This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T16:43:17+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. "NETXLOADER is a new .NET-based loader that plays a critical role in cyber attacks," Trend Micro researchers Jacob Santos, Raymart Yambot, John Rainier Navato, Sarah Pearl]]> 2025-05-08T19:17:00+00:00 https://thehackernews.com/2025/05/qilin-leads-april-2025-ransomware-spike.html www.secnews.physaphae.fr/article.php?IdArticle=8673237 False Ransomware,Malware,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by]]> 2025-05-07T16:14:00+00:00 https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html www.secnews.physaphae.fr/article.php?IdArticle=8672700 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) It wasn\'t ransomware headlines or zero-day exploits that stood out most in this year\'s Verizon 2025 Data Breach Investigations Report (DBIR) - it was what fueled them. Quietly, yet consistently, two underlying factors played a role in some of the worst breaches: third-party exposure and machine credential abuse. According to the 2025 DBIR, third-party involvement in breaches doubled]]> 2025-05-06T16:55:00+00:00 https://thehackernews.com/2025/05/third-parties-and-machine-credentials.html www.secnews.physaphae.fr/article.php?IdArticle=8672281 False Ransomware,Data Breach,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of Justice (DoJ) on Thursday announced charges against a 36-year-old Yemeni national for allegedly deploying the Black Kingdom ransomware against global targets, including businesses, schools, and hospitals in the United States. Rami Khaled Ahmed of Sana\'a, Yemen, has been charged with one count of conspiracy, one count of intentional damage to a protected computer, and one]]> 2025-05-03T12:36:00+00:00 https://thehackernews.com/2025/05/us-charges-yemeni-hacker-behind-black.html www.secnews.physaphae.fr/article.php?IdArticle=8670925 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN). "LAGTOY can be]]> 2025-04-26T16:08:00+00:00 https://thehackernews.com/2025/04/toymaker-uses-lagtoy-to-sell-access-to.html www.secnews.physaphae.fr/article.php?IdArticle=8668080 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets. "The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in]]> 2025-04-09T13:34:00+00:00 https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html www.secnews.physaphae.fr/article.php?IdArticle=8661096 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In what\'s an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract]]> 2025-03-29T09:22:00+00:00 https://thehackernews.com/2025/03/blacklock-ransomware-exposed-after.html www.secnews.physaphae.fr/article.php?IdArticle=8659004 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that\'s designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in]]> 2025-03-27T19:40:00+00:00 https://thehackernews.com/2025/03/hackers-repurpose-ransomhubs.html www.secnews.physaphae.fr/article.php?IdArticle=8658605 False Ransomware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor\'s tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt. RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating]]> 2025-03-26T19:13:00+00:00 https://thehackernews.com/2025/03/redcurl-shifts-from-espionage-to.html www.secnews.physaphae.fr/article.php?IdArticle=8658335 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that\'s under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that\'s designed to invoke a]]> 2025-03-24T16:40:00+00:00 https://thehackernews.com/2025/03/vscode-marketplace-removes-two.html www.secnews.physaphae.fr/article.php?IdArticle=8657757 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools. Elastic Security Labs said it observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS]]> 2025-03-21T18:28:00+00:00 https://thehackernews.com/2025/03/medusa-ransomware-uses-malicious-driver.html www.secnews.physaphae.fr/article.php?IdArticle=8657200 False Ransomware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities. The leak, containing over 200,000 messages from September 2023 to September 2024, was published by a Telegram user @ExploitWhispers last month. According to an analysis of the messages by cybersecurity company]]> 2025-03-19T19:20:00+00:00 https://thehackernews.com/2025/03/leaked-black-basta-chats-suggest.html www.secnews.physaphae.fr/article.php?IdArticle=8656709 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week\'s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source]]> 2025-03-17T16:55:00+00:00 https://thehackernews.com/2025/03/thn-weekly-recap-router-hacks-pypi.html www.secnews.physaphae.fr/article.php?IdArticle=8656205 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider\'s storage security controls and default settings. “In just the past few months, I have witnessed two different methods for]]> 2025-03-17T16:30:00+00:00 https://thehackernews.com/2025/03/sans-institute-warns-of-novel-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8656206 False Ransomware,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme. Rostislav Panev was previously arrested in Israel in August 2024. He is said to have been working as a developer for the ransomware gang from 2019]]> 2025-03-14T20:37:00+00:00 https://thehackernews.com/2025/03/alleged-israeli-lockbit-developer.html www.secnews.physaphae.fr/article.php?IdArticle=8655774 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold-from the initial breach to the moment hackers demand payment. Join Joseph Carson, Delinea\'s Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a live demonstration, he will break down every technical step of a ransomware attack, showing you how]]> 2025-03-14T16:55:00+00:00 https://thehackernews.com/2025/03/live-ransomware-demo-see-how-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8655727 False Ransomware,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cyber threats today don\'t just evolve-they mutate rapidly, testing the resilience of everything from global financial systems to critical infrastructure. As cybersecurity confronts new battlegrounds-ranging from nation-state espionage and ransomware to manipulated AI chatbots-the landscape becomes increasingly complex, prompting vital questions: How secure are our cloud environments? Can our]]> 2025-03-10T15:16:00+00:00 https://thehackernews.com/2025/03/thn-weekly-recap-new-attacks-old-tricks.html www.secnews.physaphae.fr/article.php?IdArticle=8654845 False Ransomware,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that\'s used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil). "Ragnar Loader plays a key role in keeping access to compromised systems, helping attackers stay in networks for long-term operations," Swiss]]> 2025-03-07T19:45:00+00:00 https://thehackernews.com/2025/03/fin7-fin8-and-others-use-ragnar-loader.html www.secnews.physaphae.fr/article.php?IdArticle=8654548 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers and ransomware, while also working on a new product called EncryptRAT. "EncryptHub has been observed targeting users of popular applications, by distributing trojanized versions," Outpost24 KrakenLabs said in a new report shared with The]]> 2025-03-06T17:45:00+00:00 https://thehackernews.com/2025/03/encrypthub-deploys-ransomware-and.html www.secnews.physaphae.fr/article.php?IdArticle=8654261 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. In the first two months of 2025 alone, the group has claimed over 40 attacks, according to data from the Symantec Threat Hunter Team said in a report shared with The Hacker News. The]]> 2025-03-06T17:31:00+00:00 https://thehackernews.com/2025/03/medusa-ransomware-hits-40-victims-in.html www.secnews.physaphae.fr/article.php?IdArticle=8654262 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. "Once infiltrated, it grants attackers a wide range of remote control capabilities, allowing them to execute]]> 2025-03-04T21:51:00+00:00 https://thehackernews.com/2025/03/researchers-link-cactus-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8653495 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been exploiting a security vulnerability in Paragon Partition Manager\'s BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code. The zero-day flaw (CVE-2025-0289) is part of a set of five vulnerabilities that was discovered by Microsoft, according to the CERT Coordination Center (CERT/CC). "These include arbitrary kernel memory mapping and]]> 2025-03-03T19:26:00+00:00 https://thehackernews.com/2025/03/hackers-exploit-paragon-partition.html www.secnews.physaphae.fr/article.php?IdArticle=8653009 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023.  After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents (33% of the year\'s total). Law enforcement actions against major groups like LockBit caused fragmentation, leading to more competition and a rise in smaller gangs. The number of active ransomware groups jumped 40%, from 68 in 2023 to 95]]> 2025-03-03T16:30:00+00:00 https://thehackernews.com/2025/03/the-new-ransomware-groups-shaking-up.html www.secnews.physaphae.fr/article.php?IdArticle=8652967 False Ransomware,Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) More than a year\'s worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members. The Russian-language chats on the Matrix messaging platform between September 18, 2023, and September 28, 2024, were initially leaked on February 11, 2025, by an]]> 2025-02-26T19:24:00+00:00 https://thehackernews.com/2025/02/leaked-black-basta-chat-logs-reveal.html www.secnews.physaphae.fr/article.php?IdArticle=8651223 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware doesn\'t hit all at once-it slowly floods your defenses in stages. Like a ship subsumed with water, the attack starts quietly, below the surface, with subtle warning signs that are easy to miss. By the time encryption starts, it\'s too late to stop the flood.  Each stage of a ransomware attack offers a small window to detect and stop the threat before it\'s too late. The problem is]]> 2025-02-24T16:47:00+00:00 https://thehackernews.com/2025/02/becoming-ransomware-ready-why.html www.secnews.physaphae.fr/article.php?IdArticle=8650472 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases. The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw]]> 2025-02-20T16:51:00+00:00 https://thehackernews.com/2025/02/chinese-linked-attackers-exploit-check.html www.secnews.physaphae.fr/article.php?IdArticle=8649214 False Ransomware,Threat,Medical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network\'s domain controller as part of their post-compromise strategy. "RansomHub has targeted over 600 organizations globally, spanning sectors]]> 2025-02-14T15:47:00+00:00 https://thehackernews.com/2025/02/ransomhub-becomes-2024s-top-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8648470 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting as a ransomware player in an individual capacity. "During the attack in late 2024, the attacker deployed a distinct toolset that had]]> 2025-02-13T17:28:00+00:00 https://thehackernews.com/2025/02/hackers-exploited-pan-os-flaw-to-deploy.html www.secnews.physaphae.fr/article.php?IdArticle=8648368 False Ransomware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Source: The Nation A coordinated law enforcement operation has taken down the dark web data leak and negotiation sites associated with the 8Base ransomware gang. Visitors to the data leak site are now greeted with a seizure banner that says: "This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor]]> 2025-02-11T12:33:00+00:00 https://thehackernews.com/2025/02/8base-ransomware-data-leak-sites-seized.html www.secnews.physaphae.fr/article.php?IdArticle=8647989 False Ransomware,Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp\'s Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a]]> 2025-02-07T10:49:00+00:00 https://thehackernews.com/2025/02/hackers-exploit-simplehelp-rmm-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8647359 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023. The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%. "The number of ransomware events increased into H2, but on-chain payments declined,]]> 2025-02-06T19:33:00+00:00 https://thehackernews.com/2025/02/ransomware-extortion-drops-to-8135m-in.html www.secnews.physaphae.fr/article.php?IdArticle=8647237 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything." And the worst part is that even after paying, there\'s no guarantee you\'ll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get]]> 2025-02-06T16:30:00+00:00 https://thehackernews.com/2025/02/top-3-ransomware-threats-active-in-2025.html www.secnews.physaphae.fr/article.php?IdArticle=8647187 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total.  This breach shows just how deeply ransomware]]> 2025-01-29T16:00:00+00:00 https://thehackernews.com/2025/01/how-interlock-ransomware-infects.html www.secnews.physaphae.fr/article.php?IdArticle=8644246 False Ransomware,Vulnerability,Medical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar. "ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely," Sygnia]]> 2025-01-28T16:31:00+00:00 https://thehackernews.com/2025/01/ransomware-targets-esxi-systems-via.html www.secnews.physaphae.fr/article.php?IdArticle=8643757 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads. The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning platform by the same submitter towards the end of December 2024. "These two payload samples are]]> 2025-01-23T19:30:00+00:00 https://thehackernews.com/2025/01/experts-find-shared-codebase-linking.html www.secnews.physaphae.fr/article.php?IdArticle=8641605 False Ransomware,Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks. "This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity," the tech giant\'s cloud division said in its 11th]]> 2025-01-23T11:05:00+00:00 https://thehackernews.com/2025/01/triplestrength-targets-cloud-platforms.html www.secnews.physaphae.fr/article.php?IdArticle=8641413 False Ransomware,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network. According to GuidePoint Security, initial access is said to have been facilitated by means of a JavaScript malware downloaded named]]> 2025-01-16T12:15:00+00:00 https://thehackernews.com/2025/01/python-based-malware-powers-ransomhub.html www.secnews.physaphae.fr/article.php?IdArticle=8638133 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound. Most of the Ransomware strands that are attacking ESXi servers nowadays, are variants of the]]> 2025-01-13T17:00:00+00:00 https://thehackernews.com/2025/01/ransomware-on-esxi-mechanization-of.html www.secnews.physaphae.fr/article.php?IdArticle=8636714 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date. "The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms," Check Point Research said in a new report shared with The Hacker News. "]]> 2025-01-10T17:28:00+00:00 https://thehackernews.com/2025/01/ai-driven-ransomware-funksec-targets-85.html www.secnews.physaphae.fr/article.php?IdArticle=8635623 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware isn\'t slowing down-it\'s getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection.The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom in 2024. Are you prepared to fight back? Join]]> 2025-01-09T16:14:00+00:00 https://thehackernews.com/2025/01/webinar-learn-how-to-stop-encrypted.html www.secnews.physaphae.fr/article.php?IdArticle=8635257 False Ransomware,Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier this August and is currently awaiting extradition, the U.S. Department of Justice (DoJ) said in a]]> 2024-12-21T14:52:00+00:00 https://thehackernews.com/2024/12/lockbit-developer-rostislav-panev.html www.secnews.physaphae.fr/article.php?IdArticle=8628299 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user\'s email to numerous mailing lists simultaneously," Rapid7]]> 2024-12-09T23:14:00+00:00 https://thehackernews.com/2024/12/black-basta-ransomware-evolves-with.html www.secnews.physaphae.fr/article.php?IdArticle=8622400 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key. "At present,]]> 2024-11-30T12:44:00+00:00 https://thehackernews.com/2024/11/wanted-russian-cybercriminal-linked-to.html www.secnews.physaphae.fr/article.php?IdArticle=8618317 False Ransomware,Legislation None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An INTERPOL-led operation has led to the arrest of 1,006 suspects across 19 African countries and the takedown of 134,089 malicious infrastructures and networks as part of a coordinated effort to disrupt cybercrime in the continent. Dubbed Serengeti, the law enforcement exercise took place between September 2 and October 31, 2024, and targeted criminals behind ransomware, business email]]> 2024-11-27T12:50:00+00:00 https://thehackernews.com/2024/11/interpol-busts-african-cybercrime-1006.html www.secnews.physaphae.fr/article.php?IdArticle=8617984 False Ransomware,Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group]]> 2024-11-19T15:10:00+00:00 https://thehackernews.com/2024/11/new-helldown-ransomware-expands-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8614009 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) What do hijacked websites, fake job offers, and sneaky ransomware have in common? They\'re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creative-using everything from human trust to hidden flaws in]]> 2024-11-18T17:06:00+00:00 https://thehackernews.com/2024/11/thn-recap-top-cybersecurity-threats_18.html www.secnews.physaphae.fr/article.php?IdArticle=8613440 False Ransomware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware isn\'t just a buzzword; it\'s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving rapidly, becoming more dangerous and damaging than ever. Almost all respondents (99.8%) in a recent]]> 2024-11-14T17:40:00+00:00 https://thehackernews.com/2024/11/5-bcdr-oversights-that-leave-you-exposed-to-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8611040 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. The decryptor is the result of a comprehensive analysis of ShrinkLocker\'s inner workings, allowing the researchers to discover a "specific window of opportunity for data recovery immediately after the removal of protectors from BitLocker-encrypted]]> 2024-11-13T19:08:00+00:00 https://thehackernews.com/2024/11/free-decryptor-released-for-bitlocker.html www.secnews.physaphae.fr/article.php?IdArticle=8610429 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. "Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said. "Threat actors leveraged an unconventional blend]]> 2024-11-12T11:30:00+00:00 https://thehackernews.com/2024/11/new-ymir-ransomware-exploits-memory-for.html www.secnews.physaphae.fr/article.php?IdArticle=8609672 False Ransomware,Malware,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) INTERPOL on Tuesday said it took down more than 22,000 malicious servers linked to various cyber threats as part of a global operation. Dubbed Operation Synergia II, the coordinated effort ran from April 1 to August 31, 2024, targeting phishing, ransomware, and information stealer infrastructure. "Of the approximately 30,000 suspicious IP addresses identified, 76 per cent were taken down and 59]]> 2024-11-06T15:43:00+00:00 https://thehackernews.com/2024/11/interpols-operation-synergia-ii.html www.secnews.physaphae.fr/article.php?IdArticle=8606916 False Ransomware None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy,]]> 2024-10-30T21:14:00+00:00 https://thehackernews.com/2024/10/north-korean-group-collaborates-with.html www.secnews.physaphae.fr/article.php?IdArticle=8603784 False Ransomware,Threat APT 15,APT 45 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia, marking one of the rare instances where cybercriminals from the country have been convicted of hacking and money laundering charges. Russian news publication Kommersant reported that a court in St. Petersburg found Artem Zaets, Alexei Malozemov, Daniil Puzyrevsky, and Ruslan]]> 2024-10-26T14:04:00+00:00 https://thehackernews.com/2024/10/four-revil-ransomware-members-sentenced.html www.secnews.physaphae.fr/article.php?IdArticle=8601998 False Ransomware,Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection. The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B. "Notably, Qilin.B now supports AES-256-CTR encryption for systems with AESNI capabilities, while still retaining Chacha20 for systems that lack this support]]> 2024-10-24T22:08:00+00:00 https://thehackernews.com/2024/10/new-qilinb-ransomware-variant-emerges.html www.secnews.physaphae.fr/article.php?IdArticle=8601585 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of ransomware attacks designed to exfiltrate victim data and upload them to S3 buckets under their control. "Attempts were made to disguise the Golang ransomware as the notorious LockBit ransomware," Trend Micro researchers Jaromir Horejsi and Nitesh Surana said. "However, such is]]> 2024-10-23T15:00:00+00:00 https://thehackernews.com/2024/10/ransomware-gangs-use-lockbits-fame-to.html www.secnews.physaphae.fr/article.php?IdArticle=8601393 False Ransomware,Threat,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain. "The group under review has a toolkit that includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, and others,"]]> 2024-10-19T13:09:00+00:00 https://thehackernews.com/2024/10/crypt-ghouls-targets-russian-firms-with.html www.secnews.physaphae.fr/article.php?IdArticle=8600073 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called Cicada3301 after successfully gaining access to the group\'s affiliate panel on the dark web. Singapore-headquartered Group-IB said it contacted the threat actor behind the Cicada3301 persona on the RAMP cybercrime forum via the Tox messaging service after the latter put out an]]> 2024-10-17T19:24:00+00:00 https://thehackernews.com/2024/10/cross-platform-cicada3301-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8599247 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware. Cybersecurity vendor Sophos said it has been tracking a series of attacks in the past month leveraging compromised VPN credentials and CVE-2024-40711 to create a local account and deploy the ransomware. CVE-2024-40711, rated 9.8 out of 10.0 on the]]> 2024-10-14T14:25:00+00:00 https://thehackernews.com/2024/10/critical-veeam-vulnerability-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8597525 False Ransomware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new wave of international law enforcement actions has led to four arrests and the takedown of nine servers linked to the LockBit (aka Bitwise Spider) ransomware operation, marking the latest salvo against what was once a prolific financially motivated group. This includes the arrest of a suspected LockBit developer in France while on holiday outside of Russia, two individuals in the U.K. who]]> 2024-10-03T12:45:00+00:00 https://thehackernews.com/2024/10/lockbit-ransomware-and-evil-corp.html www.secnews.physaphae.fr/article.php?IdArticle=8591058 False Ransomware,Legislation None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack. "While the attackers didn\'t succeed in deploying ransomware on the networks of any of the organizations affected, it is likely that the attacks were financially motivated," Symantec, part of Broadcom, said in a]]> 2024-10-02T15:30:00+00:00 https://thehackernews.com/2024/10/andariel-hacker-group-shifts-focus-to.html www.secnews.physaphae.fr/article.php?IdArticle=8590379 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Imagine a sophisticated cyberattack cripples your organization\'s most critical productivity and collaboration tool - the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in Microsoft 365, holding it hostage using ransomware. Productivity grinds to a halt and your IT team races to assess the damage as the clock]]> 2024-09-30T16:00:00+00:00 https://thehackernews.com/2024/09/why-microsoft-365-protection-reigns-supreme.html www.secnews.physaphae.fr/article.php?IdArticle=8588782 False Ransomware,Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the U.S. to stage ransomware attacks. The multi-stage attack campaign is designed to compromise hybrid cloud environments and perform lateral movement from on-premises to cloud environment, ultimately resulting in data exfiltration, credential theft, tampering, persistent]]> 2024-09-27T16:41:00+00:00 https://thehackernews.com/2024/09/microsoft-identifies-storm-0501-as.html www.secnews.physaphae.fr/article.php?IdArticle=8586457 False Ransomware,Threat,Legislation,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware is no longer just a threat; it\'s an entire industry. Cybercriminals are growing more sophisticated, and their tactics are evolving rapidly. This persistent danger is a major concern for business leaders. But there\'s good news: you don\'t have to be defenseless. What if you could gain a strategic edge? Join our exclusive webinar, "Unpacking the 2024 Ransomware Landscape: Insights and]]> 2024-09-24T17:30:00+00:00 https://thehackernews.com/2024/09/discover-latest-ransomware-tactics-and.html www.secnews.physaphae.fr/article.php?IdArticle=8583774 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Until just a couple of years ago, only a handful of IAM pros knew what service accounts are. In the last years, these silent Non-Human-Identities (NHI) accounts have become one of the most targeted and compromised attack surfaces. Assessments report that compromised service accounts play a key role in lateral movement in over 70% of ransomware attacks. However, there\'s an alarming disproportion]]> 2024-09-19T23:04:00+00:00 https://thehackernews.com/2024/09/wherever-theres-ransomware-theres.html www.secnews.physaphae.fr/article.php?IdArticle=8579764 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity in healthcare has never been more urgent. As the most vulnerable industry and largest target for cybercriminals, healthcare is facing an increasing wave of cyberattacks. When a hospital\'s systems are held hostage by ransomware, it\'s not just data at risk - it\'s the care of patients who depend on life-saving treatments. Imagine an attack that forces emergency care to halt, surgeries]]> 2024-09-19T16:30:00+00:00 https://thehackernews.com/2024/09/healthcares-diagnosis-is-critical-cure.html www.secnews.physaphae.fr/article.php?IdArticle=8579572 False Ransomware,Medical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the U.S. The tech giant\'s threat intelligence team is tracking the activity under the name Vanilla Tempest (formerly DEV-0832). "Vanilla Tempest receives hand-offs from GootLoader infections by the threat actor Storm-0494,]]> 2024-09-19T15:42:00+00:00 https://thehackernews.com/2024/09/microsoft-warns-of-new-inc-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8579547 False Ransomware,Threat,Medical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses (SMBs) in Europe, Asia, Africa, and South America, while also likely working as an affiliate for RansomHub. "CosmicBeetle replaced its previously deployed ransomware, Scarab, with ScRansom, which is continually improved," ESET researcher Jakub]]> 2024-09-10T21:18:00+00:00 https://thehackernews.com/2024/09/cosmicbeetle-deploys-custom-scransom.html www.secnews.physaphae.fr/article.php?IdArticle=8574026 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation. "It appears that Cicada3301 ransomware primarily targets small to medium-sized businesses (SMBs), likely through opportunistic attacks that exploit vulnerabilities as the initial access vector," cybersecurity]]> 2024-09-03T18:46:00+00:00 https://thehackernews.com/2024/09/new-rust-based-ransomware-cicada3301.html www.secnews.physaphae.fr/article.php?IdArticle=8569102 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services,]]> 2024-09-02T19:03:00+00:00 https://thehackernews.com/2024/09/ransomhub-ransomware-group-targets-210.html www.secnews.physaphae.fr/article.php?IdArticle=8568551 False Ransomware,Threat,Medical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The FBI and CISA Issue Joint Advisory on New Threats and How to Stop Ransomware Note: on August 29, the FBI and CISA issued a joint advisory as part of their ongoing #StopRansomware effort to help organizations protect against ransomware. The latest advisory, AA24-242A, describes a new cybercriminal group and its attack methods. It also details three important actions to take today to mitigate]]> 2024-09-02T12:30:00+00:00 https://thehackernews.com/2024/09/next-generation-attacks-same-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8568372 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A comprehensive guide authored by Dean Parsons emphasizes the growing need for specialized ICS security measures in the face of rising cyber threats. With a staggering 50% increase in ransomware attacks targeting industrial control systems (ICS) in 2023, the SANS Institute is taking decisive action by announcing the release of its essential new strategy guide, "ICS Is the Business: Why Securing]]> 2024-08-30T11:49:00+00:00 https://thehackernews.com/2024/08/sans-institute-unveils-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8566682 False Ransomware,Industrial None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox Kitten, Lemon Sandstorm (formerly Rubidium), Parisite, and UNC757, which it described as connected to]]> 2024-08-29T17:12:00+00:00 https://thehackernews.com/2024/08/us-agencies-warn-of-iranian-hacking.html www.secnews.physaphae.fr/article.php?IdArticle=8566125 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections. "The BlackByte ransomware group continues to leverage tactics, techniques, and procedures (TTPs) that have formed the foundation of its tradecraft since its]]> 2024-08-28T15:51:00+00:00 https://thehackernews.com/2024/08/blackbyte-ransomware-exploits-vmware.html www.secnews.physaphae.fr/article.php?IdArticle=8565373 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascading consequences, cybersecurity firm Sophos said in a Thursday report. The attack, detected in July]]> 2024-08-23T15:54:00+00:00 https://thehackernews.com/2024/08/new-qilin-ransomware-attack-uses-vpn.html www.secnews.physaphae.fr/article.php?IdArticle=8562474 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware attacks. The vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that could lead to code execution. "Jenkins Command Line Interface (CLI) contains a]]> 2024-08-20T10:23:00+00:00 https://thehackernews.com/2024/08/cisa-warns-of-critical-jenkins.html www.secnews.physaphae.fr/article.php?IdArticle=8560647 False Ransomware,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response (EDR) software on compromised hosts, joining the likes of other similar programs like AuKill (aka AvNeutralizer) and Terminator. The EDR-killing utility has been dubbed EDRKillShifter by cybersecurity company Sophos, which discovered the tool in]]> 2024-08-15T16:15:00+00:00 https://thehackernews.com/2024/08/ransomhub-group-deploys-new-edr-killing.html www.secnews.physaphae.fr/article.php?IdArticle=8558115 False Ransomware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to "multiple intrusion attempts" with the goal of conducting credential theft and deploying a malware dropper called SystemBC. "The initial lure being utilized by the threat actors remains the same: an email bomb followed by an attempt to call impacted users and offer a fake solution,"]]> 2024-08-14T22:43:00+00:00 https://thehackernews.com/2024/08/black-basta-linked-attackers-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8557723 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A coalition of law enforcement agencies coordinated by the U.K. National Crime Agency (NCA) has led to the arrest and extradition of a Belarussian and Ukrainian dual-national believed to be associated with Russian-speaking cybercrime groups. Maksim Silnikau (aka Maksym Silnikov), 38, went by the online monikers J.P. Morgan, xxx, and lansky. He was extradited to the U.S. from Poland on August 9,]]> 2024-08-14T17:32:00+00:00 https://thehackernews.com/2024/08/belarusian-ukrainian-hacker-extradited.html www.secnews.physaphae.fr/article.php?IdArticle=8557592 False Ransomware,Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Traditionally, the focus has been on defending against digital threats such as malware, ransomware, and phishing attacks by detecting them and responding. However, as cyber threats become more sophisticated. There is a growing recognition of the importance of measures that stop new attacks before they are recognized. With high-value assets, it\'s not good enough to have the protection, it\'s]]> 2024-08-13T16:26:00+00:00 https://thehackernews.com/2024/08/why-hardsec-matters-from-protecting.html www.secnews.physaphae.fr/article.php?IdArticle=8556951 False Ransomware,Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Federal Bureau of Investigation (FBI) on Monday announced the disruption of online infrastructure associated with a nascent ransomware group called Dispossessor (aka Radar). The effort saw the dismantling of three U.S. servers, three United Kingdom servers, 18 German servers, eight U.S.-based criminal domains, and one German-based criminal domain. Dispossessor is said to be led by]]> 2024-08-13T14:34:00+00:00 https://thehackernews.com/2024/08/fbi-shuts-down-dispossessor-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8556889 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million. That\'s according to an updated advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). "BlackSuit actors have exhibited a willingness to negotiate payment amounts," the]]> 2024-08-08T11:43:00+00:00 https://thehackernews.com/2024/08/fbi-and-cisa-warn-of-blacksuit.html www.secnews.physaphae.fr/article.php?IdArticle=8553904 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "several" ransomware groups to gain elevated permissions and deploy file-encrypting malware. The attacks involve the exploitation of CVE-2024-37085 (CVSS score: 6.8), an Active Directory integration authentication bypass that allows an attacker to obtain administrative access to the host. "A]]> 2024-07-30T09:50:00+00:00 https://thehackernews.com/2024/07/vmware-esxi-flaw-exploited-by.html www.secnews.physaphae.fr/article.php?IdArticle=8547068 False Ransomware,Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world. "Rim Jong Hyok and his co-conspirators deployed]]> 2024-07-26T14:25:00+00:00 https://thehackernews.com/2024/07/us-doj-indicts-north-korean-hacker-for.html www.secnews.physaphae.fr/article.php?IdArticle=8544659 False Ransomware,Medical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. Google-owned Mandiant is tracking the activity cluster under a new moniker APT45, which overlaps with names such as Andariel, Nickel Hyatt,]]> 2024-07-25T19:38:00+00:00 https://thehackernews.com/2024/07/north-korean-hackers-shift-from-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8544172 False Ransomware,Threat APT 15 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt) that\'s designed to target VMWare ESXi environments. "This development suggests that the group could be broadening its attacks across the Linux platform, leading to an expanded victim pool and more successful ransom negotiations," Trend Micro researchers said in a]]> 2024-07-22T09:26:00+00:00 https://thehackernews.com/2024/07/new-linux-variant-of-play-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8541807 False Ransomware,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Law enforcement officials in the U.K. have arrested a 17-year-old boy from Walsall who is suspected to be a member of the notorious Scattered Spider cybercrime syndicate. The arrest was made "in connection with a global cyber online crime group which has been targeting large organizations with ransomware and gaining access to computer networks," West Midlands police said. "The arrest is part of]]> 2024-07-20T09:58:00+00:00 https://thehackernews.com/2024/07/17-year-old-linked-to-scattered-spider.html www.secnews.physaphae.fr/article.php?IdArticle=8540697 False Ransomware,Legislation None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two Russian nationals have pleaded guilty in a U.S. court for their participation as affiliates in the LockBit ransomware scheme and helping facilitate ransomware attacks across the world. The defendants include Ruslan Magomedovich Astamirov, 21, of Chechen Republic, and Mikhail Vasiliev, 34, a dual Canadian and Russian national of Bradford, Ontario. Astamirov was arrested in Arizona by U.S. law]]> 2024-07-19T18:00:00+00:00 https://thehackernews.com/2024/07/two-russian-nationals-plead-guilty-in.html www.secnews.physaphae.fr/article.php?IdArticle=8540254 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a tool known to be used by ransomware groups like Black Basta. "AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, has been marketed in the criminal underground and used by multiple]]> 2024-07-17T16:03:00+00:00 https://thehackernews.com/2024/07/fin7-group-advertises-security.html www.secnews.physaphae.fr/article.php?IdArticle=8538807 False Ransomware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that\'s known for its sophisticated social engineering schemes to breach targets and establish persistence for follow-on exploitation and data theft. It also has a history of]]> 2024-07-17T11:20:00+00:00 https://thehackernews.com/2024/07/scattered-spider-adopts-ransomhub-and.html www.secnews.physaphae.fr/article.php?IdArticle=8538650 False Ransomware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new obfuscation techniques to deter analysis efforts. "Unlike previous versions, HardBit Ransomware group enhanced the version 4.0 with passphrase protection," Cybereason researchers Kotaro Ogino and Koshi Oyama said in an analysis. "The passphrase needs to be provided during]]> 2024-07-15T10:40:00+00:00 https://thehackernews.com/2024/07/new-hardbit-ransomware-40-uses.html www.secnews.physaphae.fr/article.php?IdArticle=8537331 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities. Initial access to the target]]> 2024-07-10T18:36:00+00:00 https://thehackernews.com/2024/07/new-ransomware-group-exploiting-veeam.html www.secnews.physaphae.fr/article.php?IdArticle=8534322 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) It\'s the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in APT and top cybercrime groups only, to a commodity skill used in almost every ransomware attack. The]]> 2024-07-10T16:30:00+00:00 https://thehackernews.com/2024/07/true-protection-or-false-promise.html www.secnews.physaphae.fr/article.php?IdArticle=8534219 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said. The cybersecurity firm, which infiltrated the ransomware group, noted that its]]> 2024-07-08T18:45:00+00:00 https://thehackernews.com/2024/07/new-ransomware-as-service-eldorado.html www.secnews.physaphae.fr/article.php?IdArticle=8532852 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Events like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024 – barely raise public eyebrows anymore.  Yet businesses, and the people that lead them, are justifiably jittery. Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike. And when the inevitable CISO/Board briefing rolls]]> 2024-07-08T16:30:00+00:00 https://thehackernews.com/2024/07/5-key-questions-cisos-must-ask.html www.secnews.physaphae.fr/article.php?IdArticle=8532762 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Identity theft isn\'t just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware attacks, lateral movement, and devastating data breaches. Don\'t be caught off guard. Join us for a groundbreaking webinar that will change the way you approach cybersecurity.]]> 2024-07-05T18:00:00+00:00 https://thehackernews.com/2024/07/webinar-alert-learn-how-itdr-solutions.html www.secnews.physaphae.fr/article.php?IdArticle=8531136 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The cybersecurity threat landscape has witnessed a dramatic and alarming rise in the average ransomware payment, an increase exceeding 500%. Sophos, a global leader in cybersecurity, revealed in its annual "State of Ransomware 2024" report that the average ransom payment has increased 500% in the last year with organizations that paid a ransom reporting an average payment of $2 million, up from]]> 2024-07-02T16:30:00+00:00 https://thehackernews.com/2024/07/how-mfa-failures-are-fueling-500-surge.html www.secnews.physaphae.fr/article.php?IdArticle=8529434 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat\'s transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates]]> 2024-06-27T20:01:00+00:00 https://thehackernews.com/2024/06/rust-based-p2pinfect-botnet-evolves.html www.secnews.physaphae.fr/article.php?IdArticle=8526611 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023. While one cluster of activity has been associated with the ChamelGang (aka CamoFei), the second cluster overlaps with activity previously attributed to Chinese and North Korean]]> 2024-06-26T15:43:00+00:00 https://thehackernews.com/2024/06/chinese-and-n-korean-hackers-target.html www.secnews.physaphae.fr/article.php?IdArticle=8525921 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and Conti ransomware groups. The unnamed 28-year-old native of the Kharkiv region allegedly specialized in the development of crypters to encrypt and obfuscate malicious payloads in order to evade detection by security programs. The product is believed to have been]]> 2024-06-13T13:35:00+00:00 https://thehackernews.com/2024/06/ukraine-police-arrest-suspect-linked-to.html www.secnews.physaphae.fr/article.php?IdArticle=8517167 False Ransomware,Legislation None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as a zero-day, according to new findings from Symantec. The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an elevation of privilege bug in the Windows Error Reporting Service that could be exploited to achieve]]> 2024-06-12T16:41:00+00:00 https://thehackernews.com/2024/06/black-basta-ransomware-may-have.html www.secnews.physaphae.fr/article.php?IdArticle=8517172 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here\'s the shocking truth: many of these attacks could have been prevented with basic cyber hygiene. Are you ready to transform your]]> 2024-06-07T21:27:00+00:00 https://thehackernews.com/2024/06/ultimate-cyber-hygiene-guide-learn-how.html www.secnews.physaphae.fr/article.php?IdArticle=8514758 False Ransomware None 3.0000000000000000