Krebs on Security

MAY 10, 2022

By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925 , a weakness in a central component of Windows security (the “ Local Security Authority ” process within Windows). CVE-2022-26925 was publicly disclosed prior to today, and Microsoft says it is now actively being exploited in the wild.

Authentication 290

Authentication Ransomware Security IT 290

Data Breach Today

MAY 17, 2023

Malware Designed to Load Crypto-Lockers Remains Key Tool for Ransomware Groups The Royal ransomware group, which spun off from Conti in early 2022, is refining its downloader malware using tactics and techniques that appear to draw directly from other post-Conti groups, as well as working closely with trusted former associates of Conti, REvil and Hive, (..)

Ransomware 190

Ransomware IT 190

Krebs on Security

DECEMBER 14, 2022

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The bug already seeing exploitation is CVE-2022-44698 , which allows attackers to bypass the Windows SmartScreen security feature.

Ransomware 199

Ransomware Authentication Security Access 199

Data Breach Today

JANUARY 11, 2023

Vice Society Claims Credit for Data Leak Affecting Current, Former Employees The Vice Society ransomware group today claimed responsibility for a December 2022 attack on an Australian state fire department that led to a widespread IT outage. Fire Rescue Victoria warned current and former employees and job applicants of data leak.

Ransomware 221

Ransomware IT 221

Security Affairs

MAY 21, 2024

The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States. The Blackbasta extortion group added the company to the list of victims on its Tor leak site, as the researcher Dominic Alvieri reported. The oil company has yet to disclose the alleged incident.

Ransomware 122

Ransomware Phishing Access IT 122

Krebs on Security

SEPTEMBER 14, 2022

Worst in terms of outright scariness is CVE-2022-37969 , which is a “privilege escalation” weakness in the Windows Common Log File System Driver that allows attackers to gain SYSTEM-level privileges on a vulnerable host. .” CVE-2022-32984 is a problem in the deepest recesses of the operating system (the kernel).

Privacy 188

Privacy Security Authentication Cybersecurity 188

Security Affairs

APRIL 22, 2024

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028.

Military 107

Military File names Education Phishing 107

Data Breach Today

FEBRUARY 20, 2023

million tied to the 2022 Ronin cryptocurrency bridge hack by North Korean state threat actor Lazarus Group. Confiscated Cryptocurrency Tied to $620 Ronin Bridge Hack Norwegian authorities confiscated crypto assets worth nearly $5.68 The authority describes the seizure as Norway's largest-ever crypto seizure.

130

130

Krebs on Security

FEBRUARY 9, 2023

Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. Members of the Trickbot Group publicly gloated over the ease of targeting the medical facilities and the speed with which the ransoms were paid to the group.”

Ransomware 199

Ransomware Government Cybersecurity Blockchain 199

Data Breach Today

JANUARY 19, 2023

Evidence Suggests Victims Ponied Up 40% Less in Ransom Payments, Researchers Say The total amount of ransom payments being sent by victims to ransomware groups appears to have taken a big dip, declining by 40% from $766 million in 2021 to $457 million in 2022 due to victims simply being unwilling to pay, blockchain intelligence firm Chainalysis reports. (..)

Ransomware 130

Ransomware Blockchain 130

Security Affairs

MARCH 16, 2024

North Korea-linked Lazarus APT group allegedly using again the mixer platform Tornado Cash to launder $23 million. North Korea-linked Lazarus APT group allegedly has reportedly resumed using the mixer platform Tornado Cash to launder $23 million. million from exchange HTX , which took place in November 2023, to the North Korea’s group.

Blockchain 110

Blockchain Cybersecurity IT Information Security 110

Security Affairs

FEBRUARY 8, 2024

Government offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware group. The US Department of State announced rewards up to $10,000,000 for information leading to the identification and/or location of the leaders of the Hive ransomware group.

Ransomware 101

Ransomware Blockchain Manufacturing Analytics 101

Data Breach Today

JUNE 2, 2022

Chris Novak of Verizon Business Group on Latest Breach Investigations Report The 15th edition of the annual Verizon Data Breach Investigations Report examines the rapid growth in ransomware, along with other threat vectors.

Ransomware 240

Ransomware Data breaches Security 240

Data Breach Today

MARCH 27, 2024

Espionage Groups and Commercial Surveillance Vendors Tied to Many Zero-Day Exploits Fresh zero-day vulnerabilities continue to be getting actively exploited in the wild by attackers, often for surveillance and espionage purposes, according to the latest annual review of in-the-wild exploits published by Google.

290

290

Security Affairs

DECEMBER 9, 2022

On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000. The NCC Group EDG received the biggest award of the day for successfully executing a 2 exploit (command injection, type confusion) attack against the Ubiquiti and the Lexmark printer in the SOHO SMASHUP category.

Cloud 118

Cloud Security Information Security IT 118

Security Affairs

APRIL 23, 2024

North Korea-linked APT groups Lazarus , Andariel , and Kimsuky hacked multiple defense companies in South Korea, reported the National Police Agency. The Police states that the attacks are carried out in the form of an all-out war that see the contribution of multiple APT groups.

Passwords 77

Passwords Authentication Cloud Cybersecurity 77

Security Affairs

DECEMBER 29, 2022

NCC Group’s Fox-IT research team warns of thousands of Citrix ADC and Gateway endpoints remain vulnerable to two critical vulnerabilities, tracked as CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), that the company addressed in recent months. Citrix addressed the flaw on November 8, 2022.

Cloud 92

Cloud Authentication Access IT 92

Security Affairs

NOVEMBER 28, 2023

The Daixin Team group claims to have hacked the North Texas Municipal Water District (US) and threatened to leak the stolen data. The Daixin Team group added NTMWD to the list of victims on its Tor leak site. The group claims to have stolen a total of 33844 files.

Ransomware 114

Ransomware Phishing Access Risk 114

Krebs on Security

MARCH 1, 2022

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue. 22, 2020, the U.S.

Ransomware 274

Ransomware Government Security IT 274

eSecurity Planet

MARCH 27, 2023

Mandiant tracked 55 zero-day vulnerabilities that were actively exploited in 2022. Overall, the proportion of financially motivated zero-day exploitation decreased in 2022. Far more of the 16 cases with a clear motive were state-sponsored – 13 of the zero-days tracked in 2022 appear to have been leveraged by cyber espionage groups.

Cloud 104

Cloud Ransomware Risk Access 104

Security Affairs

MARCH 11, 2024

BianLian ransomware group was spotted exploiting vulnerabilities in JetBrains TeamCity software in recent attacks. Researchers from GuidePoint Security noticed, while investigating a recent attack linked to the BianLian ransomware group, that the threat actors gained initial access to the target by exploiting flaws in a TeamCity server.

Ransomware 98

Ransomware Manufacturing Access Security 98

Security Affairs

MARCH 21, 2023

Experts warn that 55 zero-day vulnerabilities were exploited in attacks carried out by ransomware and cyberespionage groups in 2022. Cybersecurity firm Mandiant reported that ransomware and cyberespionage groups exploited 55 zero-day flaws in attacks in the wild. ” reads the report published by Mandiant.

Ransomware 75

Ransomware Access Cybersecurity Risk 75

Data Breach Today

JANUARY 25, 2024

Lee, COO of the group, explained why the number of compromises grew so dramatically - from 1,801 incidents in 2022 to 3,205 in 2023. Lee Calls for Uniform Breach Reporting Supply chain attacks and zero-day exploits surged in 2023, helping to set yet another record for data breaches tracked by the Identity Theft Resource Center.

Data breaches 307

Data breaches 307

Data Breach Today

NOVEMBER 9, 2023

Iranian Espionage Group Used Tactics From Previous Campaigns Security company CrowdStrike said it had observed Iranian hacker group Imperial Kitten, also known as TA456, Crimson Sandstorm and Tortoiseshell, conducting web compromise operations between 2022 and 2023 to infiltrate Israeli logistics, transportation and technology companies.

IT 270

IT Security 270

Security Affairs

DECEMBER 1, 2023

The Black Basta ransomware gang infected over 300 victims accumulating ransom payments exceeding $100 million since early 2022. The Black Basta ransomware group has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. ” reads the Elliptic’s report.

Ransomware 81

Ransomware Blockchain Retail Insurance 81

Everteam

DECEMBER 27, 2022

2022 Retrospective. 27 December 2022. Why not start this year 2023, going back for a few seconds to 2022. Here is our 2022 retrospective, 1 year of work, good times, and fun spent creating content for you. Content created for you on 2022. . Jean-Mathieu BONNEFOUS – Orano Group. Anne-Claire Girard.

Records Management 52

Records Management Information governance Archiving Government 52

Security Affairs

MAY 20, 2022

During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants demonstrated a working exploit for Microsoft Windows 11. During the second day of the Pwn2Own Vancouver 2022 hacking competition, white hat hackers demonstrated a working exploit against Microsoft Windows 11 OS. To nominate, please visit:?

Cybersecurity 83

Cybersecurity Security Access Information Security 83

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN.

Communications 94

Communications Encryption IT Security 94

Security Affairs

DECEMBER 25, 2023

In some attacks, the APT group exploited a high-severity WinRAR flaw CVE-2023-38831 to deliver the LONEPAGE malware. UAC-0099 threat actor has targeted Ukraine since mid-2022, it was spotted targeting Ukrainian employees working for companies outside of Ukraine. A threat actor, tracked as UAC-0099, continues to target Ukraine.

Archiving 125

Archiving Phishing Security IT 125

Data Breach Today

MARCH 15, 2022

Gary Hibberd, known as "The Professor of Communicating Cyber" at cybersecurity services provider Cyberfort Group, discusses the biggest changes made since 2013 to the ISO 27001 international standard for an information security management system, which helps organizations secure their data assets.

Communications 223

Communications Information Security Cybersecurity Security 223

Security Affairs

NOVEMBER 14, 2023

In the EU, Handelsblatt reported that ransomware attacks targeting the energy sector more than doubled in 2022 over the previous year, with defenders recording 21 attacks through the past October. With at least a dozen sophisticated groups such as BlackCat/ALPHV , Medusa, and LockBit 3.0,

Ransomware 104

Ransomware Government Security Access 104

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware 122

Ransomware Cybersecurity Encryption Security 122

Security Affairs

MAY 15, 2023

A previously unknown ransomware group known as RA Group is targeting companies in U.S. Cisco Talos researchers recently discovered a new ransomware operation called RA Group that has been active since at least April 22, 2023. The group has already compromised three organizations in the U.S. and one in South Korea.

Ransomware 80

Ransomware Encryption Healthcare Insurance 80

Krebs on Security

FEBRUARY 1, 2024

Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. 11-12, 2022. 11-12, 2022. “R,” “R$” and “ElSwapo1,” was the ringleader of a SIM-swapping group called the “Powell SIM Swapping Crew.” Image: Elliptic.co.

Blockchain 241

Blockchain Ransomware Retail Analytics 241

Security Affairs

JUNE 5, 2022

Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center servers, have been released. 23 unique IPs so far.

Cybersecurity 122

Cybersecurity IoT Security IT 122

Security Affairs

JULY 18, 2023

The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The financially motivated group FIN8 (aka Syssphinx) was spotted using a revamped version of a backdoor tracked as Sardonic to deliver the BlackCat ransomware (aka Noberus ransomware).

Ransomware 89

Ransomware Sales IT Security 89

Security Affairs

DECEMBER 11, 2022

The Pwn2Own Toronto 2022 is ended, and the participants earned a total of $989,750 for 63 unique zero-day exploits. The Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition has ended and these are the final numbers for the event: $989,750 awarded. — Zero Day Initiative (@thezdi) December 9, 2022. 66 entries.

Information Security 98

Information Security Security IT 98