArticle=8137402 False Ransomware None 4.0000000000000000 Security Affairs - Blog Secu Microsoft warns that a threat actor, tracked as DEV-0569, is using Google Ads to distribute the recently discovered Royal ransomware. Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569, is using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The DEV-0569 group carries out […] ]]> 2022-11-19T19:27:12+00:00 https://securityaffairs.co/wordpress/138750/malware/dev-0569-google-ads-royal-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8117164 False Ransomware,Threat None None Security Affairs - Blog Secu Hive ransomware operators have extorted over $100 million in ransom payments from over 1,300 companies worldwide as of November 2022. The threat actors behind the Hive ransomware-as-a-service (RaaS) have extorted $100 million in ransom payments from over 1,300 companies worldwide as of November 2022, reported the U.S. cybersecurity and intelligence authorities. “As of November 2022, […] ]]> 2022-11-18T11:30:22+00:00 https://securityaffairs.co/wordpress/138702/cyber-crime/hive-ransomware-extorted-100m.html www.secnews.physaphae.fr/article.php?IdArticle=8086702 False Ransomware,Threat None None Security Affairs - Blog Secu Public schools in two Michigan counties were forced to halt their activities, including the lessons, after a ransomware attack.   Public schools in Jackson and Hillsdale counties, Michigan, reopen after a closure of two days caused by a ransomware attack that hit its systems. The public schools started experiencing a systems outage affecting critical operating […] ]]> 2022-11-17T22:25:09+00:00 https://securityaffairs.co/wordpress/138677/cyber-crime/public-schools-michigan-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8075013 False Ransomware None None Security Affairs - Blog Secu Russian threat actors employed a new ransomware family called Somnia in attacks against multiple organizations in Ukraine. The Government Computer Emergency Response Team of Ukraine CERT-UA is investigating multiple attacks against organizations in Ukraine that involved a new piece of ransomware called Somnia. Government experts attribute the attacks to the group ‘From Russia with Love’ […] ]]> 2022-11-14T09:18:41+00:00 https://securityaffairs.co/wordpress/138496/hacking/somnia-ransomware-attacks-ukraine.html www.secnews.physaphae.fr/article.php?IdArticle=8006318 False Ransomware,Threat None None Security Affairs - Blog Secu Are the directors of a company hit by a cyberattack liable for negligence in failing to take steps to limit the risk. As the risk of a cyberattack grows, it is pivotal to consider whether the directors of a company hit by a ransomware attack, for example, can bear any liability for negligence in failing […] ]]> 2022-11-14T09:12:55+00:00 https://securityaffairs.co/wordpress/138507/security/board-directors-liability-for-cyberattack.html www.secnews.physaphae.fr/article.php?IdArticle=8006319 False Ransomware None None Security Affairs - Blog Secu The Lockbit 3.0 ransomware gang started leaking the information allegedly stolen from the global high-tech company Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations – big data, artificial intelligence, connectivity, cybersecurity and quantum – to build a future of trust, essential […] ]]> 2022-11-13T09:40:52+00:00 https://securityaffairs.co/wordpress/138471/data-breach/lockbit-leaked-thales-files.html www.secnews.physaphae.fr/article.php?IdArticle=7986229 True Ransomware,Guideline None None Security Affairs - Blog Secu Sobeys, the second-largest supermarket chain in Canada, was he victim of a ransomware attack conducted by the Black Basta gang. Sobeys Inc. is the second largest supermarket chain in Canada, the company operates over 1,500 stores operating across Canada under a variety of banners. It is a wholly-owned subsidiary of Empire Company Limited, a Canadian business conglomerate. During […] ]]> 2022-11-12T11:35:10+00:00 https://securityaffairs.co/wordpress/138424/cyber-crime/sobeys-ransomware-attack.html www.secnews.physaphae.fr/article.php?IdArticle=7967758 False Ransomware None None Security Affairs - Blog Secu The U.S. DoJ charged a Russian-Canadian national for his alleged role in LockBit ransomware attacks against organizations worldwide. The U.S. Department of Justice (DoJ) charged Mikhail Vasiliev, a dual Russian and Canadian national, for his alleged participation in the LockBit ransomware operation. According to the press release published by DoJ, the man is currently in custody in […] ]]> 2022-11-11T11:54:05+00:00 https://securityaffairs.co/wordpress/138381/cyber-crime/man-charged-lockbit-ransomware-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=7946486 False Ransomware None None Security Affairs - Blog Secu Microsoft linked Prestige ransomware attacks against organizations in Ukraine and Poland to Russia-linked threat actors. In Mid-October, Microsoft Threat Intelligence Center (MSTIC) researchers uncovered previously undetected ransomware, tracked as Prestige ransomware, employed in attacks targeting organizations in the transportation and related logistics industries in Ukraine and Poland. The Prestige ransomware first appeared in the threat […] ]]> 2022-11-11T08:28:28+00:00 https://securityaffairs.co/wordpress/138362/apt/prestige-ransomware-linked-iridium.html www.secnews.physaphae.fr/article.php?IdArticle=7943704 False Ransomware,Threat None None Security Affairs - Blog Secu Experts noticed that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems. Researchers from AhnLab Security Emergency Response Center (ASEC) reported that the Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows […] ]]> 2022-11-09T13:31:43+00:00 https://securityaffairs.co/wordpress/138292/malware/amadey-malware-deploying-lockbit-3-0.html www.secnews.physaphae.fr/article.php?IdArticle=7905588 False Ransomware,Malware None None Security Affairs - Blog Secu 2022-11-08T09:45:36+00:00 https://securityaffairs.co/wordpress/138243/cyber-crime/medibank-confirms-ransomware-attack.html www.secnews.physaphae.fr/article.php?IdArticle=7887401 False Ransomware None None Security Affairs - Blog Secu 2022-11-06T17:17:54+00:00 https://securityaffairs.co/wordpress/138136/cyber-crime/lockbit-ransomware-kearney-company.html www.secnews.physaphae.fr/article.php?IdArticle=7869382 False Ransomware None None Security Affairs - Blog Secu The LockBit ransomware group claimed to have hacked the multinational automotive group Continental and threatens to leak stolen data. LockBit ransomware gang announced to have hacked the German multinational automotive parts manufacturing company Continental. The group added the name of the company to its Tor leak site and is threatening to publish alleged stolen data if the […] ]]> 2022-11-03T21:29:12+00:00 https://securityaffairs.co/wordpress/138062/cyber-crime/lockbit-gang-claims-continental-hack.html www.secnews.physaphae.fr/article.php?IdArticle=7809126 False Ransomware,Hack None None Security Affairs - Blog Secu Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. Security researchers at Sentinel Labs shared details about Black Basta‘s TTPs and assess it is highly likely the ransomware operation has ties with FIN7. The experts analyzed tools used by the ransomware gang in attacks, some of […] ]]> 2022-11-03T12:34:23+00:00 https://securityaffairs.co/wordpress/138037/cyber-crime/black-basta-linked-fin7.html www.secnews.physaphae.fr/article.php?IdArticle=7801701 False Ransomware None None Security Affairs - Blog Secu The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations – big data, artificial intelligence, connectivity, cybersecurity and quantum – to build a future of trust, […] ]]> 2022-11-01T17:33:53+00:00 https://securityaffairs.co/wordpress/137955/cyber-crime/lockbit-3-0-thales.html www.secnews.physaphae.fr/article.php?IdArticle=7767181 False Ransomware,Guideline None None Security Affairs - Blog Secu Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M. Research published by threat intelligence firm KELA related to ransomware activity in Q3 reveals a stable activity in the sector of initial access sales, but experts observed a rise in the value of the offerings. […] ]]> 2022-11-01T11:32:51+00:00 https://securityaffairs.co/wordpress/137929/cyber-crime/ransomware-activity-q3-2022.html www.secnews.physaphae.fr/article.php?IdArticle=7763473 False Ransomware,Threat None None Security Affairs - Blog Secu Reflecting on the Wannacry ransomware attack, which is the lesson learnt e why most organizations are still ignoring it. In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding […] ]]> 2022-10-31T14:37:01+00:00 https://securityaffairs.co/wordpress/137894/cyber-crime/wannacry-hybrid-malware.html www.secnews.physaphae.fr/article.php?IdArticle=7754874 False Ransomware,Malware Wannacry,Wannacry 2.0000000000000000 Security Affairs - Blog Secu DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm. Microsoft has discovered recent activity that links the Raspberry Robin worm to human-operated ransomware attacks.  Data collected by Microsoft Defender for Endpoint shows that nearly 3,000 devices in almost 1,000 organizations have seen at least one RaspberryRobin […] ]]> 2022-10-27T21:05:48+00:00 https://securityaffairs.co/wordpress/137722/malware/raspberry-robin-clop-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=7707891 False Ransomware None None Security Affairs - Blog Secu The Hive ransomware gang, which claimed the responsibility for the Tata Power data breach, started leaking data. On October 14, Tata Power, India's largest power generation company, announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company. The company confirmed that the security breach impacted “some of […] ]]> 2022-10-25T11:44:24+00:00 https://securityaffairs.co/wordpress/137601/malware/hive-ransomware-tata-power.html www.secnews.physaphae.fr/article.php?IdArticle=7671761 False Ransomware,Threat None None Security Affairs - Blog Secu The Ukraine Computer Emergency Response Team (CERT-UA) warns of Cuba Ransomware attacks against critical networks in the country. The Ukraine Computer Emergency Response Team (CERT-UA) warns of potential Cuba Ransomware attacks against local critical infrastructure. On October 21, 2022, the Ukraine CERT-UA uncovered a phishing campaign impersonating the Press Service of the General Staff of […] ]]> 2022-10-24T18:35:15+00:00 https://securityaffairs.co/wordpress/137567/cyber-warfare-2/cuba-ransomware-cert-ua.html www.secnews.physaphae.fr/article.php?IdArticle=7668098 False Ransomware None None Security Affairs - Blog Secu Researchers at Palo Alto Network’s Unit 42 linked the Ransom Cartel ransomware operation to the REvil ransomware operations. Researchers at Palo Alto Network’s Unit 42 have linked the relatively new Ransom Cartel ransomware operation with the notorious REvil cybercrime gang. The REvil group was one of the most active ransomware gangs in the first half […] ]]> 2022-10-19T13:07:36+00:00 https://securityaffairs.co/wordpress/137328/cyber-crime/ransom-cartel-links-revil.html www.secnews.physaphae.fr/article.php?IdArticle=7562037 False Ransomware None None Security Affairs - Blog Secu Microsoft warns that new Prestige ransomware is targeting transportation and logistics organizations in Ukraine and Poland. Microsoft reported that new Prestige ransomware is being used in attacks aimed at transportation and logistics organizations in Ukraine and Poland. The Prestige ransomware first appeared in the threat landscape on October 11 in attacks occurring within an hour […] ]]> 2022-10-16T23:22:16+00:00 https://securityaffairs.co/wordpress/137203/apt/prestige-ransomware-targets-ukraine.html www.secnews.physaphae.fr/article.php?IdArticle=7517773 False Ransomware,Threat None None Security Affairs - Blog Secu Lockbit ransomware affiliates are compromising Microsoft Exchange servers to deploy their ransomware, experts warn. South-Korean cybersecurity firm AhnLab reported that Lockbit ransomware affiliates are distributing their malware via compromised Microsoft Exchange servers. In July 2022, two servers operated by a customer of the security firm were infected with LockBit 3.0 ransomware.  Threat actors initially deployed […] ]]> 2022-10-12T05:54:56+00:00 https://securityaffairs.co/wordpress/136968/cyber-crime/microsoft-exchange-lockbit-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=7405732 False Ransomware,Malware,Threat None None Security Affairs - Blog Secu Threat actors got to a database with over 152,000 customer records before its owner, the Turkish branch of Harvard Business Review, closed it. Crooks left a ransom note, threatening to leak the data and inform authorities of the EU's General Data Protection Regulation (GDPR) violations. Original Post published on CyberNews A recent discovery by the […] ]]> 2022-10-10T04:53:55+00:00 https://securityaffairs.co/wordpress/136860/cyber-crime/harvard-business-publishing-licensee-hit-by-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=7378450 False Ransomware None None Security Affairs - Blog Secu Everest ransomware operators claimed to have hacked South Africa state-owned company ESKOM Hld SOC Ltd. In March 2022, the Everest ransomware operators published a notice announcing the sale of “South Africa Electricity company’s root access” for $125,000. Eskom transforms inputs from the natural environment – coal, nuclear, fuel, diesel, water, and wind – into more […] ]]> 2022-10-09T17:08:08+00:00 https://securityaffairs.co/wordpress/136866/cyber-crime/south-africa-eskom-everest-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=7371250 False Ransomware None None Security Affairs - Blog Secu CommonSpirit, one of the largest hospital chains in the US, suffered a ransomware cyberattack that impacted its operations. Common Spirit, one of the largest hospital chains in the US, this week suffered a ransomware cyberattack that caused severe inconvenience to the facilities and to patients The alleged security breach led to delayed surgeries, hold-ups in […] ]]> 2022-10-09T12:23:22+00:00 https://securityaffairs.co/wordpress/136843/cyber-crime/commonspirit-ransomware-attack.html www.secnews.physaphae.fr/article.php?IdArticle=7367930 False Ransomware None 2.0000000000000000 Security Affairs - Blog Secu The BlackByte ransomware operators are leveraging a flaw in a legitimate Windows driver to bypass security solutions. Researchers from Sophos warn that BlackByte ransomware operators are using a bring your own vulnerable driver (BYOVD) attack to bypass security products. In BYOVD attacks, threat actors abuse vulnerabilities in legitimate, signed drivers, on which security products rely, […] ]]> 2022-10-08T16:23:28+00:00 https://securityaffairs.co/wordpress/136816/malware/blackbyte-ransomware-byovd-attack.html www.secnews.physaphae.fr/article.php?IdArticle=7353726 False Ransomware,Threat None None Security Affairs - Blog Secu Avast released a free decryptor for variants of the Hades ransomware tracked as ‘MafiaWare666’, ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ . Avast has released a decryptor for variants of the Hades ransomware known as ‘MafiaWare666’, ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ which can allow the victims of these ransomware strains to recover their files without paying the […] ]]> 2022-10-05T22:19:55+00:00 https://securityaffairs.co/wordpress/136710/malware/hades-ransomware-decryptor.html www.secnews.physaphae.fr/article.php?IdArticle=7311669 False Ransomware None None Security Affairs - Blog Secu Researchers link recently discovered Linux ransomware Cheerscrypt to the China-linked cyberespionage group DEV-0401. Researchers at cybersecurity firm Sygnia attributed the recently discovered Linux ransomware Cheerscrypt to the China-linked cyber espionage group Bronze Starlight (aka DEV-0401, APT10) Bronze Starlight, has been active since mid-2021, in June researchers from Secureworks reported that the APT group is deploying […] ]]> 2022-10-04T07:05:05+00:00 https://securityaffairs.co/wordpress/136611/malware/apt10-cheerscrypt-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=7293585 False Ransomware APT 10 None Security Affairs - Blog Secu Another US defense contractor suffered a data breach, the BlackCat ransomware gang claims to have hacked NJVC. The ALPHV/BlackCat ransomware gang claims to have breached the IT firm NJVC, which supports the federal government and the United States Department of Defense. The company supports intelligence, defense, and geospatial organizations. The company has more than 1,200 employees in locations worldwide.  BlackCat added NJVC to […] ]]> 2022-10-02T15:58:56+00:00 https://securityaffairs.co/wordpress/136537/cyber-crime/njvc-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7272374 False Ransomware None None Security Affairs - Blog Secu The recently born Bl00Dy Ransomware gang has started using the recently leaked LockBit ransomware builder in attacks in the wild. The Bl00Dy Ransomware gang is the first group that started using the recently leaked LockBit ransomware builder in attacks in the wild. Last week, an alleged disgruntled developer leaked the builder for the latest encryptor […] ]]> 2022-09-28T10:35:45+00:00 https://securityaffairs.co/wordpress/136345/cyber-crime/bl00dy-ransomware-lockbit-3-encryptor.html www.secnews.physaphae.fr/article.php?IdArticle=7176969 False Ransomware None None Security Affairs - Blog Secu Elbit Systems of America, a subsidiary of defense giant Elbit Systems, disclosed a data breach after Black Basta ransomware gang claimed to have hacked it. In late June, the Black Basta ransomware gang claimed to have hacked Elbit Systems of America, the extortion group added the name of the company to its Tor leak site. […] ]]> 2022-09-27T15:37:51+00:00 https://securityaffairs.co/wordpress/136310/cyber-crime/elbit-systems-of-america-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=7160877 False Ransomware,Data Breach None None Security Affairs - Blog Secu A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang. The leak of the builder for the latest encryptor of the LockBit ransomware gang made the headlines, it seems that the person who published it is a disgruntled developer. The latest version of […] ]]> 2022-09-22T05:19:24+00:00 https://securityaffairs.co/wordpress/136056/data-breach/lockbit-3-0-builder-leak.html www.secnews.physaphae.fr/article.php?IdArticle=7055697 False Ransomware None None Security Affairs - Blog Secu Bitdefender has released a free decryptor to allow the victims of the LockerGoga ransomware to recover their files without paying a ransom. The cybersecurity firm Bitdefender has released a free decryptor to allow LockerGoga ransomware victims to recover their encrypted files without paying a ransom. “We're pleased to announce the availability of a new decryptor […] ]]> 2022-09-16T20:02:03+00:00 https://securityaffairs.co/wordpress/135843/malware/lockergoga-ransomware-decryptor.html www.secnews.physaphae.fr/article.php?IdArticle=6936041 False Ransomware None None Security Affairs - Blog Secu Cisco confirmed the May attack and that the data leaked by the Yanluowang ransomware group was stolen from its systems. In August, Cisco disclosed a security breach, the Yanluowang ransomware gang breached its corporate network in late May and stole internal data. The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed […] ]]> 2022-09-12T08:57:15+00:00 https://securityaffairs.co/wordpress/135625/cyber-crime/cisco-hack-yanluowang-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=6858709 True Ransomware None None Security Affairs - Blog Secu 2022-09-09T08:57:47+00:00 https://securityaffairs.co/wordpress/135511/apt/dev-0270-abuses-bitlocker-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=6798992 False Ransomware,Threat None None Security Affairs - Blog Secu Some members of the Conti ransomware gang were involved in financially motivated attacks targeting Ukraine from April to August 2022. Researchers from Google’s Threat Analysis Group (TAG) reported that some former members of the Conti cybercrime group were involved in five different campaigns targeting Ukraine between April and August 2022. The activities overlap with operations […] ]]> 2022-09-08T09:10:20+00:00 https://securityaffairs.co/wordpress/135447/cyber-crime/conti-ransomware-members-target-ukraine.html www.secnews.physaphae.fr/article.php?IdArticle=6782176 False Ransomware,Threat None None Security Affairs - Blog Secu One of the US largest School districts, the Los Angeles Unified School District, suffered a ransomware attack during the weekend. The Los Angeles Unified School District is one of the largest school distinct in the US, it was hit by a ransomware attack during the Labor Day weekend. The security breach took place a few […] ]]> 2022-09-06T18:33:30+00:00 https://securityaffairs.co/wordpress/135411/cyber-crime/los-angeles-unified-school-district-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=6753212 False Ransomware None None Security Affairs - Blog Secu QNAP warns customers of ongoing DeadBolt ransomware attacks that are exploiting a zero-day vulnerability in Photo Station. QNAP warns customers of an ongoing wave of DeadBolt ransomware attacks, threat actors are exploiting a zero-day vulnerability in Photo Station. The attacks started on Saturday meantime the Taiwanese vendor has addressed the vulnerability. “QNAP Systems, Inc. today […] ]]> 2022-09-05T20:43:48+00:00 https://securityaffairs.co/wordpress/135347/malware/qnap-deadbolt-ransomware-new-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=6743256 False Ransomware,Vulnerability,Threat None None Security Affairs - Blog Secu Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus to identify Chromium, Electron, as malware Microsoft released a Windows Defender update to fix a problem that caused Defender antivirus software to identify the app based on the Chromium browser engine or the Electron JavaScript framework as malware. Multiple users reported […] ]]> 2022-09-05T11:44:19+00:00 https://securityaffairs.co/wordpress/135326/security/windows-defender-flase-positive.html www.secnews.physaphae.fr/article.php?IdArticle=6739548 False Ransomware,Malware None None Security Affairs - Blog Secu Uptycs researchers recently spotted a new Linux ransomware that appears to be under active development. The Uptycs Threat Research team recently observed an Executable and Linkable Format (ELF) ransomware which encrypts the files inside Linux systems based on the given folder path. We observed that the dropped README note matches exactly with the DarkAngels ransomware […] ]]> 2022-09-02T13:26:40+00:00 https://securityaffairs.co/wordpress/135218/malware/linux-ransomware-under-development.html www.secnews.physaphae.fr/article.php?IdArticle=6684725 False Ransomware,Threat None None Security Affairs - Blog Secu The Ragnar Locker ransomware gang claims to have hacked the Portuguese state-owned flag carrier airline TAP Air Portugal and stolen customers’ data. The Ragnar Locker ransomware added the Portuguese state-owned flag carrier airline TAP Air Portugal to its leak site and claims to have stolen customers’ data. On August 26, the Portugues company announced via […] ]]> 2022-09-01T15:27:41+00:00 https://securityaffairs.co/wordpress/135168/data-breach/ragnar-locker-ransomware-tap-air-portugal.html www.secnews.physaphae.fr/article.php?IdArticle=6666669 False Ransomware None None Security Affairs - Blog Secu 2022-08-30T09:47:59+00:00 https://securityaffairs.co/wordpress/135026/cyber-crime/baker-taylor-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=6622495 False Ransomware None None Security Affairs - Blog Secu Trend Micro researchers warn of a new ransomware family called Agenda, which has been used in attacks on organizations in Asia and Africa. Trend Micro researchers recently discovered a new piece of targeted ransomware, tracked as Agenda, that was written in the Go programming language. The ransomware was employed in a targeted attack against one of […] ]]> 2022-08-28T05:06:36+00:00 https://securityaffairs.co/wordpress/134911/cyber-crime/agenda-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=6587220 False Ransomware,Threat None 3.0000000000000000 Security Affairs - Blog Secu A French hospital, the Center Hospitalier Sud Francilien (CHSF), suffered a cyberattack on Sunday and was forced to refer patients to other structures. The Center Hospitalier Sud Francilien (CHSF), a hospital southeast of Paris, has suffered a ransomware attack over the weekend. The attack disrupted the emergency services and surgeries and forced the hospital to refer patients […] ]]> 2022-08-24T07:01:06+00:00 https://securityaffairs.co/wordpress/134771/cyber-crime/center-hospitalier-sud-francilien-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=6497765 False Ransomware None None Security Affairs - Blog Secu LockBit ransomware gang claims to have hacked the IT giant Entrust and started leaking the stolen files. Entrust Corp., provides software and hardware used to issue financial cards, e-passport production, user authentication for those looking to access secure networks or conduct financial transactions, trust certificated for websites, mobile credentials, and connected devices. The Lockbit ransomware […] ]]> 2022-08-23T00:02:06+00:00 https://securityaffairs.co/wordpress/134707/cyber-crime/lockbit-hacked-entrust.html www.secnews.physaphae.fr/article.php?IdArticle=6477170 False Ransomware,Hack None None Security Affairs - Blog Secu A new version of the BlackByte ransomware appeared in the threat landscape, version 2.0 uses extortion techniques similar to LockBit ones. BlackByte ransomware Version 2.0 appeared in the threat landscape after a short break, the latest version has a new data leak site. It is interesting to note that the group introduced some novelties in the […] ]]> 2022-08-18T15:24:11+00:00 https://securityaffairs.co/wordpress/134531/cyber-crime/blackbyte-ransomware-v2.html www.secnews.physaphae.fr/article.php?IdArticle=6395062 False Ransomware,Threat None 2.0000000000000000 Security Affairs - Blog Secu 2022-08-15T15:22:28+00:00 https://securityaffairs.co/wordpress/134392/malware/sova-android-malware-v5.html www.secnews.physaphae.fr/article.php?IdArticle=6342993 False Ransomware,Malware None None Security Affairs - Blog Secu The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are warning of Zeppelin ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory to warn of Zeppelin ransomware attacks. The Zeppelin ransomware first appeared on the threat landscape in November 2019 […] ]]> 2022-08-14T06:52:55+00:00 https://securityaffairs.co/wordpress/134350/cyber-crime/zeppelin-ransomware-joint-alert.html www.secnews.physaphae.fr/article.php?IdArticle=6311917 False Ransomware,Threat None None Security Affairs - Blog Secu The Conti ransomware gang is using BazarCall phishing attacks as an initial attack vector to access targeted networks. BazarCall attack, aka call back phishing, is an attack vector that utilizes targeted phishing methodology and was first used by the Ryuk ransomware gang in 2020/2021. The BazarCall attack chain is composed of the following stages: Stage […] ]]> 2022-08-12T06:25:03+00:00 https://securityaffairs.co/wordpress/134302/cyber-crime/bazarcall-revolutionized-ransomware-operations.html www.secnews.physaphae.fr/article.php?IdArticle=6265094 False Ransomware None None Security Affairs - Blog Secu Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. Cisco disclosed a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed that threat […] ]]> 2022-08-10T21:20:53+00:00 https://securityaffairs.co/wordpress/134278/hacking/yanluowang-ransomware-hacked-cisco.html www.secnews.physaphae.fr/article.php?IdArticle=6236967 False Ransomware,Threat None None Security Affairs - Blog Secu Cybersecurity researchers from Kaspersky linked the Maui ransomware to the North Korea-backed Andariel APT group. Kaspersky linked with medium confidence the Maui ransomware operation to the North Korea-backed APT group Andariel, which is considered a division of the Lazarus APT Group,  North Korean nation-state actors used Maui ransomware to encrypt servers providing healthcare services, including electronic […] ]]> 2022-08-09T17:04:09+00:00 https://securityaffairs.co/wordpress/134195/malware/maui-ransomware-andariel-apt.html www.secnews.physaphae.fr/article.php?IdArticle=6213659 False Ransomware APT 38 None Security Affairs - Blog Secu Researchers spotted a new family of ransomware, named GwisinLocker, that encrypts Windows and Linux ESXi servers. Researchers warn of a new ransomware called GwisinLocker which is able to encrypt Windows and Linux ESXi servers. The ransomware targets South Korean healthcare, industrial, and pharmaceutical companies, its name comes from the name of the author ‘Gwisin’ (ghost […] ]]> 2022-08-07T12:24:54+00:00 https://securityaffairs.co/wordpress/134105/cyber-crime/gwisinlocker-ransowmare-south-korea.html www.secnews.physaphae.fr/article.php?IdArticle=6184024 False Ransomware None None Security Affairs - Blog Secu Semikron, a German-based independent manufacturer of power semiconductor components, suffered a ransomware cyberattck. Semikron is a German-based independent manufacturer of power semiconductor components, it employs more than 3,000 people in 24 subsidiaries worldwide, with production sites in Germany, Brazil, China, France, India, Italy, Slovakia and the USA. The company confirmed it has suffered a cyberattack conducted by a professional […] ]]> 2022-08-03T18:34:37+00:00 https://securityaffairs.co/wordpress/133975/cyber-crime/semikron-cyber-attack.html www.secnews.physaphae.fr/article.php?IdArticle=6110723 False Ransomware None None Security Affairs - Blog Secu The ALPHV/BlackCat ransomware gang claims to have breached the European gas pipeline Creos Luxembourg S.A. The ALPHV/BlackCat ransomware gang claims to have hacked the European gas pipeline Creos Luxembourg S.A. Creos Luxembourg S.A. owns and manages electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg. In this capacity, the company plans, constructs […] ]]> 2022-08-01T18:26:37+00:00 https://securityaffairs.co/wordpress/133899/cyber-crime/alphv-blackcat-ransomware-creos-luxembourg.html www.secnews.physaphae.fr/article.php?IdArticle=6081290 False Ransomware None None Security Affairs - Blog Secu 2022-07-30T19:40:21+00:00 https://securityaffairs.co/wordpress/133827/malware/enisa-threat-landscape-for-ransomware-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=6040800 False Ransomware,Threat None None Security Affairs - Blog Secu Researchers found similarities between LockBit 3.0 ransomware and BlackMatter, which is a rebranded variant of the DarkSide ransomware. Cybersecurity researchers have found similarities between the latest version of the LockBit ransomware, LockBit 3.0, and the BlackMatter ransomware. The Lockbit 3.0 ransomware was released in June with important novelties such as a bug bounty program, Zcash payment, and new extortion […] ]]> 2022-07-27T11:25:33+00:00 https://securityaffairs.co/wordpress/133697/malware/lockbit-3-0-blackmatter-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5968116 False Ransomware None 3.0000000000000000 Security Affairs - Blog Secu The ransomware group Lockbit claims to have stolen 78 GB of files from the Italian Revenue Agency (Agenzia delle Entrate). The ransomware gang Lockbit claims to have hacked the Italian Revenue Agency (Agenzia delle Entrate) and added the government agency to the list of victims reported on its dark web leak site. “The Revenue Agency, operational since 1 January […] ]]> 2022-07-25T11:01:11+00:00 https://securityaffairs.co/wordpress/133640/cyber-crime/lockbit-ransomware-italian-revenue-agency.html www.secnews.physaphae.fr/article.php?IdArticle=5938781 False Ransomware None None Security Affairs - Blog Secu The U.S. DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. The U.S. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. “The Justice Department today announced a complaint filed in […] ]]> 2022-07-23T18:27:23+00:00 https://securityaffairs.co/wordpress/133587/cyber-warfare-2/fbi-seized-bitcoin-maui-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5906151 False Ransomware,Threat None None Security Affairs - Blog Secu Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers from Kaspersky Lab detailed a new ransomware family named Luna, which is written in Rust and is able to target Windows, Linux, and ESXi systems. Luna ransomware is the third ransomware family that is written […] ]]> 2022-07-20T20:16:43+00:00 https://securityaffairs.co/wordpress/133454/cyber-crime/luna-ransomware-rust.html www.secnews.physaphae.fr/article.php?IdArticle=5838890 False Ransomware None None Security Affairs - Blog Secu The high-end British jeweler Graff paid a £6 million ransom after the ransomware attack it suffered in 2021. In September 2021, the Conti ransomware gang hit high society jeweler Graff and threatens to release private details of world leaders, actors and tycoons The customers of the company are the richest people on the globe, including […] ]]> 2022-07-18T07:23:20+00:00 https://securityaffairs.co/wordpress/133347/cyber-crime/graff-paid-a-7-5m-ransom.html www.secnews.physaphae.fr/article.php?IdArticle=5814425 False Ransomware,Guideline None None Security Affairs - Blog Secu Microsoft researchers linked the Holy Ghost ransomware (H0lyGh0st) operation to North Korea-linked threat actors. The Microsoft Threat Intelligence Center (MSTIC) researchers linked the activity of the Holy Ghost ransomware (H0lyGh0st) operation to a North Korea-linked group they tracked as DEV-0530. The Holy Ghost ransomware gang has been active since June 2021 and it conducted ransomware […] ]]> 2022-07-15T12:08:14+00:00 https://securityaffairs.co/wordpress/133255/hacking/holy-ghost-ransomware-north-korea.html www.secnews.physaphae.fr/article.php?IdArticle=5745126 False Ransomware,Threat None None Security Affairs - Blog Secu Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence firm Cyble warn of new ransomware gangs that surfaced recently, named Lilith, RedAlert, and 0mega. RedAlert (aka N13V) targets both Windows and Linux VMWare ESXi servers of target organizations. The name RedAlert comes after a string […] ]]> 2022-07-15T07:26:04+00:00 https://securityaffairs.co/wordpress/133248/cyber-crime/lilith-redalert-0mega-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5739657 False Ransomware,Threat None None Security Affairs - Blog Secu BlackCat (aka ALPHV) Ransomware gang introduced an advanced search by stolen victim's passwords, and confidential documents. The notorious cybercriminal syndicate BlackCat competes with Conti and Lockbit 3.0. They introduced an advanced search by stolen victim's passwords, and confidential documents leaked in the TOR network Resecurity (USA), a Los Angeles-based cybersecurity company protecting Fortune 500 companies, […] ]]> 2022-07-11T09:27:27+00:00 https://securityaffairs.co/wordpress/133107/cyber-crime/blackcat-alphv-ransomware-demands.html www.secnews.physaphae.fr/article.php?IdArticle=5659347 False Ransomware None None Security Affairs - Blog Secu BleepingComputer reported a new ransomware operation named 0mega that is targeting organizations worldwide. 0mega is a new ransomware operation that is targeting organizations worldwide using a double-extortion model, BleepingComputer reported. The ransomware operation has been active at least since May 2022 and already claimed to have breached multiple organizations. Victims of the ransomware reported that […] ]]> 2022-07-11T07:50:42+00:00 https://securityaffairs.co/wordpress/133098/malware/0mega-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5658613 False Ransomware None None Security Affairs - Blog Secu French virtual mobile telephone operator La Poste Mobile was hit by a ransomware attack that impacted administrative and management services.  The ransomware attack hit the virtual mobile telephone operator La Poste Mobile on July 4 and paralyzed administrative and management services.  The company pointed out that threat actors may have accessed data of its customers, […] ]]> 2022-07-10T16:07:44+00:00 https://securityaffairs.co/wordpress/133080/cyber-crime/la-poste-mobile-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5648528 False Ransomware,Threat None None Security Affairs - Blog Secu Experts documented the evolution of the LockBit ransomware that leverages multiple techniques to infect targets and evade detection. The Cybereason Global Security Operations Center (GSOC) Team published the Cybereason Threat Analysis Reports that investigates the threat landscape and provides recommendations to mitigate their attacks. The researchers focused on the evolution of the Lockbit ransomware, they detailed two infections occurring […] ]]> 2022-07-09T04:59:16+00:00 https://securityaffairs.co/wordpress/133027/cyber-crime/lockbit-2-0-evolution.html www.secnews.physaphae.fr/article.php?IdArticle=5622937 False Ransomware,Threat None None Security Affairs - Blog Secu Emsisoft has released a free decryption tool that allows victims of the AstraLocker and Yashma ransomware to recover their files without paying a ransom. Cybersecurity firm Emsisoft released a free decryptor tool that allows victims of the AstraLocker and Yashma ransomware to recover their files without paying a ransom. The security firm states that the […] ]]> 2022-07-08T14:04:16+00:00 https://securityaffairs.co/wordpress/133014/malware/emsisoft-astralocker-yashma-decryptor.html www.secnews.physaphae.fr/article.php?IdArticle=5611884 False Ransomware,Tool None None Security Affairs - Blog Secu The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. IBM researchers collected evidence indicating that the Russia-based cybercriminal Trickbot group (aka Wizard Spider, DEV-0193, ITG23) has been systematically attacking Ukraine since the beginning of the Russian invasion of the country. Since February, the Conti ransomware […] ]]> 2022-07-08T10:25:18+00:00 https://securityaffairs.co/wordpress/132999/cyber-crime/trickbot-systematically-attacking-ukraine.html www.secnews.physaphae.fr/article.php?IdArticle=5609074 False Ransomware,Malware None None Security Affairs - Blog Secu Taiwanese vendor QNAP wars of a new strain of ransomware, dubbed Checkmate, that is targeting its NAS devices. The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts […] ]]> 2022-07-08T07:23:07+00:00 https://securityaffairs.co/wordpress/132989/malware/checkmate-ransomware-targets-qnap-nas.html www.secnews.physaphae.fr/article.php?IdArticle=5606964 False Ransomware,Threat None None Security Affairs - Blog Secu US authorities have issued a joint advisory warning of North Korea-linked APTs using Maui ransomware in attacks against the Healthcare sector. The FBI, CISA, and the U.S. Treasury Department issued a joint advisory that warn of North-Korea-linked threat actors using Maui ransomware in attacks aimed at organizations in the Healthcare sector. “The Federal Bureau of […] ]]> 2022-07-07T13:49:58+00:00 https://securityaffairs.co/wordpress/132978/malware/maui-ransomware-joint-alert.html www.secnews.physaphae.fr/article.php?IdArticle=5594661 False Ransomware,Threat None None Security Affairs - Blog Secu Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The operators of the Hive ransomware upgraded their malware by migrating the malware to the Rust language and implementing a more sophisticated encryption method, Microsoft researchers warn. “The upgrades in the latest variant are effectively […] ]]> 2022-07-06T09:38:38+00:00 https://securityaffairs.co/wordpress/132914/malware/hive-ransomware-new-variant.html www.secnews.physaphae.fr/article.php?IdArticle=5576358 False Ransomware,Malware None None Security Affairs - Blog Secu AstraLocker ransomware operators told BleepingComputer they’re shutting down their operations and are releasing decryptors. AstraLocker ransomware operators told BleepingComputer they’re shutting down the operation and provided decryptors to the VirusTotal malware analysis platform. AstraLocker is based on the source code of the Babuk Locker (Babyk) ransomware that was leaked online on June 2021. BleepingComputer tested the […] ]]> 2022-07-05T07:44:27+00:00 https://securityaffairs.co/wordpress/132871/malware/astralocker-ransomware-shut-down.html www.secnews.physaphae.fr/article.php?IdArticle=5558384 False Ransomware,Malware None None Security Affairs - Blog Secu A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. The role of Social Media in modern society – Social Media Day 22 interview Experts shared PoC exploit code for RCE in Zoho ManageEngine ADAudit Plus tool A ransomware attack […] ]]> 2022-07-03T16:10:18+00:00 https://securityaffairs.co/wordpress/132822/breaking-news/security-affairs-newsletter-round-372-by-pierluigi-paganini.html www.secnews.physaphae.fr/article.php?IdArticle=5537086 False Ransomware,Tool None None Security Affairs - Blog Secu A cyber attack forced the American publishing giant Macmillan to shut down its IT systems.  The publishing giant Macmillan has been hit by a cyberattack that forced the company to shut down its IT infrastructure to prevent the threat from spreading within its network. The company spokesman Erin Coffey told different media outlets that attackers have encrypted […] ]]> 2022-07-02T05:03:39+00:00 https://securityaffairs.co/wordpress/132792/cyber-crime/macmillan-ransomware-attack.html www.secnews.physaphae.fr/article.php?IdArticle=5505715 False Ransomware,Threat None None Security Affairs - Blog Secu Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware, the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4. “The Korea Internet & Security Agency (KISA) is distributing […] ]]> 2022-06-30T23:00:44+00:00 https://securityaffairs.co/wordpress/132770/malware/hive-ransomware-decryptor.html www.secnews.physaphae.fr/article.php?IdArticle=5477848 False Ransomware None None Security Affairs - Blog Secu The LockBit ransomware operators released LockBit 3.0 with important novelties, including a bug bounty program and Zcash payments. The Lockbit ransomware operation has released LockBit 3.0, which has important noveòties such as a bug bounty program, Zcash payment, and new extortion tactics. The gang has been active since at least 2019 and today it is […] ]]> 2022-06-28T14:40:50+00:00 https://securityaffairs.co/wordpress/132701/cyber-crime/lockbit-3-0.html www.secnews.physaphae.fr/article.php?IdArticle=5432016 False Ransomware None None Security Affairs - Blog Secu China-linked APT Bronze Starlight is deploying post-intrusion ransomware families as a diversionary action to its cyber espionage operations. Researchers from Secureworks reported that a China-linked APT group, tracked as Bronze Starlight (APT10), is deploying post-intrusion ransomware families to cover up the cyber espionage operations. The experts observed an activity cluster involving post-intrusion ransomware such as […] ]]> 2022-06-26T13:40:00+00:00 https://securityaffairs.co/wordpress/132624/apt/bronze-starlight-deploy-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5401371 False Ransomware APT 10 None Security Affairs - Blog Secu Experts warn threat actors have exploited a zero-day vulnerability in a Mitel VoIP appliance in a ransomware attack. CrowdStrike researchers recently investigated the compromise of a Mitel VOIP appliance as an entry point in a ransomware attack against the network of an organization.  The attackers exploited a remote code execution zero-day vulnerability on the Mitel […] ]]> 2022-06-25T11:59:00+00:00 https://securityaffairs.co/wordpress/132588/hacking/mitel-voip-ransomware-attack.html www.secnews.physaphae.fr/article.php?IdArticle=5379054 False Ransomware,Vulnerability,Threat None None Security Affairs - Blog Secu Experts warn of a new ech0raix ransomware campaign targeting QNAP Network Attached Storage (NAS) devices. Bleeping Computer and MalwareHunterTeam researchers, citing user reports and sample submissions on the ID Ransomware platform, warn of a new wave of ech0raix ransomware attacks targeting QNAP Network Attached Storage (NAS) devices. The ransomware, tracked by Intezer as “QNAPCrypt” and “eCh0raix” by Anomali, is […] ]]> 2022-06-19T07:00:00+00:00 https://securityaffairs.co/wordpress/132410/cyber-crime/ech0raix-ransomware-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=5269088 False Ransomware None None Security Affairs - Blog Secu The BlackCat ransomware gang is targeting unpatched Exchange servers to compromise target networks, Microsoft warns. Microsoft researchers have observed BlackCat ransomware gang targeting unpatched Exchange servers to compromise organizations worldwide. The compromise of Exchange servers allows threat actors to access the target networks, perform internal reconnaissance and lateral movement activities, and steal sensitive documents before encrypting them. “For example, […] ]]> 2022-06-16T21:53:40+00:00 https://securityaffairs.co/wordpress/132343/hacking/blackcat-ransomware-targets-unpatched-microsoft-exchange.html www.secnews.physaphae.fr/article.php?IdArticle=5199926 False Ransomware,Threat None None Security Affairs - Blog Secu Experts observed the HelloXD ransomware deploying a backdoor to facilitate persistent remote access to infected hosts. The HelloXD ransomware first appeared in the threat landscape on November 30, 2021, it borrows the code from Babuk ransomware, which is available in Russian-speaking hacking forums since September 2021. Unlike other ransomware operations, this ransomware gang doesn't use a […] ]]> 2022-06-13T13:18:30+00:00 https://securityaffairs.co/wordpress/132207/malware/helloxd-ransomware-installs-microbackdoor.html www.secnews.physaphae.fr/article.php?IdArticle=5132474 False Ransomware,Threat None None Security Affairs - Blog Secu A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers HID Mercury Access Controller flaws […] ]]> 2022-06-12T22:21:36+00:00 https://securityaffairs.co/wordpress/132194/breaking-news/security-affairs-newsletter-round-369-by-pierluigi-paganini.html www.secnews.physaphae.fr/article.php?IdArticle=5122861 False Ransomware None None Security Affairs - Blog Secu Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134, affecting Atlassian Confluence Server and Data Center. Proof-of-concept exploits for the CVE-2022-26134 vulnerability have been released online, Bleeping Computer reported that starting from […] ]]> 2022-06-12T14:14:51+00:00 https://securityaffairs.co/wordpress/132186/cyber-crime/ransomware-gangs-cve-2022-26134-rce-atlassian-confluence.html www.secnews.physaphae.fr/article.php?IdArticle=5116425 False Ransomware None 3.0000000000000000 Security Affairs - Blog Secu The Cuba ransomware operators are back and employed a new version of its malware in recent attacks. Cuba ransomware has been active since at least January 2020. Its operators have a data leak site, where they post exfiltrated data from their victims who refused to pay the ransom. The ransomware encrypts files on the targeted systems […] ]]> 2022-06-10T14:37:16+00:00 https://securityaffairs.co/wordpress/132134/malware/cuba-ransomware-new-variant.html www.secnews.physaphae.fr/article.php?IdArticle=5076307 False Ransomware,Malware None None Security Affairs - Blog Secu The Vice Society group has claimed responsibility for the ransomware attack that hit the Italian city of Palermo forcing the IT admins to shut down its infrastructure. The Vice Society ransomware group has claimed responsibility for the recent cyber attack that hit the city of Palermo in the South of Italy. In response to the […] ]]> 2022-06-10T08:24:56+00:00 https://securityaffairs.co/wordpress/132122/cyber-crime/city-of-palermo-vice-society-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5071521 False Ransomware None None Security Affairs - Blog Secu Black Basta ransomware gang implemented a new feature to encrypt VMware ESXi virtual machines (VMs) running on Linux servers. The Black Basta ransomware gang now supports encryption of VMware ESXi virtual machines (VMs) running on Linux servers. Researchers from Uptycs first reported the discovery of the new Black Basta ransomware variant that supports encryption of […] ]]> 2022-06-08T07:55:06+00:00 https://securityaffairs.co/wordpress/132037/hacking/black-basta-ransomware-vmware-esxi.html www.secnews.physaphae.fr/article.php?IdArticle=5036679 False Ransomware None None Security Affairs - Blog Secu Mandiant researchers associate multiple LockBit ransomware attacks with the notorious Evil Corp Cybercrime Group. Mandiant researchers have investigated multiple LOCKBIT ransomware attacks that have been attributed to the financially motivated threat actor UNC2165. The researchers also noticed that the group shares numerous overlaps with the cybercrime gang Evil Corp. The UNC2165 group has been active since at […] ]]> 2022-06-07T14:19:53+00:00 https://securityaffairs.co/wordpress/132031/cyber-crime/evil-corp-lockbit-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=5022096 False Ransomware,Threat None 2.0000000000000000 Security Affairs - Blog Secu The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack […] ]]> 2022-06-07T08:55:47+00:00 https://securityaffairs.co/wordpress/132018/hacking/black-basta-ransomware-qbot.html www.secnews.physaphae.fr/article.php?IdArticle=5020098 False Ransomware,Malware,Threat None None Security Affairs - Blog Secu LockBit ransomware gang claims to have hacked the cybersecurity firm Mandiant, which is investigating the alleged security breach. Today the LockBit ransomware gang has added the cybersecurity firm Mandiant to the list of victims published on its darkweb leak site. Mandiant is investigating the claims of the ransomware gang, the cybercrime group declared to have […] ]]> 2022-06-06T22:39:43+00:00 https://securityaffairs.co/wordpress/132011/cyber-crime/lockbit-claims-mandiant-hack.html www.secnews.physaphae.fr/article.php?IdArticle=5016533 False Ransomware None None Security Affairs - Blog Secu LockBit ransomware gang claimed responsibility for an attack against the electronics manufacturing giant Foxconn that impacted production in Mexico The electronics manufacturing giant Foxconn confirmed that its production plant in Tijuana (Mexico) has been impacted by a ransomware attack in late May. The LockBit ransomware gang claimed responsibility for an attack and announced that it […] ]]> 2022-06-02T18:34:36+00:00 https://securityaffairs.co/wordpress/131891/cyber-crime/lockbit-ransomware-foxconn-plant-mexico.html www.secnews.physaphae.fr/article.php?IdArticle=4935490 False Ransomware None None Security Affairs - Blog Secu 2022-06-02T17:09:12+00:00 https://securityaffairs.co/wordpress/131885/hacking/conti-leaked-chat-firmware-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=4934690 False Ransomware,Threat None None Security Affairs - Blog Secu Costa Rican Social Security Fund, Costa Rica ‘s public health service, was hit by a Hive ransomware attack. Costa Rican Social Security Fund, Costa Rica ‘s public health service (aka CCCS), was hit today by a Hive ransomware attack, BleepingComputer reported. The attack occurred early this morning, Tuesday, May 31, 2022. The authorities are investigating […] ]]> 2022-06-01T06:53:54+00:00 https://securityaffairs.co/wordpress/131837/cyber-crime/costa-rica-cccs-hive-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=4915421 False Ransomware None None Security Affairs - Blog Secu Cyber Research Labs reported a rise in ransomware attacks in the second quarter of 2022, small states are more exposed to these attacks. Cyber Research Labs observed a rise in ransomware attacks in the second quarter of 2022, some of them with a severe impact on the victims, such as the attack that hit the […] ]]> 2022-05-31T07:13:32+00:00 https://securityaffairs.co/wordpress/131816/malware/ransomware-attacks-small-states-q2-2022.html www.secnews.physaphae.fr/article.php?IdArticle=4901047 False Ransomware None None Security Affairs - Blog Secu Researchers discovered a new ransomware family called GoodWill that asks victims to donate the ransom for social causes. CloudSEK's Threat Intelligence Research team has disclosed a new ransomware strain called GoodWill, that demands victims the payment of a ransom through donations for social causes and financially helping people in need. “The ransomware group propagates very unusual demands in […] ]]> 2022-05-30T11:20:08+00:00 https://securityaffairs.co/wordpress/131792/hacking/goodwill-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=4894581 False Ransomware,Threat None 3.0000000000000000