This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-11T13:03:28+00:00 www.secnews.physaphae.fr Recorded Future - FLux Recorded Future 2024-05-10T22:26:06+00:00 https://therecord.media/black-basta-ransomware-alert-healthcare-fbi-cisa-hhs www.secnews.physaphae.fr/article.php?IdArticle=8497477 False Ransomware None None Bleeping Computer - Magazine Américain Ascension, a major U.S. healthcare network, is diverting ambulances from several hospitals due to a suspected ransomware attack that has been causing clinical operation disruptions and system outages since Wednesday. [...]]]> 2024-05-10T14:51:56+00:00 https://www.bleepingcomputer.com/news/security/healthcare-giant-ascension-redirects-ambulances-after-suspected-Black-Basta-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8497369 False Ransomware,Medical None None Recorded Future - FLux Recorded Future 2024-05-10T12:14:56+00:00 https://therecord.media/uk-ico-ransomware-cyberattacks-data-2023 www.secnews.physaphae.fr/article.php?IdArticle=8497193 False Ransomware None 3.0000000000000000 Bleeping Computer - Magazine Américain ​The Ohio Lottery is sending data breach notification letters to over 538,000 individuals affected by a cyberattack that hit the organization\'s systems on Christmas Eve. [...]]]> 2024-05-10T11:38:32+00:00 https://www.bleepingcomputer.com/news/security/ohio-lottery-ransomware-attack-impacts-over-538-000-individuals/ www.secnews.physaphae.fr/article.php?IdArticle=8497282 False Ransomware None None knowbe4 - cybersecurity services Boeing récemmenta confirmé qu'en octobre 2023, il a été victime d'une attaque du Gang de ransomware de Lockbit, qui a perturbé certaines de ses parties et opérations de distribution.Les attaquants ont demandé à 200 millions de dollars de ne pas publier les données qu'ils avaient exfiltrées.

---

Boeing recently confirmed that in October 2023, it fell victim to an attack by the LockBit ransomware gang, which disrupted some of its parts and distribution operations. The attackers demanded a whopping $200 million not to release the data they had exfiltrated.]]> 2024-05-10T10:49:49+00:00 https://blog.knowbe4.com/must-read-how-boeing-battled-a-whopping-200m-ransomware-demand www.secnews.physaphae.fr/article.php?IdArticle=8497136 False Ransomware None 5.0000000000000000 SecurityWeek - Security News La cyberattaque de loterie de l'Ohio menée par le groupe de ransomware Dragonforce a eu un impact sur plus de 500 000 personnes.

---

>The Ohio Lottery cyberattack conducted by the DragonForce ransomware group has impacted more than 500,000 individuals. ]]> 2024-05-10T09:37:40+00:00 https://www.securityweek.com/500000-impacted-by-ohio-lottery-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8497138 False Ransomware None 3.0000000000000000 Dark Reading - Informationweek Branch The city is still investigating the attack, and neither the group nor city officials have offered details about the ransomware demands.]]> 2024-05-09T18:11:54+00:00 https://www.darkreading.com/cyberattacks-data-breaches/lockbit-claims-wichita-as-its-victim-two-days-after-ransomware-attack www.secnews.physaphae.fr/article.php?IdArticle=8496734 False Ransomware None 3.0000000000000000 SecurityWeek - Security News Le groupe de cybercrimes Lockbit a pris le crédit de la récente attaque de ransomwares qui a perturbé la ville de Wichita Systems.

---

>The LockBit cybercrime group has taken credit for the recent ransomware attack that disrupted City of Wichita systems. ]]> 2024-05-09T13:31:44+00:00 https://www.securityweek.com/lockbit-takes-credit-for-city-of-wichita-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8496583 False Ransomware None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Les chercheurs ont récemment identifié un pic dans les attaques AndroxGH0st, un Troie qui cible les plates-formes Windows, Mac et Linux, qui l'ont vu sauter directement à la deuxième place de la liste des logiciels malveillants.Pendant ce temps, Lockbit3 reste étroitement le premier groupe de ransomwares, malgré une réduction de sa prévalence, notre dernier indice de menace mondial pour avril 2024 SAW, les chercheurs ont révélé une augmentation significative de l'utilisation des attaques AndroxGH0st, le malware étant utilisé comme un outil pour voler des informations sensibles à l'aidebotnets.Parallèlement, Lockbit3 est resté le groupe de ransomware le plus répandu en avril, malgré une baisse de 55% de son taux de détection depuis le début [& # 8230;]

---

>Researchers recently identified a spike in Androxgh0st attacks, a Trojan that targets Windows, Mac and Linux platforms, which saw it jump straight into second place in the top malware list. Meanwhile, LockBit3 narrowly remains the top ransomware group, despite a reduction in its prevalence Our latest Global Threat Index for April 2024 saw researchers revealed a significant increase in the use of Androxgh0st attacks, with the malware being used as a tool for stealing sensitive information using botnets. Meanwhile, LockBit3 remained the most prevalent ransomware group in April, despite a 55% drop in its rate of detection since the beginning […] ]]> 2024-05-09T13:00:21+00:00 https://blog.checkpoint.com/security/april-2024s-most-wanted-malware-surge-in-androxgh0st-attacks-and-the-decline-of-lockbit3/ www.secnews.physaphae.fr/article.php?IdArticle=8496582 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 Global Security Mag - Site de news francais opinion

---

To pay or not to pay? Companies need help facing ransomware attacks. By James Watts, Managing Director at Databarracks - Opinion]]> 2024-05-09T08:19:57+00:00 https://www.globalsecuritymag.fr/to-pay-or-not-to-pay-companies-need-help-facing-ransomware-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8496458 False Ransomware None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-09T00:49:06+00:00 https://community.riskiq.com/article/1f1ae96f www.secnews.physaphae.fr/article.php?IdArticle=8496261 False Ransomware,Malware,Tool,Threat,Prediction,Cloud None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Cette tentative a été l'une des multiples demandes de rançon «extrêmement importantes» faites par Lockbit au fil des ans, ont déclaré les autorités.

---

>That attempt was one of multiple “extremely large” ransom demands made by LockBit over the years, authorities said. ]]> 2024-05-08T23:22:22+00:00 https://cyberscoop.com/boeing-confirms-attempted-200-million-ransomware-extortion-attempt/ www.secnews.physaphae.fr/article.php?IdArticle=8496214 False Ransomware None 3.0000000000000000 Global Security Mag - Site de news francais nouvelles commerciales

---

Semperis Expands Collaboration with Veritas to Further Reduce Risk of Successful Ransomware Extortion Enhanced solution integration identifies and closes dangerous attack paths to business-critical data, advancing the shared mission to provide comprehensive cyber resilience. - Business News]]> 2024-05-08T21:24:46+00:00 https://www.globalsecuritymag.fr/semperis-expands-collaboration-with-veritas.html www.secnews.physaphae.fr/article.php?IdArticle=8496176 False Ransomware None 3.0000000000000000 Bleeping Computer - Magazine Américain The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City\'s authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation. [...]]]> 2024-05-08T12:16:36+00:00 https://www.bleepingcomputer.com/news/security/city-of-wichita-breach-claimed-by-lockbit-ransomware-gang/ www.secnews.physaphae.fr/article.php?IdArticle=8496023 False Ransomware None 3.0000000000000000 SecurityWeek - Security News La société immobilière basée à Philadelphie, Brandywine Realty Trust, arrête les systèmes après une attaque de ransomware.

---

>Philadelphia-based real estate company Brandywine Realty Trust shuts down systems following a ransomware attack. ]]> 2024-05-08T11:40:39+00:00 https://www.securityweek.com/brandywine-realty-trust-hit-by-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8495905 False Ransomware None 3.0000000000000000 Kaspersky - Kaspersky Research blog As Anti-Ransomware Day approaches, Kaspersky shares insights into the ransomware threat landscape and trends in 2023, and recent anti-ransomware activities by governments and law enforcement.]]> 2024-05-08T10:00:40+00:00 https://securelist.com/state-of-ransomware-2023/112590/ www.secnews.physaphae.fr/article.php?IdArticle=8495815 False Ransomware,Threat,Legislation None 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

97% of Organizations Hit by Ransomware Worked with Law Enforcement, Sophos State of Ransomware Report Finds by Sophos - Special Reports]]> 2024-05-08T08:19:06+00:00 https://www.globalsecuritymag.fr/97-of-organizations-hit-by-ransomware-worked-with-law-enforcement-sophos-state.html www.secnews.physaphae.fr/article.php?IdArticle=8495804 False Ransomware,Studies,Legislation None 4.0000000000000000 ProofPoint - Cyber Firms 2024-05-08T06:00:27+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/spoofed-email-greater-impersonation-risk www.secnews.physaphae.fr/article.php?IdArticle=8495932 False Ransomware,Malware,Tool,Threat,Cloud None 3.0000000000000000 DarkTrace - DarkTrace: AI bases detection Discover the impact of the EKANS ransomware attack on Honda\'s global operations & the importance of a cohesive security strategy in the OT world. Read more.]]> 2024-05-08T04:03:25+00:00 https://darktrace.com/blog/what-the-ekans-ransomware-attack-reveals-about-the-future-of-ot-cyber-attacks www.secnews.physaphae.fr/article.php?IdArticle=8495654 False Ransomware,Industrial None 3.0000000000000000 The Register - Site journalistique Anglais \'I\'m blown away by the fact that they weren\'t using MFA\' Interview  The cybersecurity practices that led up to the stunning Change Healthcare ransomware infection indicate "egregious negligence" on the part of parent company UnitedHealth, according to Tom Kellermann, SVP of cyber strategy at Contrast Security.…]]> 2024-05-08T02:58:12+00:00 https://go.theregister.com/feed/www.theregister.com/2024/05/08/unitedhealths_egregious_negligence/ www.secnews.physaphae.fr/article.php?IdArticle=8495628 False Ransomware,Medical None 3.0000000000000000 Techworm - News Lockbit a fait des ravages à travers le monde, entraînant près de 500 millions de dollars en rançon. Enfin, son créateur Dmitry Khoroshev, alias Lockbitsupp, est identifié par NCA, FBI et International Partners comme faisant partie de l'opération Cronos Taskforce. Khoroshev a apprécié l'anonymat mais il n'a pas duré longtemps.Le Créateur de Lockbit était si confiant de son secret qu'il a offert 10 millions de dollars à quiconque a révélé son identité. ]]> 2024-05-07T23:33:17+00:00 https://www.techworm.net/2024/05/lockbit-ransomware-creator-face-revealed.html www.secnews.physaphae.fr/article.php?IdArticle=8495396 False Ransomware,Legislation,Medical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev. In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S. Department of the Treasury\'s Office of Foreign Assets Control (]]> 2024-05-07T21:19:00+00:00 https://thehackernews.com/2024/05/russian-hacker-dmitry-khoroshev.html www.secnews.physaphae.fr/article.php?IdArticle=8495312 False Ransomware None 4.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism The US places a $10 million bounty for the arrest of Dmitry Yuryevich Khoroshev.]]> 2024-05-07T19:34:00+00:00 https://arstechnica.com/?p=2022656 www.secnews.physaphae.fr/article.php?IdArticle=8495430 False Ransomware None 3.0000000000000000 HackRead - Chercher Cyber Par waqas Dans un coup dur pour les ransomwares, les forces de l'ordre internationales ont démasqué Dmitry Yuryevich Khoroshev, leader du ransomware de Lockbit.Découvrez le retrait, les sanctions imposées et l'avenir de Lockbit dans une époque post-Khoroshev. Ceci est un article de HackRead.com Lire le post original: Feds démasque le leader du ransomware de verrouillage comme dmitry yuryevich khorosev

---

>By Waqas In a major blow to ransomware, international law enforcement has unmasked Dmitry Yuryevich Khoroshev, the leader of LockBit ransomware. Learn about the takedown, sanctions imposed, and the future of LockBit in a post-Khoroshev era. This is a post from HackRead.com Read the original post: Feds Unmask LockBit Ransomware Leader as Dmitry Yuryevich Khoroshev]]> 2024-05-07T18:05:03+00:00 https://www.hackread.com/lockbit-ransomware-leader-dmitry-yuryevich-khoroshev/ www.secnews.physaphae.fr/article.php?IdArticle=8495378 False Ransomware,Legislation None 4.0000000000000000 Krebs on Security - Chercheur Américain The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev as the gang\'s leader "LockbitSupp," and charged him with using Lockbit to attack more than 2,000 victims and extort at least $100 million in ransomware payments.]]> 2024-05-07T17:36:14+00:00 https://krebsonsecurity.com/2024/05/u-s-charges-russian-man-as-boss-of-lockbit-ransomware-group/ www.secnews.physaphae.fr/article.php?IdArticle=8495379 False Ransomware None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les risques d'infrastructure critique en évolution, les ransomwares, l'exploitation de la chaîne d'approvisionnement, les logiciels espions commerciaux et l'IA étaient les principales tendances, a rapporté le bureau.

---

>Evolving critical infrastructure risks, ransomware, supply chain exploitation, commercial spyware and AI were the top trends, the office reported. ]]> 2024-05-07T16:02:27+00:00 https://cyberscoop.com/oncd-report-fundamental-transformation-in-cyber-tech-drove-2023-risks/ www.secnews.physaphae.fr/article.php?IdArticle=8495308 False Ransomware,Commercial None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Dmitry Yuryevich Khoroshev est le moteur de l'un des syndicats de ransomware les plus virulents de ces dernières années, ont déclaré les autorités.

---

>Dmitry Yuryevich Khoroshev is the driving force behind one of the most virulent ransomware syndicates in recent years, authorities said. ]]> 2024-05-07T15:30:23+00:00 https://cyberscoop.com/us-uk-authorities-unmask-russian-national-as-lockbit-administrator/ www.secnews.physaphae.fr/article.php?IdArticle=8495309 False Ransomware None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Online payment systems, such as those for water bills and court citations, are still offline]]> 2024-05-07T15:30:00+00:00 https://www.infosecurity-magazine.com/news/ransomware-strikes-wichita-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8495319 False Ransomware None 3.0000000000000000 Dark Reading - Informationweek Branch The city was forced to shut down its IT networks and continues to investigate a major cyber incident that happened over the weekend.]]> 2024-05-07T15:24:12+00:00 https://www.darkreading.com/cyberattacks-data-breaches/numerous-public-services-ransomware-attack-city-wichita www.secnews.physaphae.fr/article.php?IdArticle=8495317 False Ransomware None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Pendant ce temps, la technologie progresse à un rythme effréné, tout comme les risques posés par les cybermenaces.Le rapport FUTURESTM de niveau 2024 révèle cet acte d'équilibrage délicat entre l'innovation et la sécurité.Nous avons examiné l'ensemble des problèmes commerciaux impliqués dans la résilience cyber et de cybersécurité et découvert le leadership exécutif et le leadership technique ont des opportunités pour un alignement beaucoup plus profond. Obtenez votre copie gratuite du rapport. & nbsp; La quête insaisissable de la cyber-résilience. Imaginez un monde où les entreprises sont imperméables aux cybermenaces & mdash; un monde où chaque aspect d'une organisation est sauvegardé contre les perturbations potentielles.C'est l'idéal élevé de la cyber-résilience, mais pour de nombreuses entreprises, elle reste un objectif insaisissable.L'évolution rapide de l'informatique a transformé le paysage informatique, brouillant les lignes entre les logiciels propriétaires et open-source, les systèmes hérités, les initiatives de transformation numérique du cloud computing.Bien que ces progrès apportent des avantages indéniables, ils introduisent également des risques sans précédent. Selon nos recherches, 85% des leaders informatiques reconnaissent que l'innovation informatique a le prix d'un risque accru.Dans un monde où les cybercriminels deviennent de plus en plus sophistiqués, le besoin de cyber-résilience n'a jamais été aussi urgent.Des attaques de ransomwares massives aux incidents DDOS débilitants, les entreprises opèrent dans un climat où une seule cyber violation peut avoir des conséquences catastrophiques. Exploration de la relation entre le leadership exécutif et la cyber-résilience. Notre enquête auprès de 1 050 C-suite et cadres supérieurs comprenait 18 pays et sept industries: énergie et services publics, services financiers, soins de santé, fabrication, commerce de détail, transport et SLED américain (État, gouvernement local et enseignement supérieur).Dans les prochains mois, nous publierons un rapport vertical pour chaque marché.Ce rapport Landmark a été conçu pour aider les organisations à commencer à parler plus de manière réfléchie des vulnérabilités et des opportunités d'amélioration. Dans le rapport, vous & rsquo; ll: Découvrez pourquoi les chefs d'entreprise et les chefs de technologie ont besoin de hiérarchiser la cyber-résilience. découvrez les obstacles critiques à la cyber-résilience. Découvrez les défis concernant la résilience de la cybersécurité. ]]> 2024-05-07T12:05:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/2024-cyber-resilience-research-reveals-a-complex-terrain www.secnews.physaphae.fr/article.php?IdArticle=8496672 False Ransomware,Vulnerability,Medical,Cloud,Technical None 3.0000000000000000 Global Security Mag - Site de news francais actualités du marché

---

MSP CloudReso selects Cubbit\'s hyper-resilient DS3 distributed cloud to achieve data security and 30% savings on storage costs With Cubbit DS3, French-based MSP CloudReso can offer unprecedented data sovereignty, geographical resilience, and ransomware protection - Market News]]> 2024-05-07T11:41:03+00:00 https://www.globalsecuritymag.fr/cloudreso-selects-cubbit-s-hyper-resilient-ds3-distributed-cloud-to-achieve.html www.secnews.physaphae.fr/article.php?IdArticle=8495199 False Ransomware,Cloud None 2.0000000000000000 The Register - Site journalistique Anglais Crims SIM swap execs\' kids to freak out their parents, Mandiant CTO says RSAC  Ransomware infections and extortion attacks have become "a psychological attack against the victim organization," as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant.…]]> 2024-05-07T02:10:30+00:00 https://go.theregister.com/feed/www.theregister.com/2024/05/07/ransomware_evolves_from_mere_extortion/ www.secnews.physaphae.fr/article.php?IdArticle=8494948 False Ransomware None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A new Chainalysis report showed that recent law enforcement operations have pushed ransomware affiliates to increasingly use multiple strains in order to stay afloat]]> 2024-05-06T20:00:00+00:00 https://www.infosecurity-magazine.com/news/law-enforcement-takedowns/ www.secnews.physaphae.fr/article.php?IdArticle=8494777 False Ransomware,Legislation None 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-06T17:05:52+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/malicious-links-stop-url-based-attacks-before-they-start www.secnews.physaphae.fr/article.php?IdArticle=8494490 False Ransomware,Threat None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-06T16:26:54+00:00 https://community.riskiq.com/article/157eab98 www.secnews.physaphae.fr/article.php?IdArticle=8494726 False Ransomware,Malware,Tool,Vulnerability,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-05-06T11:46:15+00:00 https://therecord.media/wichita-kansas-government-ransomware-attack www.secnews.physaphae.fr/article.php?IdArticle=8494572 False Ransomware None 2.0000000000000000 Bleeping Computer - Magazine Américain The City of Wichita, Kansas, disclosed it was forced to shut down portions of its network after suffering a weekend ransomware attack. [...]]]> 2024-05-06T10:34:36+00:00 https://www.bleepingcomputer.com/news/security/city-of-wichita-shuts-down-it-network-after-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8494656 False Ransomware None 2.0000000000000000 SecurityWeek - Security News La ville de Wichita, au Kansas, a fermé son réseau après avoir été victime d'une attaque de ransomware qui résidait au fichier.

---

>The City of Wichita, Kansas, has shut down its network after falling victim to a file-encrypting ransomware attack. ]]> 2024-05-06T09:00:53+00:00 https://www.securityweek.com/city-of-wichita-shuts-down-network-following-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8494493 False Ransomware None 2.0000000000000000 ProofPoint - Cyber Firms 2024-05-06T07:54:03+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/genai-powering-latest-surge-modern-email-threats www.secnews.physaphae.fr/article.php?IdArticle=8494488 False Ransomware,Data Breach,Tool,Vulnerability,Threat ChatGPT 3.0000000000000000 Bleeping Computer - Magazine Américain The NCA, FBI, and Europol have revived a seized LockBit ransomware data leak site to hint at new information being revealed by law enforcement this Tuesday. [...]]]> 2024-05-06T07:06:12+00:00 https://www.bleepingcomputer.com/news/security/lockbits-seized-site-comes-alive-to-tease-new-police-announcements/ www.secnews.physaphae.fr/article.php?IdArticle=8494657 False Ransomware,Legislation None 3.0000000000000000 ProofPoint - Cyber Firms 2024-05-06T05:52:32+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/email-security-now-redefined-adaptive-threat-protection-capabilities www.secnews.physaphae.fr/article.php?IdArticle=8494489 False Ransomware,Malware,Threat,Conference None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Les environnements industriels sont confrontés à une menace croissante des logiciels malveillants et des attaques de ransomwares, posant des risques importants à l'infrastructure critique, à la fabrication ...

---

>Industrial environments face a growing threat from malware and ransomware attacks, posing significant risks to critical infrastructure, manufacturing... ]]> 2024-05-05T06:13:39+00:00 https://industrialcyber.co/features/growing-threat-of-malware-and-ransomware-attacks-continues-to-put-industrial-environments-at-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8493927 False Ransomware,Malware,Threat,Industrial None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot Cybersecurity professionals at GBHackers have discovered a series of cyberattacks targeting poorly managed Microsoft SQL (MS-SQL) servers to install Mallox Ransomware on systems. **Read more about Microsoft\'s coverage for [Mallox Ransomware here.](https://sip.security.microsoft.com/intel-profiles/7fbe39c998c8a495a1652ac6f8bd34852c00f97dc61278cafc56dca1d443131e)** ## Description The threat actor group\'s modus operandi involves exploiting vulnerabilities in improperly managed MS-SQL servers. By employing brute force and dictionary attacks, the attackers gain unauthorized access, primarily targeting the SA (System Administrator) account.  Once inside, they deploy the Remcos Remote Access Tool (RAT) to take control of the infected system. Remcos RAT, initially used for system breach and control, has been repurposed by attackers for malicious activities, featuring capabilities such as keylogging, screenshot capture, and control over webcams and microphones.  Additionally, a custom-made remote screen control malware is deployed, allowing attackers to gain access to the infected system using the AnyDesk ID obtained from the command and control server. Mallox ransomware, known for targeting MS-SQL servers, was then installed to encrypt the system.  Mallox ransomware, utilizes AES-256 and SHA-256 encryption algorithms, appending a ".rmallox" extension to encrypted files. The attack patterns observed in this campaign bear a striking resemblance to ]]> 2024-05-03T20:14:15+00:00 https://community.riskiq.com/article/f5f3ecc6 www.secnews.physaphae.fr/article.php?IdArticle=8493202 False Ransomware,Malware,Tool,Vulnerability,Threat,Technical None 3.0000000000000000 Dark Reading - Informationweek Branch Charges against the ransomware gang member included damage to computers, conspiracy to commit fraud, and conspiracy to commit money laundering.]]> 2024-05-03T18:04:14+00:00 https://www.darkreading.com/cybersecurity-operations/revil-affiliate-jail-multimillion-dollar-ransomware-scheme www.secnews.physaphae.fr/article.php?IdArticle=8493105 False Ransomware None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Organizations that fall victim to a ransomware attack are often caught between a rock and a hard place, grappling with the dilemma of whether to pay up or not]]> 2024-05-03T14:59:04+00:00 https://www.welivesecurity.com/en/videos/ransomware-ransom-demands-week-security-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8493754 False Ransomware None 2.0000000000000000 Dark Reading - Informationweek Branch The new startup\'s SaaS platform claims to help organizations detect ransomware attacks faster than “traditional” methods and to recover within 24 hours.]]> 2024-05-02T22:10:42+00:00 https://www.darkreading.com/endpoint-security/mimic-launches-with-new-ransomeware-defense-platform www.secnews.physaphae.fr/article.php?IdArticle=8492963 False Ransomware,Cloud None 2.0000000000000000 Techworm - News cve-2023-7028 (Score CVSS: 10) permet à un acteur de menace de déclencher des e-mails de réinitialisation du mot de passe à envoyer des adresses e-mail arbitraires et non vérifiées, en fin de compte de reprise du compte sans interaction utilisateur. De plus, l'exploitation réussie de la vulnérabilité pourrait également conduire à des attaques de chaîne d'approvisionnement en insérant du code malveillant dans des environnements CI / CD (intégration continue / déploiement continu). Bien que ceux qui ont l'authentification à deux facteurs (2FA) activé sont vulnérables à la réinitialisation du mot de passe, ils ne sont cependant pas vulnérables à la prise de contrôle des comptes, car leur deuxième facteur d'authentification est requis pour se connecter. Par conséquent, il est essentiel de patcher les systèmes où les comptes ne sont pas protégés par cette mesure de sécurité supplémentaire. Le bogue CVE-2023-7028 découvert dans Gitlab Community Edition (CE) et Enterprise Edition (EE) affectent toutes les versions de 16.1 avant 16.1.6, 16.2 avant 16.2.9, 16.3 avant 16.3.7, 16.4Avant 16.4.5, 16.5 avant 16.5.6, 16.6 avant 16.6.4 et 16.7 avant 16.7.2. La faille a été traitée dans les versions Gitlab 16.7.2, 16.6.4 et 16.5.6, et les correctifs ont été recouverts aux versions 16.1.6, 16.2.9 et 16.3.7. gitLab a a dit Il n'a détecté aucun abus de vulnérabilité CVE-2023-7028 sur les plateformes gérées parGitLab, y compris Gitlab.com et GitLab Dédié des instances. Cependant, le service de surveillance des menaces, la ShadowServer Foundation, a trouvé plus de 5 300 cas de serveurs Gitlab exposés à des attaques de rachat de compte zéro clique en janvier (les correctifs de sécurité de la semaine ont été publiés), un nombre qui n'a diminué que de 55 seulement 55% à partir de mardi. La CISA a confirmé que la vulnérabilité CVE-2023-7028 était activement exploitée dans les attaques et a demandé aux agences fédérales américaines de sécuriser leurs systèmes jusqu'au 22 mai 2024, ou de supprimer l'utilisation du produit si les atténuations ne sont pas disponibles. ]]> 2024-05-02T19:13:15+00:00 https://www.techworm.net/2024/05/hackers-reset-gitlab-password-email.html www.secnews.physaphae.fr/article.php?IdArticle=8492431 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims. Yaroslav Vasinskyi (aka Rabotnik), 24, along with his co-conspirators part of the REvil ransomware group orchestrated more than 2,500 ransomware attacks and demanded ransom payments in]]> 2024-05-02T17:56:00+00:00 https://thehackernews.com/2024/05/ukrainian-revil-hacker-sentenced-to-13.html www.secnews.physaphae.fr/article.php?IdArticle=8492386 False Ransomware,Legislation None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-05-02T11:51:34+00:00 https://therecord.media/revil-ransomware-yaroslav-vasinskyi-prison-sentence www.secnews.physaphae.fr/article.php?IdArticle=8492355 False Ransomware None 2.0000000000000000 Bleeping Computer - Magazine Américain Yaroslav Vasinskyi, a Ukrainian national, was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution for his involvement in the REvil ransomware operation. [...]]]> 2024-05-02T10:44:23+00:00 https://www.bleepingcomputer.com/news/security/revil-hacker-behind-kaseya-ransomware-attack-gets-13-years-in-prison/ www.secnews.physaphae.fr/article.php?IdArticle=8492439 False Ransomware,Legislation None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A US court has sentenced a Ukrainian national to 13 years and seven months in prison for his role in over 2500 ransomware attacks using the REvil strain]]> 2024-05-02T10:00:00+00:00 https://www.infosecurity-magazine.com/news/revil-ransomware-affiliate/ www.secnews.physaphae.fr/article.php?IdArticle=8492296 False Ransomware,Legislation None 2.0000000000000000 AhnLab - Korean Security Firm While monitoring attacks targeting MS-SQL servers, AhnLab SEcurity intelligence Center (ASEC) recently identified cases of theTargetCompany Ransomware Group Installation du ransomware Mallox.Le groupe Ransomware TargetCompany cible principalement les serveurs MS-SQL mal gérés pour installer le ransomware Mallox.Bien que ces attaques soient en cours depuis plusieurs années, nous allons ici décrire la corrélation entre les logiciels malveillants nouvellement identifiés et les cas d'attaque antérieurs impliquant la distribution du Coinmin Tor2Mine et des ransomwares bluesky.Semblable aux cas précédents, cette attaque a ciblé mal ...

---

While monitoring attacks targeting MS-SQL servers, AhnLab SEcurity intelligence Center (ASEC) recently identified cases of the TargetCompany ransomware group installing the Mallox ransomware. The TargetCompany ransomware group primarily targets improperly managed MS-SQL servers to install the Mallox ransomware. While these attacks have been ongoing for several years, here we will outline the correlation between the newly identified malware and previous attack cases involving the distribution of the Tor2Mine CoinMiner and BlueSky ransomware. Similar to previous cases, this attack targeted improperly... ]]> 2024-05-02T00:15:52+00:00 https://asec.ahnlab.com/en/64921/ www.secnews.physaphae.fr/article.php?IdArticle=8492099 False Ransomware,Malware None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-05-01T20:56:45+00:00 https://community.riskiq.com/article/e27d7355 www.secnews.physaphae.fr/article.php?IdArticle=8492041 False Ransomware,Malware,Tool,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The data from ReliaQuest also suggests LockBit faced a significant setback due to law enforcement action]]> 2024-05-01T16:00:00+00:00 https://www.infosecurity-magazine.com/news/lockbit-black-basta-play/ www.secnews.physaphae.fr/article.php?IdArticle=8491902 False Ransomware,Legislation None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Ransomware activity down 18% Q1 2024 vs Q4 2023 - new ReliaQuest report - Special Reports]]> 2024-05-01T13:40:29+00:00 https://www.globalsecuritymag.fr/ransomware-activity-down-18-q1-2024-vs-q4-2023-new-reliaquest-report.html www.secnews.physaphae.fr/article.php?IdArticle=8491842 False Ransomware None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-05-01T13:14:15+00:00 https://therecord.media/ransomware-attack-costing-scottish-commune-million www.secnews.physaphae.fr/article.php?IdArticle=8491838 False Ransomware None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Comparitech found that 18% of ransomware incidents in the US led to a lawsuit in 2023, with 59% of completed lawsuits since 2018 proving successful]]> 2024-05-01T13:00:00+00:00 https://www.infosecurity-magazine.com/news/ransomware-attacks-trigger-lawsuit/ www.secnews.physaphae.fr/article.php?IdArticle=8491815 False Ransomware None 2.0000000000000000 Bleeping Computer - Magazine Américain The Hôpital de Cannes - Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0 ransomware gang, saying they refuse to pay the ransom. [...]]]> 2024-05-01T12:38:04+00:00 https://www.bleepingcomputer.com/news/security/french-hospital-chc-sv-refuses-to-pay-lockbit-extortion-demand/ www.secnews.physaphae.fr/article.php?IdArticle=8491932 False Ransomware None 2.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Ransomware Payments Increase 500% In the Last Year, Finds Sophos State of Ransomware Report Rate of Ransomware Attacks Falls Slightly, But Recovery Costs Hit $2.73 million - Special Reports]]> 2024-05-01T09:15:10+00:00 https://www.globalsecuritymag.fr/ransomware-payments-increase-500-in-the-last-year-finds-sophos-state-of.html www.secnews.physaphae.fr/article.php?IdArticle=8491740 False Ransomware None 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Ransomware attack on the $371 billion company hamstrung US prescription market.]]> 2024-04-30T20:44:58+00:00 https://arstechnica.com/?p=2020827 www.secnews.physaphae.fr/article.php?IdArticle=8491485 False Ransomware,Hack None 2.0000000000000000 The Register - Site journalistique Anglais Congress to hear how Citrix MFA snafu led to data theft, $870M+ loss UnitedHealth CEO Andrew Witty will tell US lawmakers Wednesday the cybercriminals who hit Change Healthcare with ransomware used stolen credentials to remotely access a Citrix portal that didn\'t have multi-factor authentication enabled.…]]> 2024-04-30T20:02:59+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/30/unitedhealth_ceo_ransom/ www.secnews.physaphae.fr/article.php?IdArticle=8491441 False Ransomware,Medical None 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-30T17:37:51+00:00 https://therecord.media/unitedhealth-group-change-healthcare-ransomware-congress www.secnews.physaphae.fr/article.php?IdArticle=8491397 False Ransomware,Legislation None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The first quarter of 2024 saw the most ransomware activity ever recorded, Corvus Insurance found in a new analysis]]> 2024-04-30T16:00:00+00:00 https://www.infosecurity-magazine.com/news/ransomware-rising-takedowns-corvus/ www.secnews.physaphae.fr/article.php?IdArticle=8491338 False Ransomware None 2.0000000000000000 Security Intelligence - Site de news Américain Vous vous inquiétez des ransomwares?Si c'est le cas, ce n'est pas surprenant.Selon le Forum économique mondial, pour les cyber-pertes importantes (& # 8364; 1 million +), le nombre de cas dans lesquels les données sont exfiltrées augmentent, double de 40% en 2019 à près de 80% en 2022. Et une activité plus récente estsuivi encore plus haut.Pendant ce temps, d'autres dangers apparaissent sur [& # 8230;]

---

>Worried about ransomware? If so, it’s not surprising. According to the World Economic Forum, for large cyber losses (€1 million+), the number of cases in which data is exfiltrated is increasing, doubling from 40% in 2019 to almost 80% in 2022. And more recent activity is tracking even higher. Meanwhile, other dangers are appearing on […] ]]> 2024-04-30T13:00:00+00:00 https://securityintelligence.com/articles/ai-cybersecurity-threat-detection-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8491273 False Ransomware None 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2024-04-30T11:50:17+00:00 https://www.globalsecuritymag.fr/la-france-fait-etat-du-plus-fort-taux-d-attaques-par-ransomware-en-2024-selon.html www.secnews.physaphae.fr/article.php?IdArticle=8491237 False Ransomware None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) ## Snapshot The DFIR report provides a detailed account of a sophisticated intrusion that began with a phishing campaign using PrometheusTDS to distribute IcedID malware in August 2023. ## Description The IcedID malware established persistence, communicated with C2 servers, and dropped a Cobalt Strike beacon, which was used for lateral movement, data exfiltration, and ransomware deployment. The threat actor also utilized a suite of tools such as Rclone, Netscan, Nbtscan, AnyDesk, Seatbelt, Sharefinder, and AdFind. The intrusion culminated in the deployment of Dagon Locker ransomware after 29 days. The threat actors employed various techniques to obfuscate the JavaScript file and the Cobalt Strike shellcode, evade detection, maintain persistence, and perform network enumeration activities. The threat actor\'s activities included the abuse of lateral movement functionalities such as PsExec and Remote Desktop Protocol (RDP), exfiltration of files, dumping and exfiltration of Windows Security event logs, and the use of PowerShell commands executed from the Cobalt Strike beacon. Additionally, the threat actor employed multiple exfiltration techniques, including the use of Rclone and AWS CLI to exfiltrate data from the compromised infrastructure. The deployment of the Dagon Locker ransomware was facilitated through the use of a custom PowerShell script, AWScollector, and a locker module, with a specific PowerShell command run from a domain controller to deploy the ransomware to different systems. The impact of this incident resulted in all systems being affected by the Dagon Locker ransomware. ## References [https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/](https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/)]]> 2024-04-29T20:07:15+00:00 https://community.riskiq.com/article/55e96eb8 www.secnews.physaphae.fr/article.php?IdArticle=8490876 False Ransomware,Malware,Tool,Threat,Technical None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-29T16:05:58+00:00 https://community.riskiq.com/article/aa388c3b www.secnews.physaphae.fr/article.php?IdArticle=8490778 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Industrial None 3.0000000000000000 Zataz - Magazine Francais de secu 2024-04-29T12:08:40+00:00 https://www.zataz.com/comment-proteger-active-directory-des-attaques-par-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8490645 False Ransomware None 2.0000000000000000 Dark Reading - Informationweek Branch The business intelligence servers contain vulnerabilities that Qlik patched last year, but which Cactus actors have been exploiting since November. Swathes of organizations have not yet been patched.]]> 2024-04-26T20:55:10+00:00 https://www.darkreading.com/cyber-risk/more-than-3-000-qlik-sense-servers-vuln-to-cactus-ransomware-attacks www.secnews.physaphae.fr/article.php?IdArticle=8489268 False Ransomware,Vulnerability None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-26T19:12:08+00:00 https://community.riskiq.com/article/2641df15 www.secnews.physaphae.fr/article.php?IdArticle=8489234 False Ransomware,Spam,Malware,Tool,Threat,Industrial,Cloud None 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-04-26T17:23:14+00:00 https://community.riskiq.com/article/ff848e92 www.secnews.physaphae.fr/article.php?IdArticle=8489191 False Ransomware,Malware,Tool,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine CISA\'s RVWP program sent 1754 ransomware vulnerability notifications to government and critical infrastructure entities in 2023, leading to 852 devices being secured]]> 2024-04-26T14:00:00+00:00 https://www.infosecurity-magazine.com/news/vulnerable-devices-secured-cisa/ www.secnews.physaphae.fr/article.php?IdArticle=8489083 False Ransomware,Vulnerability None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial La société de cybersécurité industrielle Dragos a identifié que les pirates ont ciblé des équipements de systèmes de contrôle industriel (ICS), avec l'ingénierie ...

---

>Industrial cybersecurity firm Dragos has identified that hackers have targeted industrial control systems (ICS) equipment, with the engineering... ]]> 2024-04-26T13:59:31+00:00 https://industrialcyber.co/threat-landscape/dragos-reports-decline-in-ransomware-attacks-on-industrial-sector-amid-law-enforcement-measures/ www.secnews.physaphae.fr/article.php?IdArticle=8489082 False Ransomware,Legislation,Industrial None 4.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-25T21:21:01+00:00 https://therecord.media/vulnerabilities-resolved-through-cisa-pilot www.secnews.physaphae.fr/article.php?IdArticle=8488734 False Ransomware,Vulnerability None 2.0000000000000000 Fortinet - Fabricant Materiel Securite The KageNoHitobito and DoNex are recent ransomware that are financially motivated, demanding payment from victims to decrypt files. Learn more.]]> 2024-04-25T15:00:00+00:00 https://www.fortinet.com/blog/threat-research/ransomware-roundup-keganohitobito-and-donex www.secnews.physaphae.fr/article.php?IdArticle=8488599 False Ransomware None 2.0000000000000000 Dragos - CTI Society Les informations fournies ici proviennent de chasseurs d'adversaires et d'analystes de la cyber-menace de l'intelligence et des analystes qui effectuent des recherches sur l'adversaire ... Le post Dragos Industrial Ransomware Analysis: T1 2024 = "https://www.dragos.com"> dragos .

---

>Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary... The post Dragos Industrial Ransomware Analysis: Q1 2024 first appeared on Dragos.]]> 2024-04-25T13:00:00+00:00 https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q1-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8488526 False Ransomware,Threat,Industrial None 3.0000000000000000 Global Security Mag - Site de news francais mise à jour malveillant

---

Trend Micro is releasing new threat research into 8Base, an active ransomware group that has been targeting SMBs to \'teach them a lesson\'. Europe is the second-most attacked region. - Malware Update]]> 2024-04-25T11:49:30+00:00 https://www.globalsecuritymag.fr/new-threat-intelligence-8base-ransomware-gang-teaching-smbs-a-lesson-trend.html www.secnews.physaphae.fr/article.php?IdArticle=8488506 False Ransomware,Threat,Prediction None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cyber threat intelligence provider Cyble found that DragonForce was using a ransomware binary based on LockBit Black\'s builder]]> 2024-04-25T11:00:00+00:00 https://www.infosecurity-magazine.com/news/dragonforce-ransomware-lockbit/ www.secnews.physaphae.fr/article.php?IdArticle=8488484 False Ransomware,Threat None 2.0000000000000000 The State of Security - Magazine Américain What\'s going on? A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not make as many headlines as LockBit , Rhysida , and BlackSuit , it still presents a serious threat to organizations. What\'s "junk gun" ransomware? It\'s a name coined by Sophos researchers for unsophisticated ransomware that is often sold cheaply as a one-time purchase. "Junk gun" ransomware is appealing to a criminal who wants to operate independently but lacks technical skills. Can you give some examples? Sure. The Kryptina ransomware was made available for sale in December...]]> 2024-04-25T10:03:58+00:00 https://www.tripwire.com/state-of-security/junk-gun-ransomware-cheap-new-threat-small-businesses www.secnews.physaphae.fr/article.php?IdArticle=8488572 False Ransomware,Threat,Technical None 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Le programme avertirait les organisations exécutant des logiciels ou du matériel avec des vulnérabilités exploitées par les gangs de ransomware.

---

>The program would warn organizations running software or hardware with vulnerabilities being exploited by ransomware gangs. ]]> 2024-04-24T22:15:35+00:00 https://cyberscoop.com/cisa-ransomware-warning-easterly/ www.secnews.physaphae.fr/article.php?IdArticle=8488237 False Ransomware,Vulnerability None 2.0000000000000000 CyberSecurityVentures - cybersecurity services Quelles sont les principales tendances des ransomwares aujourd'hui?& # 8211;Stephen Salinas, responsable du marketing de produit, stellaire Cyber San Jose, Californie & # 8211;24 avril 2024 Tout le monde se préoccupe des ransomwares depuis des années maintenant, mais le paysage change toujours, il est donc important de rester debout

---

>What are the major trends in ransomware today? – Stephen Salinas, Head of Product Marketing, Stellar Cyber San Jose, Calif. – Apr. 24, 2024 Everyone has been concerned with ransomware for years now, but the landscape is always changing, so it\'s important to stay up ]]> 2024-04-24T14:09:31+00:00 https://cybersecurityventures.com/an-mssp-shares-the-latest-in-ransomware-whats-up-and-what-to-do-about-it/ www.secnews.physaphae.fr/article.php?IdArticle=8488040 False Ransomware None 2.0000000000000000 RedCanary - Red Canary From ransomware and incident response to bug bounties and Backdoors & Breaches, we read the entire RSA agenda so you don\'t have to.]]> 2024-04-24T14:04:41+00:00 https://redcanary.com/blog/security-operations/rsa-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8491310 False Ransomware,Conference None 2.0000000000000000 RedCanary - Red Canary From ransomware and incident response to bug bounties and Backdoors & Breaches, we read the entire RSA agenda so you don\'t have to.]]> 2024-04-24T14:04:41+00:00 https://redcanary.com/blog/rsa-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8488003 False Ransomware,Conference None 2.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-24T11:50:27+00:00 https://therecord.media/sweden-ransomware-liquor-shortage-skanlog-systembolaget www.secnews.physaphae.fr/article.php?IdArticle=8487949 False Ransomware None 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

Global cybersecurity firm Performanta has revealed new insight into the role developing countries play in the ransomware ecosystem Performanta, the multinational cybersecurity firm specialising in helping companies move beyond security to achieve cyber safety, has uncovered a trend in how developing countries are being targeted by nation state actors. The firm\'s analysis explored the origins and characteristics of Medusa, a ransomware-as-a-service targeting organisations globally. The (...) - Special Reports]]> 2024-04-24T08:33:34+00:00 https://www.globalsecuritymag.fr/new-research-suggests-africa-is-being-used-as-a-testing-ground-for-nation-state.html www.secnews.physaphae.fr/article.php?IdArticle=8487871 False Ransomware,Prediction None 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux

---

New research from Netacea reveals 93% of security leaders expect to face daily AI-driven attacks by the end of this year. Ransomware and phishing attacks are expected to be enhanced by offensive AI, but bots remain an underestimated threat. All respondents are benefiting from AI in their security stack, but adoption of bot management is lagging behind Netacea, the bot detection and response specialist, today announced new research into the threat of AI-driven cyberattacks. It finds that (...) - Special Reports]]> 2024-04-24T08:17:02+00:00 https://www.globalsecuritymag.fr/ai-driven-cyber-attacks-to-be-the-norm-within-a-year-say-security-leaders.html www.secnews.physaphae.fr/article.php?IdArticle=8487873 False Ransomware,Threat None 3.0000000000000000 Global Security Mag - Site de news francais opinion

---

It\'s time to move on from our reliance on third-party tools built on easily exploited infrastructure At present, an overwhelming proportion of businesses are placing their sensitive data in the hands of third-party cloud tools that are plagued by a multitude of vulnerabilities. This is according to OmniIndex CEO and data security expert Simon Bain, who argues that businesses must embrace modern technologies or risk attacks, as ransomware attackers continually exploit third-party cloud (...) - Opinion]]> 2024-04-24T08:05:50+00:00 https://www.globalsecuritymag.fr/cloudy-with-a-chance-of-ransomware-third-party-cloud-tools-are-putting-you-at.html www.secnews.physaphae.fr/article.php?IdArticle=8487843 False Ransomware,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Targeted Geolocations - Ukraine - Estonia - Eastern Europe ## Snapshot WithSecure has published research about a backdoor called "Kapeka," tracked by Microsoft as "KnuckleTouch," used in attacks in Eastern Europe since mid-2022. Kapeka functions as a versatile backdoor, providing both initial toolkit capabilities and long-term access to victims. Its sophistication suggests involvement by an APT group. WithSecure links Kapeka to Sandworm, tracked by Microsoft as Seashell Blizzard, a notorious Russian nation-state threat group associated with the GRU known for destructive attacks in Ukraine. **Microsoft tracks Sandworm as Seashell Blizzard.** [Read more about Seashell Blizzard here.](https://sip.security.microsoft.com/intel-profiles/cf1e406a16835d56cf614430aea3962d7ed99f01ee3d9ee3048078288e5201bb) **Microsoft tracks Kapeka as KnuckleTouch. **[Read more about Knuckletouch here.](https://sip.security.microsoft.com/intel-profiles/cdbe72d9f5f1ee3b3f8cd4e78a4a07f76addafdcc656aa2234a8051e8415d282) ## Description Kapeka overlaps with GreyEnergy and Prestige ransomware attacks, all attributed to Sandworm. WithSecure assesses it\'s likely that Kapeka is a recent addition to Sandworm\'s arsenal. The malware\'s dropper installs the backdoor, collecting machine and user information for the threat actor. However, the method of Kapeka\'s distribution remains unknown. Kapeka\'s emergence coincides with the Russia-Ukraine conflict, suggesting targeted attacks across Central and Eastern Europe since 2022. It may have been involved in the deployment of Prestige ransomware in late 2022. Kapeka is speculated to succeed GreyEnergy in Sandworm\'s toolkit, possibly replacing BlackEnergy. ## References [https://labs.withsecure.com/publications/kapeka](https://labs.withsecure.com/publications/kapeka)]]> 2024-04-23T16:31:06+00:00 https://community.riskiq.com/article/364efa92 www.secnews.physaphae.fr/article.php?IdArticle=8487526 False Ransomware,Malware,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-23T16:25:57+00:00 https://therecord.media/substantial-data-theft-change-healthcare-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8487510 False Ransomware,Medical None 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2024-04-23T15:37:01+00:00 https://blog.knowbe4.com/global-optics-provider-hit-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8487479 False Ransomware None 3.0000000000000000 SecurityWeek - Security News UnitedHealth confirme que des informations personnelles et de santé ont été volées dans une attaque de ransomware qui pourrait coûter à l'entreprise jusqu'à 1,6 milliard de dollars.

---

>UnitedHealth confirms that personal and health information was stolen in a ransomware attack that could cost the company up to $1.6 billion. ]]> 2024-04-23T12:08:17+00:00 https://www.securityweek.com/unitedhealth-says-patient-data-exposed-in-change-healthcare-cyberattack/ www.secnews.physaphae.fr/article.php?IdArticle=8487451 False Ransomware,Medical None 3.0000000000000000 The Register - Site journalistique Anglais City council says it lost control after shutting down systems It\'s become somewhat cliché in cybersecurity reporting to speculate whether an organization will have the resources to "keep the lights on" after an attack. But the opposite turns out to be true with Leicester City Council following its March ransomware incident.…]]> 2024-04-23T11:05:30+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/23/leicester_streetlights_ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8487331 False Ransomware None 4.0000000000000000 Bleeping Computer - Magazine Américain The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February. [...]]]> 2024-04-23T10:28:36+00:00 https://www.bleepingcomputer.com/news/security/unitedhealth-confirms-it-paid-ransomware-gang-to-stop-data-leak/ www.secnews.physaphae.fr/article.php?IdArticle=8487449 False Ransomware None 3.0000000000000000 Wired Threat Level - Security News The company belatedly conceded both that it had paid the cybercriminals extorting it and that patient data nonetheless ended up on the dark web.]]> 2024-04-23T03:55:10+00:00 https://www.wired.com/story/change-healthcare-admits-it-paid-ransomware-hackers/ www.secnews.physaphae.fr/article.php?IdArticle=8487165 False Ransomware,Medical None 3.0000000000000000 knowbe4 - cybersecurity services Ce nouveau jeu dure 10 minutes, disponible en anglais (GB) et au niveau d'abonnement Diamond. & Nbsp;

---

We released a new game, now available on the KnowBe4 Modstore. I played it myself and this is recommended for all Inside Man fans!  "Mark Shepherd, The Inside Man himself, is recruiting a crack security team to thwart the sinister \'Handler\'. Your mission is to accumulate points in a series of challenges that apply lessons learnt throughout The Inside Man series, to test your expertise in combating phishing, social engineering, password breaches, ransomware and document security. "This new Game is 10 minutes in duration, available in English (GB), and at Diamond subscription level. ]]> 2024-04-22T20:21:06+00:00 https://blog.knowbe4.com/your-blnew-game-the-inside-man-new-recruits-gameog-post-title-here www.secnews.physaphae.fr/article.php?IdArticle=8487011 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Between crossovers - Do threat actors play dirty or desperate? In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether or not this is an actual second attack, an affiliate crossover (meaning an affiliate has gone to]]> 2024-04-22T15:52:00+00:00 https://thehackernews.com/2024/04/ransomware-double-dip-re-victimization.html www.secnews.physaphae.fr/article.php?IdArticle=8486755 False Ransomware,Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future 2024-04-22T15:20:31+00:00 https://therecord.media/unitedhealth-ceo-andrew-witty-testimony-house-subcommittee www.secnews.physaphae.fr/article.php?IdArticle=8486884 False Ransomware None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Les secteurs fédéral, étatique, gouvernemental local et éducation continuent d'être les plus ciblés par les cyberattaques aux États-Unis.Selon les organismes de recherche, d'éducation et de recherche sur les points de contrôle, connaissent 1 248 par semaine, en moyenne & # 8212;la plupart de toute industrie.Le gouvernement et les organisations militaires connaissent 1 034 par semaine, quatrième parmi toutes les industries.De plus, les organisations gouvernementales et militaires ont connu des attaques plus élevées que la moyenne de types de logiciels malveillants notables, notamment l'infostaler, le mobile, le ransomware et le botnet.Dans le secteur de l'éducation, les recherches sur les points de contrôle ont révélé des volumes d'attaque supérieurs à la moyenne d'infostaler, de ransomwares et de malwares de botnet.Pour aider à lutter contre ces menaces, vérifiez [& # 8230;]

---

>The federal, state, local government and education sectors continue to be the most targeted by cyberattacks in the United States. According to Check Point Research, education and research organizations experience 1,248 per week, on average — the most of any industry. The government and military organizations experience 1,034 per week, fourth among all industries. Further, government and military organizations have seen higher than average attacks of notable malware types, including Infostealer, mobile, ransomware and botnet. In the education sector, Check Point research found higher than average attack volumes of Infostealer, ransomware and botnet malwares. To help combat these threats, Check […] ]]> 2024-04-22T13:00:33+00:00 https://blog.checkpoint.com/security/taking-steps-toward-achieving-fedramp/ www.secnews.physaphae.fr/article.php?IdArticle=8486829 False Ransomware,Malware,Mobile None 2.0000000000000000 Bleeping Computer - Magazine Américain Synlab Italia has suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline. [...]]]> 2024-04-22T11:27:52+00:00 https://www.bleepingcomputer.com/news/security/synlab-italia-suspends-operations-following-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8486883 False Ransomware,Medical None 2.0000000000000000 The Register - Site journalistique Anglais 2024-04-22T01:57:11+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/22/in_brief_security/ www.secnews.physaphae.fr/article.php?IdArticle=8486555 False Ransomware None 3.0000000000000000