This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-15T06:08:28+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Black Basta ransomware-as-a-service (RaaS) operation has targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia since its emergence in April 2022. In a joint advisory published by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS]]> 2024-05-13T15:31:00+00:00 https://thehackernews.com/2024/05/black-basta-ransomware-strikes-500.html www.secnews.physaphae.fr/article.php?IdArticle=8498848 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev. In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S. Department of the Treasury\'s Office of Foreign Assets Control (]]> 2024-05-07T21:19:00+00:00 https://thehackernews.com/2024/05/russian-hacker-dmitry-khoroshev.html www.secnews.physaphae.fr/article.php?IdArticle=8495312 False Ransomware None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims. Yaroslav Vasinskyi (aka Rabotnik), 24, along with his co-conspirators part of the REvil ransomware group orchestrated more than 2,500 ransomware attacks and demanded ransom payments in]]> 2024-05-02T17:56:00+00:00 https://thehackernews.com/2024/05/ukrainian-revil-hacker-sentenced-to-13.html www.secnews.physaphae.fr/article.php?IdArticle=8492386 False Ransomware,Legislation None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Between crossovers - Do threat actors play dirty or desperate? In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether or not this is an actual second attack, an affiliate crossover (meaning an affiliate has gone to]]> 2024-04-22T15:52:00+00:00 https://thehackernews.com/2024/04/ransomware-double-dip-re-victimization.html www.secnews.physaphae.fr/article.php?IdArticle=8486755 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia," cybersecurity agencies from the Netherlands and the U.S.,]]> 2024-04-19T16:31:00+00:00 https://thehackernews.com/2024/04/akira-ransomware-gang-extorts-42.html www.secnews.physaphae.fr/article.php?IdArticle=8485253 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Super Low RPO with Continuous Data Protection:Dial Back to Just Seconds Before an Attack Zerto, a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use]]> 2024-04-18T16:47:00+00:00 https://thehackernews.com/2024/04/recover-from-ransomware-in-5-minuteswe.html www.secnews.physaphae.fr/article.php?IdArticle=8484685 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account. Armed with this access, a]]> 2024-04-17T16:27:00+00:00 https://thehackernews.com/2024/04/critical-atlassian-flaw-exploited-to.html www.secnews.physaphae.fr/article.php?IdArticle=8484052 False Ransomware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023 CL0P Growth  Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the \'CryptoMix\' ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 to 2022. But in 2023 the CL0P ransomware gang took itself to new heights and became one of the]]> 2024-04-09T16:54:00+00:00 https://thehackernews.com/2024/04/cl0ps-ransomware-rampage-security.html www.secnews.physaphae.fr/article.php?IdArticle=8478661 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023. Figure]]> 2024-04-08T16:53:00+00:00 https://thehackernews.com/2024/04/the-drop-in-ransomware-attacks-in-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8478077 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Despite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. These continued threats aren\'t just an inconvenience that hurt businesses and end users - they damage the economy, endanger lives, destroy businesses and put national security at risk. But if that wasn\'t enough – North Korea appears to be using revenue from cyber]]> 2024-04-01T16:50:00+00:00 https://thehackernews.com/2024/04/detecting-windows-based-malware-through.html www.secnews.physaphae.fr/article.php?IdArticle=8474025 False Ransomware,Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT. The attacks entail the exploitation of CVE-2024-27198 (CVSS score: 9.8) that enables an adversary to bypass authentication measures and gain administrative]]> 2024-03-20T16:56:00+00:00 https://thehackernews.com/2024/03/teamcity-flaw-leads-to-surge-in.html www.secnews.physaphae.fr/article.php?IdArticle=8467287 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of Justice (DoJ) with "conspiring with others to intentionally damage protected computers and to transmit]]> 2024-03-14T19:17:00+00:00 https://thehackernews.com/2024/03/lockbit-ransomware-hacker-ordered-to.html www.secnews.physaphae.fr/article.php?IdArticle=8463834 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident "began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of]]> 2024-03-11T15:23:00+00:00 https://thehackernews.com/2024/03/bianlian-threat-actors-exploiting.html www.secnews.physaphae.fr/article.php?IdArticle=8462076 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is blatantly obvious when you check the source code of the new takedown notice." "There]]> 2024-03-06T20:33:00+00:00 https://thehackernews.com/2024/03/exit-scam-blackcat-ransomware-group.html www.secnews.physaphae.fr/article.php?IdArticle=8459914 False Ransomware,Threat,Legislation None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker. “TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos researcher Chetan Raghuprasad said in a report shared with The Hacker News. “GhostLocker and]]> 2024-03-06T12:41:00+00:00 https://thehackernews.com/2024/03/alert-ghostsec-and-stormous-launch.html www.secnews.physaphae.fr/article.php?IdArticle=8459706 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. “Structured as a ransomware as a service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and]]> 2024-03-04T10:54:00+00:00 https://thehackernews.com/2024/03/phobos-ransomware-aggressively.html www.secnews.physaphae.fr/article.php?IdArticle=8458699 False Ransomware,Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as this month. "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized," the government said in an updated advisory. "This is likely in response to the ALPHV/BlackCat administrator\'s]]> 2024-02-28T18:36:00+00:00 https://thehackernews.com/2024/02/fbi-warns-us-healthcare-sector-of.html www.secnews.physaphae.fr/article.php?IdArticle=8456448 False Ransomware,Medical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its servers. To that end, the notorious group has moved its data leak portal to a new .onion address on the TOR network, listing 12 new victims as of writing. The administrator behind LockBit, in a&]]> 2024-02-26T10:27:00+00:00 https://thehackernews.com/2024/02/lockbit-ransomware-group-resurfaces.html www.secnews.physaphae.fr/article.php?IdArticle=8455224 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, "has engaged with law enforcement," authorities said. The development comes following the takedown of the prolific ransomware-as-a-service (RaaS) operation as part of a coordinated international operation codenamed Cronos. Over 14,000 rogue]]> 2024-02-25T14:23:00+00:00 https://thehackernews.com/2024/02/authorities-claim-lockbit-admin.html www.secnews.physaphae.fr/article.php?IdArticle=8454915 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. State Department has announced monetary rewards of up to $15 million for information that could lead to the identification of key leaders within the LockBit ransomware group and the arrest of any individual participating in the operation. "Since January 2020, LockBit actors have executed over 2,000 attacks against victims in the United States, and around the world, causing costly]]> 2024-02-22T10:56:00+00:00 https://thehackernews.com/2024/02/us-offers-15-million-bounty-to-hunt.html www.secnews.physaphae.fr/article.php?IdArticle=8453518 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) On Thanksgiving Day 2023, while many Americans were celebrating, hospitals across the U.S. were doing quite the opposite. Systems were failing. Ambulances were diverted. Care was impaired. Hospitals in three states were hit by a ransomware attack, and in that moment, the real-world repercussions came to light-it wasn\'t just computer networks that were brought to a halt, but actual patient]]> 2024-02-21T14:50:00+00:00 https://thehackernews.com/2024/02/cybersecurity-for-healthcarediagnosing.html www.secnews.physaphae.fr/article.php?IdArticle=8453138 False Ransomware,Threat,Medical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit\'s source code as well as intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos. "Some of the data on LockBit\'s systems belonged to victims who had paid a ransom to the threat actors, evidencing that even when a ransom is paid, it does not]]> 2024-02-20T18:25:00+00:00 https://thehackernews.com/2024/02/lockbit-ransomware-operation-shut-down.html www.secnews.physaphae.fr/article.php?IdArticle=8452720 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In the tumultuous landscape of cybersecurity, the year 2023 left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in what stands as one of the most impactful ransomware assaults in recent memory.  When organizations have no response plan in place for such an]]> 2024-02-20T16:23:00+00:00 https://thehackernews.com/2024/02/learn-how-to-build-incident-response.html www.secnews.physaphae.fr/article.php?IdArticle=8452678 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns. While the full extent of the effort, codenamed Operation Cronos, is presently unknown, visiting the group\'s .onion website displays a seizure banner containing the message "]]> 2024-02-20T10:55:00+00:00 https://thehackernews.com/2024/02/lockbit-ransomwares-darknet-domains.html www.secnews.physaphae.fr/article.php?IdArticle=8452572 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that it\'s being likely exploited in Akira ransomware attacks. The vulnerability in question is ]]> 2024-02-16T21:12:00+00:00 https://thehackernews.com/2024/02/cisa-warning-akira-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8451009 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA). "Through a comprehensive analysis of Rhysida Ransomware, we identified an]]> 2024-02-12T18:42:00+00:00 https://thehackernews.com/2024/02/rhysida-ransomware-cracked-free.html www.secnews.physaphae.fr/article.php?IdArticle=8449262 False Ransomware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation. It is also giving away an additional $5 million for specifics that could lead to the arrest and/or conviction of any person "conspiring to participate in or attempting to participate in Hive ransomware activity."]]> 2024-02-12T10:01:00+00:00 https://thehackernews.com/2024/02/us-offers-10-million-bounty-for-info.html www.secnews.physaphae.fr/article.php?IdArticle=8449126 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The German company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified relevant authorities. "We have revoked all security-related certificates and systems have been remediated or replaced]]> 2024-02-03T09:25:00+00:00 https://thehackernews.com/2024/02/anydesk-hacked-popular-remote-desktop.html www.secnews.physaphae.fr/article.php?IdArticle=8446231 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP addresses and URLs. The law enforcement effort, codenamed Synergia, took place between September and November 2023 in an attempt to blunt the "growth, escalation and professionalization of transnational cybercrime." Involving 60 law]]> 2024-02-02T15:53:00+00:00 https://thehackernews.com/2024/02/interpol-arrests-31-in-global-operation.html www.secnews.physaphae.fr/article.php?IdArticle=8445925 False Ransomware,Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have detected in the wild yet another variant of the Phobos ransomware family known as Faust. Fortinet FortiGuard Labs, which detailed the latest iteration of the ransomware, said it\'s being propagated by means of an infection that delivers a Microsoft Excel document (.XLAM) containing a VBA script. "The attackers utilized the Gitea service to store several files]]> 2024-01-29T16:33:00+00:00 https://thehackernews.com/2024/01/albabat-kasseika-kuiper-new-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8444395 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. The tactic allows "threat actors to terminate antivirus processes and services for the deployment of ransomware," Trend]]> 2024-01-24T16:50:00+00:00 https://thehackernews.com/2024/01/kasseika-ransomware-using-byovd-trick.html www.secnews.physaphae.fr/article.php?IdArticle=8442515 False Ransomware,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank. Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or JimJones), 33, has been tied to the breach of the Medibank network as well as the theft and release of Personally Identifiable]]> 2024-01-24T14:25:00+00:00 https://thehackernews.com/2024/01/us-uk-australia-sanction-russian-revil.html www.secnews.physaphae.fr/article.php?IdArticle=8442473 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 4,368 cases.  Figure 1: Year over year victims per quarter The rollercoaster ride from explosive growth in 2021 to a momentary dip in 2022 was just a teaser-2023 roared back with the same fervor as 2021, propelling existing groups and ushering in a wave of formidable]]> 2024-01-15T19:28:00+00:00 https://thehackernews.com/2024/01/3-ransomware-group-newcomers-to-watch.html www.secnews.physaphae.fr/article.php?IdArticle=8439242 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands. “As part of their multi-extortion strategy, this group will provide victims with multiple options when their data is posted on their]]> 2024-01-12T18:53:00+00:00 https://thehackernews.com/2024/01/medusa-ransomware-on-rise-from-data.html www.secnews.physaphae.fr/article.php?IdArticle=8438294 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Generative AI will enable anyone to launch sophisticated phishing attacks that only Next-generation MFA devices can stop The least surprising headline from 2023 is that ransomware again set new records for a number of incidents and the damage inflicted. We saw new headlines every week, which included a who\'s-who of big-name organizations. If MGM, Johnson Controls, Chlorox, Hanes Brands, Caesars]]> 2024-01-11T17:13:00+00:00 https://thehackernews.com/2024/01/there-is-ransomware-armageddon-coming.html www.secnews.physaphae.fr/article.php?IdArticle=8437843 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities made it possible to arrest the threat actor behind the operations. The encryption key has also been shared with Avast,]]> 2024-01-10T16:01:00+00:00 https://thehackernews.com/2024/01/free-decryptor-released-for-black-basta.html www.secnews.physaphae.fr/article.php?IdArticle=8437484 False Ransomware,Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access. “The analyzed threat campaign appears to end in one of two ways, either the selling of \'access\' to the compromised host, or the ultimate delivery of ransomware payloads,” Securonix researchers]]> 2024-01-09T19:15:00+00:00 https://thehackernews.com/2024/01/turkish-hackers-exploiting-poorly.html www.secnews.physaphae.fr/article.php?IdArticle=8437166 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Thursday said it\'s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. “The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” the Microsoft Threat Intelligence]]> 2023-12-29T10:46:00+00:00 https://thehackernews.com/2023/12/microsoft-disables-msix-app-installer.html www.secnews.physaphae.fr/article.php?IdArticle=8430625 False Ransomware,Malware,Threat,Patching None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. "The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023. "Carbanak returned last month through new]]> 2023-12-26T12:56:00+00:00 https://thehackernews.com/2023/12/carbanak-banking-malware-resurfaces.html www.secnews.physaphae.fr/article.php?IdArticle=8429198 False Ransomware,Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially motivated actors to ensure the success of their campaigns. "Companies can have thousands of computers connected to their network, and with remote ransomware, all it takes is one underprotected device to compromise the entire network," Mark Loman, vice]]> 2023-12-20T19:02:00+00:00 https://thehackernews.com/2023/12/remote-encryption-attacks-surge-how-one.html www.secnews.physaphae.fr/article.php?IdArticle=8426114 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that victims can use to regain access to files locked by the malware. Court documents show that the U.S. Federal Bureau of Investigation (FBI) enlisted the help of a confidential human source (CHS) to act as an affiliate for the BlackCat and gain]]> 2023-12-19T21:22:00+00:00 https://thehackernews.com/2023/12/fbi-takes-down-blackcat-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8425555 False Ransomware,Malware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on the inner workings of the ransomware operation led by Mikhail Pavlovich Matveev, a Russian national who was indicted by the U.S. government earlier this year for his alleged role in launching thousands of attacks across the world. Matveev, who resides in Saint Petersburg and is known by the aliases Wazawaka, m1x, Boriselcin, Uhodiransomwar,]]> 2023-12-19T20:46:00+00:00 https://thehackernews.com/2023/12/behind-scenes-of-matveevs-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8425524 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. "Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure organizations in North]]> 2023-12-19T11:12:00+00:00 https://thehackernews.com/2023/12/double-extortion-play-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8425246 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware attacks have become a significant and pervasive threat in the ever-evolving realm of cybersecurity. Among the various iterations of ransomware, one trend that has gained prominence is Ransomware-as-a-Service (RaaS). This alarming development has transformed the cybercrime landscape, enabling individuals with limited technical expertise to carry out devastating attacks.]]> 2023-12-08T16:38:00+00:00 https://thehackernews.com/2023/12/ransomware-as-service-growing-threat.html www.secnews.physaphae.fr/article.php?IdArticle=8420156 False Ransomware,Threat,Prediction,Technical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. The DanaBot infections led to "hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider, UNC2198), culminating in the deployment of CACTUS ransomware," the Microsoft Threat Intelligence team said in a series of posts on X (]]> 2023-12-04T09:50:00+00:00 https://thehackernews.com/2023/12/microsoft-warns-of-malvertising-scheme.html www.secnews.physaphae.fr/article.php?IdArticle=8418912 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into targeted environments. "This campaign marks the first documented instance [...] where threat actors deploying CACTUS ransomware have exploited vulnerabilities in Qlik Sense for initial access," Arctic Wolf]]> 2023-11-30T16:46:00+00:00 https://thehackernews.com/2023/11/cactus-ransomware-exploits-qlik-sense.html www.secnews.physaphae.fr/article.php?IdArticle=8418040 False Ransomware,Vulnerability,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A variant of a ransomware strain known as DJVU has been observed to be distributed in the form of cracked software. "While this attack pattern is not new, incidents involving a DJVU variant that appends the .xaro extension to affected files and demanding ransom for a decryptor have been observed infecting systems alongside a host of various commodity loaders and infostealers," Cybereason]]> 2023-11-29T11:25:00+00:00 https://thehackernews.com/2023/11/djvu-ransomwares-latest-variant-xaro.html www.secnews.physaphae.fr/article.php?IdArticle=8417699 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A coordinated law enforcement operation has led to the arrest of key individuals in Ukraine who are alleged to be a part of several ransomware schemes. "On 21 November, 30 properties were searched in the regions of Kyiv, Cherkasy, Rivne, and Vinnytsia, resulting in the arrest of the 32-year-old ringleader," Europol said in a statement today. "Four of the ringleader\'s most active accomplices were]]> 2023-11-28T16:03:00+00:00 https://thehackernews.com/2023/11/key-cybercriminals-behind-notorious.html www.secnews.physaphae.fr/article.php?IdArticle=8417481 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments. The joint advisory comes from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI),]]> 2023-11-22T10:19:00+00:00 https://thehackernews.com/2023/11/lockbit-ransomware-exploiting-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8415738 False Ransomware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The ransomware strain known as Play is now being offered to other threat actors "as a service," new evidence unearthed by Adlumin has revealed. "The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the ransomware-as-a-service (RaaS) and are following step-by-step instructions from playbooks delivered with it," the]]> 2023-11-21T19:26:00+00:00 https://thehackernews.com/2023/11/play-ransomware-goes-commercial-now.html www.secnews.physaphae.fr/article.php?IdArticle=8415387 False Ransomware,Threat,Commercial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated attacks. The findings come from Cisco Talos, which has recorded an increase in activity carried out by cybercriminals. “Most of the group\'s Phobos variants are distributed by SmokeLoader, a backdoor trojan," security researcher Guilherme Venere said in an]]> 2023-11-18T16:57:00+00:00 https://thehackernews.com/2023/11/8base-group-deploying-new-phobos.html www.secnews.physaphae.fr/article.php?IdArticle=8413874 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that\'s known to employ sophisticated phishing tactics to infiltrate targets. "Scattered Spider threat actors typically engage in data theft for extortion using multiple social engineering techniques and have recently leveraged BlackCat/ALPHV ransomware alongside their]]> 2023-11-17T13:02:00+00:00 https://thehackernews.com/2023/11/us-cybersecurity-agencies-warn-of.html www.secnews.physaphae.fr/article.php?IdArticle=8413267 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors. The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). "Observed as a ransomware-as-a-service (RaaS)]]> 2023-11-16T17:33:00+00:00 https://thehackernews.com/2023/11/cisa-and-fbi-issue-warning-about.html www.secnews.physaphae.fr/article.php?IdArticle=8412860 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks. "Starting from a single compromised machine, threat actors could progress in several ways: they could move to other cloned machines with GCPW installed, gain access]]> 2023-11-16T16:48:00+00:00 https://thehackernews.com/2023/11/hackers-could-exploit-google-workspace.html www.secnews.physaphae.fr/article.php?IdArticle=8412835 False Ransomware,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape. "It appears that the leadership of the Hive group made the strategic decision to cease their operations and transfer their remaining assets to another group, Hunters]]> 2023-11-13T17:42:00+00:00 https://thehackernews.com/2023/11/new-ransomware-group-emerges-with-hives.html www.secnews.physaphae.fr/article.php?IdArticle=8411002 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft. Lace Tempest, which is known for distributing the Cl0p ransomware, has in the past leveraged zero-day flaws in MOVEit Transfer and PaperCut servers. The issue, tracked as CVE-2023-47246, concerns a path traversal]]> 2023-11-09T22:24:00+00:00 https://thehackernews.com/2023/11/zero-day-alert-lace-tempest-exploits.html www.secnews.physaphae.fr/article.php?IdArticle=8408634 False Ransomware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ. Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have been leveraged for the deployment of Cerber (aka C3RB3R) ransomware. Both vulnerabilities are critical, allowing threat]]> 2023-11-07T12:44:00+00:00 https://thehackernews.com/2023/11/experts-warn-of-ransomware-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8407092 False Ransomware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of the Treasury imposed sanctions against a Russian woman for taking part in the laundering of virtual currency for the country\'s elites and cybercriminal crews, including the Ryuk ransomware group. Ekaterina Zhdanova, per the department, is said to have facilitated large cross border transactions to assist Russian individuals to gain access to Western financial markets and]]> 2023-11-06T11:00:00+00:00 https://thehackernews.com/2023/11/us-treasury-targets-russian-money.html www.secnews.physaphae.fr/article.php?IdArticle=8406529 False Ransomware None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. "In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations," cybersecurity firm Rapid7 disclosed in a]]> 2023-11-02T09:57:00+00:00 https://thehackernews.com/2023/11/hellokitty-ransomware-group-exploiting.html www.secnews.physaphae.fr/article.php?IdArticle=8404608 False Ransomware,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach organizations across the world. Microsoft, which disclosed the activities of the financially motivated hacking crew, described the adversary as "one of the most dangerous financial criminal]]> 2023-10-26T19:26:00+00:00 https://thehackernews.com/2023/10/microsoft-warns-as-scattered-spider.html www.secnews.physaphae.fr/article.php?IdArticle=8400870 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Europol on Friday announced the takedown of the infrastructure associated with Ragnar Locker ransomware, alongside the arrest of a "key target" in France. "In an action carried out between 16 and 20 October, searches were conducted in Czechia, Spain, and Latvia," the agency said. "The main perpetrator, suspected of being a developer of the Ragnar group, has been brought in front of the examining]]> 2023-10-21T18:40:00+00:00 https://thehackernews.com/2023/10/europol-dismantles-ragnar-locker.html www.secnews.physaphae.fr/article.php?IdArticle=8398660 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to bypass common defense strategies effectively.  This article will cover just some of those new developments in Q3-2023 as well as give predictions on quarters to]]> 2023-10-13T16:37:00+00:00 https://thehackernews.com/2023/10/ransomware-attacks-doubled-year-on-year.html www.secnews.physaphae.fr/article.php?IdArticle=8395108 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That\'s according to a new joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) detailing the ransomware-as-a-service (RaaS) operation\'s]]> 2023-10-13T15:55:00+00:00 https://thehackernews.com/2023/10/fbi-cisa-warn-of-rising-avoslocker.html www.secnews.physaphae.fr/article.php?IdArticle=8395083 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Wednesday said that a user containment feature in Microsoft Defender for Endpoint helped thwart a "large-scale remote encryption attempt" made by Akira ransomware actors targeting an unknown industrial organization in early June 2023. The tech giant\'s threat intelligence team is tracking the operator as Storm-1567. The attack leveraged devices that were not onboarded to Microsoft]]> 2023-10-12T15:59:00+00:00 https://thehackernews.com/2023/10/microsoft-defender-thwarts-akira.html www.secnews.physaphae.fr/article.php?IdArticle=8394709 False Ransomware,Threat,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Despite the disruption to its infrastructure, the threat actors behind the QakBot malware have been linked to an ongoing phishing campaign since early August 2023 that led to the delivery of Ransom Knight (aka Cyclops) ransomware and Remcos RAT. This indicates that “the law enforcement operation may not have impacted Qakbot operators\' spam delivery infrastructure but rather only their]]> 2023-10-05T18:48:00+00:00 https://thehackernews.com/2023/10/qakbot-threat-actors-still-in-action.html www.secnews.physaphae.fr/article.php?IdArticle=8391856 False Ransomware,Spam,Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert. "Variants]]> 2023-09-30T15:19:00+00:00 https://thehackernews.com/2023/09/fbi-warns-of-rising-trend-of-dual.html www.secnews.physaphae.fr/article.php?IdArticle=8389842 False Ransomware,Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Data security is in the headlines often, and it\'s almost never for a positive reason. Major breaches, new ways to hack into an organization\'s supposedly secure data, and other threats make the news because well, it\'s scary - and expensive.  Data breaches, ransomware and malware attacks, and other cybercrime might be pricey to prevent, but they are even more costly when they occur, with the]]> 2023-09-27T16:53:00+00:00 https://thehackernews.com/2023/09/new-survey-uncovers-how-companies-are.html www.secnews.physaphae.fr/article.php?IdArticle=8388299 False Ransomware,Malware,Hack None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity experts have shed light on a new cybercrime group known as ShadowSyndicate (formerly Infra Storm) that may have leveraged as many as seven different ransomware families over the past year. "ShadowSyndicate is a threat actor that works with various ransomware groups and affiliates of ransomware programs," Group-IB and Bridewell said in a new joint report. The actor, active since]]> 2023-09-26T21:26:00+00:00 https://thehackernews.com/2023/09/shadowsyndicate-new-cybercrime-group.html www.secnews.physaphae.fr/article.php?IdArticle=8388055 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A financially motivated threat actor has been outed as an initial access broker (IAB) that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware. SecureWorks Counter Threat Unit (CTU) has dubbed the e-crime group Gold Melody, which is also known by the names Prophet Spider (CrowdStrike) and UNC961 (Mandiant). "This financially motivated]]> 2023-09-21T14:41:00+00:00 https://thehackernews.com/2023/09/cyber-group-gold-melody-selling.html www.secnews.physaphae.fr/article.php?IdArticle=8386223 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The financially motivated threat actor known as UNC3944 is pivoting to ransomware deployment as part of an expansion to its monetization strategies, Mandiant has revealed. "UNC3944 has demonstrated a stronger focus on stealing large amounts of sensitive data for extortion purposes and they appear to understand Western business practices, possibly due to the geographical composition of the group,]]> 2023-09-18T08:46:00+00:00 https://thehackernews.com/2023/09/financially-motivated-unc3944-threat.html www.secnews.physaphae.fr/article.php?IdArticle=8384683 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared with just 831 in Q1 2023. The MOVEit attack has claimed over 600 victims so far and that number is still]]> 2023-09-15T16:43:00+00:00 https://thehackernews.com/2023/09/the-interdependence-between-automated.html www.secnews.physaphae.fr/article.php?IdArticle=8383674 False Ransomware,Data Breach,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates. "This suggests that the threat actors are streamlining operations by making their techniques multipurpose," Trend Micro researchers said in a new analysis published this]]> 2023-09-15T14:19:00+00:00 https://thehackernews.com/2023/09/cybercriminals-combine-phishing-and-ev.html www.secnews.physaphae.fr/article.php?IdArticle=8383639 False Ransomware,Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new ransomware family called 3AM has emerged in the wild after it was detected in a single incident in which an unidentified affiliate deployed the strain following an unsuccessful attempt to deploy LockBit (aka Bitwise Spider or Syrphid) in the target network. "3AM is written in Rust and appears to be a completely new malware family," the Symantec Threat Hunter Team, part of Broadcom, said in]]> 2023-09-13T15:26:00+00:00 https://thehackernews.com/2023/09/rust-written-3am-ransomware-sneak-peek.html www.secnews.physaphae.fr/article.php?IdArticle=8382266 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are exploiting poorly secured Microsoft SQL (MS SQL) servers to deliver Cobalt Strike and a ransomware strain called FreeWorld. Cybersecurity firm Securonix, which has dubbed the campaign DB#JAMMER, said it stands out for the way the toolset and infrastructure is employed. “Some of these tools include enumeration software, RAT payloads, exploitation and credential stealing software]]> 2023-09-01T21:11:00+00:00 https://thehackernews.com/2023/09/threat-actors-targeting-microsoft-sql.html www.secnews.physaphae.fr/article.php?IdArticle=8377866 False Ransomware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An open-source .NET-based information stealer malware dubbed SapphireStealer is being used by multiple entities to enhance its capabilities and spawn their own bespoke variants. “Information-stealing malware like SapphireStealer can be used to obtain sensitive information, including corporate credentials, which are often resold to other threat actors who leverage the access for additional]]> 2023-08-31T19:45:00+00:00 https://thehackernews.com/2023/08/sapphirestealer-malware-gateway-to.html www.secnews.physaphae.fr/article.php?IdArticle=8377227 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Unpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what\'s suspected to be a ransomware attack. Cybersecurity company Sophos is tracking the activity cluster under the moniker STAC4663. Attack chains involve the exploitation of CVE-2023-3519, a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could]]> 2023-08-29T14:47:00+00:00 https://thehackernews.com/2023/08/citrix-netscaler-alert-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8376137 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants. Russian cybersecurity company Kaspersky said it detected a ransomware intrusion that deployed a version of LockBit but with a markedly different ransom demand procedure. "The attacker behind this incident decided to use a different ransom note with a headline related to a]]> 2023-08-26T15:56:00+00:00 https://thehackernews.com/2023/08/lockbit-30-ransomware-builder-leak.html www.secnews.physaphae.fr/article.php?IdArticle=8374839 False Ransomware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A malicious toolset dubbed Spacecolon is being deployed as part of an ongoing campaign to spread variants of the Scarab ransomware across victim organizations globally. "It probably finds its way into victim organizations by its operators compromising vulnerable web servers or via brute forcing RDP credentials," ESET security researcher Jakub Souček said in a detailed technical write-up]]> 2023-08-23T15:04:00+00:00 https://thehackernews.com/2023/08/spacecolon-toolset-fuels-global-surge.html www.secnews.physaphae.fr/article.php?IdArticle=8373574 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution. "The Impacket tool has credential dumping and remote service execution modules that could be used for broad deployment of the BlackCat ransomware in target environments," the company\'s]]> 2023-08-18T16:27:00+00:00 https://thehackernews.com/2023/08/new-blackcat-ransomware-variant-adopts.html www.secnews.physaphae.fr/article.php?IdArticle=8371721 False Ransomware,Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors. Monti emerged in June 2022, weeks after the Conti ransomware group shut down its operations, deliberately imitating the tactics and tools associated with the latter, including its leaked source code. Not anymore.]]> 2023-08-15T19:41:00+00:00 https://thehackernews.com/2023/08/monti-ransomware-returns-with-new-linux.html www.secnews.physaphae.fr/article.php?IdArticle=8370268 False Ransomware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor has been linked to a cyber attack on a power generation company in South Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack. "The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a South African nation\'s critical infrastructure," Kurt Baumgartner, principal security researcher at]]> 2023-08-11T15:10:00+00:00 https://thehackernews.com/2023/08/new-systembc-malware-variant-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8368855 False Ransomware,Malware,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Tactical similarities have been unearthed between the double extortion ransomware group known as Rhysida and Vice Society, including in their targeting of education and healthcare sectors. "As Vice Society was observed deploying a variety of commodity ransomware payloads, this link does not suggest that Rhysida is exclusively used by Vice Society, but shows with at least medium confidence that]]> 2023-08-09T09:50:00+00:00 https://thehackernews.com/2023/08/new-report-exposes-vice-societys.html www.secnews.physaphae.fr/article.php?IdArticle=8367832 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor is using a variant of the Yashma ransomware to target various entities in English-speaking countries, Bulgaria, China, and Vietnam at least since June 4, 2023. Cisco Talos, in a new write-up, attributed the operation with moderate confidence to an adversary of likely Vietnamese origin. "The threat actor uses an uncommon technique to deliver the ransom note," security]]> 2023-08-08T14:23:00+00:00 https://thehackernews.com/2023/08/new-yashma-ransomware-variant-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8367147 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malvertising campaign has been observed leveraging ads on Google Search and Bing to target users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP, and trick them into downloading trojanized installers with an aim to breach enterprise networks and likely carry out future ransomware attacks. Dubbed Nitrogen, the "opportunistic" activity is designed to deploy second-stage]]> 2023-07-27T18:42:00+00:00 https://thehackernews.com/2023/07/new-malvertising-campaign-distributing.html www.secnews.physaphae.fr/article.php?IdArticle=8362246 False Ransomware,Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Regardless of the country, local government is essential in most citizens\' lives. It provides many day-to-day services and handles various issues. Therefore, their effects can be far-reaching and deeply felt when security failures occur. In early 2023, Oakland, California, fell victim to a ransomware attack. Although city officials have not disclosed how the attack occurred, experts suspect a]]> 2023-07-21T17:11:00+00:00 https://thehackernews.com/2023/07/local-governments-targeted-for.html www.secnews.physaphae.fr/article.php?IdArticle=8359715 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal. "Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an organization\'s files, and then threatening to publish the stolen data on a leak site as leverage to convince]]> 2023-07-20T22:26:00+00:00 https://thehackernews.com/2023/07/mallox-ransomware-exploits-weak-ms-sql.html www.secnews.physaphae.fr/article.php?IdArticle=8359337 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Discover stories about threat actors\' latest tactics, techniques, and procedures from Cybersixgill\'s threat experts each month. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks. Learn about the top vulnerabilities and review the latest ransomware and malware trends from the deep and dark web. Stolen ChatGPT]]> 2023-07-18T16:24:00+00:00 https://thehackernews.com/2023/07/go-beyond-headlines-for-deeper-dives.html www.secnews.physaphae.fr/article.php?IdArticle=8358216 False Ransomware,Malware,Vulnerability,Threat ChatGPT,ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The financially motivated threat actor known as FIN8 has been observed using a "revamped" version of a backdoor called Sardonic to deliver the BlackCat ransomware. According to the Symantec Threat Hunter Team, part of Broadcom, the development is an attempt on the part of the e-crime group to diversify its focus and maximize profits from infected entities. The intrusion attempt took place in]]> 2023-07-18T15:49:00+00:00 https://thehackernews.com/2023/07/fin8-group-using-modified-sardonic.html www.secnews.physaphae.fr/article.php?IdArticle=8358195 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware has emerged as the only cryptocurrency-based crime to grow in 2023, with cybercriminals extorting nearly $175.8 million more than they did a year ago, according to findings from Chainalysis. "Ransomware attackers are on pace for their second-biggest year ever, having extorted at least $449.1 million through June," the blockchain analytics firm said in a midyear crypto crime report]]> 2023-07-12T18:39:00+00:00 https://thehackernews.com/2023/07/ransomware-extortion-skyrockets-in-2023.html www.secnews.physaphae.fr/article.php?IdArticle=8355302 False Ransomware None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A developing piece of ransomware called Big Head is being distributed as part of a malvertising campaign that takes the form of bogus Microsoft Windows updates and Word installers. Big Head was first documented by Fortinet FortiGuard Labs last month, when it discovered multiple variants of the ransomware that are designed to encrypt files on victims\' machines in exchange for a cryptocurrency]]> 2023-07-11T14:15:00+00:00 https://thehackernews.com/2023/07/beware-of-big-head-ransomware-spreading.html www.secnews.physaphae.fr/article.php?IdArticle=8354412 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware attacks are a major problem for organizations everywhere, and the severity of this problem continues to intensify. Recently, Microsoft\'s Incident Response team investigated the BlackByte 2.0 ransomware attacks and exposed these cyber strikes\' terrifying velocity and damaging nature. The findings indicate that hackers can complete the entire attack process, from gaining initial access]]> 2023-07-07T15:50:00+00:00 https://thehackernews.com/2023/07/blackbyte-20-ransomware-infiltrate.html www.secnews.physaphae.fr/article.php?IdArticle=8353328 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application. "Malicious actors used malvertising to distribute a piece of malware via cloned webpages of legitimate organizations," Trend Micro researchers said in an analysis published last week. "In this case, the distribution]]> 2023-07-03T10:16:00+00:00 https://thehackernews.com/2023/07/blackcat-operators-distributing.html www.secnews.physaphae.fr/article.php?IdArticle=8351711 False Ransomware,Malware,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A ransomware threat called 8Base that has been operating under the radar for over a year has been attributed to a "massive spike in activity" in May and June 2023. "The group utilizes encryption paired with \'name-and-shame\' techniques to compel their victims to pay their ransoms," VMware Carbon Black researchers Deborah Snyder and Fae Carlisle said in a report shared with The Hacker News. "8Base]]> 2023-06-28T15:45:00+00:00 https://thehackernews.com/2023/06/8base-ransomware-spikes-in-activity.html www.secnews.physaphae.fr/article.php?IdArticle=8350103 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Why Data Exfiltration Detection is Paramount? The world is witnessing an exponential rise in ransomware and data theft employed to extort companies. At the same time, the industry faces numerous critical vulnerabilities in database software and company websites. This evolution paints a dire picture of data exposure and exfiltration that every security leader and team is grappling with. This]]> 2023-06-22T16:40:00+00:00 https://thehackernews.com/2023/06/unveiling-unseen-identifying-data.html www.secnews.physaphae.fr/article.php?IdArticle=8348023 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of Justice (DoJ) on Thursday unveiled charges against a Russian national for his alleged involvement in deploying LockBit ransomware to targets in the U.S., Asia, Europe, and Africa. Ruslan Magomedovich Astamirov, 20, of Chechen Republic has been accused of perpetrating at least five attacks between August 2020 and March 2023. He was arrested in the state of Arizona last]]> 2023-06-16T13:32:00+00:00 https://thehackernews.com/2023/06/20-year-old-russian-lockbit-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8346089 False Ransomware None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The new flaw, which is yet to be assigned a CVE identifier, also concerns an SQL injection vulnerability that "could lead to escalated privileges and potential unauthorized access to the environment." The]]> 2023-06-16T09:05:00+00:00 https://thehackernews.com/2023/06/third-flaw-uncovered-in-moveit-transfer.html www.secnews.physaphae.fr/article.php?IdArticle=8346028 False Ransomware,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware actors and cryptocurrency scammers have joined nation-state actors in abusing cloud mining services to launder digital assets, new findings reveal. "Cryptocurrency mining is a crucial part of our industry, but it also holds special appeal to bad actors, as it provides a means to acquire money with a totally clean on-chain original source," blockchain analytics firm Chainalysis said in]]> 2023-06-15T21:50:00+00:00 https://thehackernews.com/2023/06/ransomware-hackers-and-scammers.html www.secnews.physaphae.fr/article.php?IdArticle=8345827 False Ransomware,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the LockBit ransomware-as-a-service (RaaS) scheme have extorted $91 million following hundreds of attacks against numerous U.S. organizations since 2020. That\'s according to a joint bulletin published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC]]> 2023-06-15T10:39:00+00:00 https://thehackernews.com/2023/06/lockbit-ransomware-extorts-91-million.html www.secnews.physaphae.fr/article.php?IdArticle=8345607 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software\'s MOVEit Transfer application to drop ransomware. "The Cl0p Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection]]> 2023-06-08T19:26:00+00:00 https://thehackernews.com/2023/06/clop-ransomware-gang-likely-exploiting.html www.secnews.physaphae.fr/article.php?IdArticle=8343332 False Ransomware,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Get exclusive insights from a real ransomware negotiator who shares authentic stories from network hostage situations and how he managed them. The Ransomware Industry Ransomware is an industry. As such, it has its own business logic: organizations pay money, in crypto-currency, in order to regain control over their systems and data. This industry\'s landscape is made up of approximately 10-20]]> 2023-06-07T16:49:00+00:00 https://thehackernews.com/2023/06/winning-mind-game-role-of-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8343001 False Ransomware None 2.0000000000000000