Data Breach Today

FEBRUARY 23, 2021

Researchers: 'Jian' Hacking Tool Targeted Zero-Day Flaw in Windows A Chinese hacking group reportedly "cloned" and deployed a zero-day exploit developed by the NSA's Equation Group before Microsoft patched the Windows flaw being exploited, according to Check Point Research. The analysis shows how some U.S.

309

309

Data Breach Today

FEBRUARY 10, 2021

Newly Discovered BendyBear's Advanced Features Include Anti-Analysis Capabilities BlackTech, a Chinese advanced persistent threat group, is deploying a sophisticated new shellcode called BendyBear as part of its latest espionage campaign, security firm Palo Alto Networks reports.

Security 307

Security IT 307

Security Affairs

APRIL 15, 2024

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. The Blackjack group is believed to be affiliated with Ukrainian intelligence services that carried out other attacks against Russian targets, including an internet provider and a military infrastructure.

IoT 133

IoT Access Communications Military 133

Data Breach Today

NOVEMBER 2, 2020

Cybereason Finds Kimsuky Group Using Fresh Spying Tools, Infrastructure Researchers with Cybereason have uncovered a fresh set of malicious tools tied to a North Korean-linked hacking group called Kimsuky, according to a recent analysis.

321

321

Data Breach Today

NOVEMBER 3, 2020

Kimsuky Group Employs Fresh Spying Tools, Infrastructure, Cybereason Reports Researchers with Cybereason have uncovered a fresh set of malicious tools tied to a North Korean-linked hacking group called Kimsuky, according to a recent analysis.

281

281

Data Breach Today

MAY 28, 2020

Google: Hackers Using COVID-19 Phishing Themes to Target Businesses "Hack-for-hire" groups operating in India are spoofing World Health Organization emails to steal credentials from financial services and healthcare firms around the world, according to Google's Threat Analysis Group.

Financial Services 284

Financial Services Phishing 284

Security Affairs

AUGUST 7, 2020

Google published its second Threat Analysis Group (TAG) report which reveals the company has taken down ten coordinated operations in Q2 2020. Google has published its second Threat Analysis Group (TAG) report , a bulletin that includes coordinated influence operation campaigns tracked in Q2 of 2020. Pierluigi Paganini.

Government 104

Government IT Security Information Security 104

Security Affairs

APRIL 16, 2024

The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker Nexperia and the theft of 1 TB of data from the company. The Dark Angels (Dunghill) ransomware group claims responsibility for hacking chipmaker Nexperia and stealing 1 TB of the company’s data. The chipmaker has 14,000 employees as of 2024.

Ransomware 122

Ransomware Manufacturing Insurance Cybersecurity 122

Data Breach Today

JULY 9, 2021

Sizing Up the Impact of the Ransomware Attack and How to Mitigate Risks In the latest weekly update, a panel of Information Security Media Group editors discusses the repercussions of the Kaseya ransomware incident, the immediate response of the cybersecurity community and key risk management takeaways.

Ransomware 307

Ransomware Risk Information Security Cybersecurity 307

Data Breach Today

OCTOBER 30, 2020

Mandiant Threat Intelligence Follows the Trail From Initial Emails to Installing Ryuk A new report describes the attack methods of an Eastern European gang known as UNC1878 or Wizard Spider that's been waging ransomware attacks against U.S. hospitals in recent days.

Ransomware 189

Ransomware 189

Security Affairs

OCTOBER 18, 2023

Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the bug was still a zero-day. ” reported Google TAG.

Archiving 127

Archiving Security IT Data breaches 127

Schneier on Security

JANUARY 19, 2023

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers.

Security 116

Security Encryption Paper Authentication 116

Data Breach Today

SEPTEMBER 12, 2019

Cobalt Dickens' Group Attempting to Steal Intellectual Property "Cobalt Dickens," a threat group with suspected ties to Iran, is continuing its attempts to steal intellectual property from schools and universities, according to an analysis by SecureWorks.

IT 216

IT 216

Krebs on Security

FEBRUARY 9, 2023

Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. Members of the Trickbot Group publicly gloated over the ease of targeting the medical facilities and the speed with which the ransoms were paid to the group.”

Ransomware 185

Ransomware Government Cybersecurity Blockchain 185

Data Breach Today

DECEMBER 24, 2020

This edition of the ISMG Security Report features insights from David Forscey, managing director at Aspen Cybersecurity Group, on improving supply chain security in the aftermath of the SolarWinds hack. Also featured: Black Hat Europe's key takeaways; keeping safe during the holidays.

Cybersecurity 272

Cybersecurity Security 272

Data Breach Today

MAY 14, 2021

Insights on DarkSide Ransomware Gang, Securing Critical Infrastructure Four editors at Information Security Media Group discuss the Colonial Pipeline attack, providing insights on the DarkSide ransomware gang and securing critical infrastructure.

Ransomware 259

Ransomware Information Security Security 259

Schneier on Security

JULY 20, 2021

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Citizen Lab conducted an independent analysis. Why does NSO Group have that list? More coverage.

Manufacturing 145

Manufacturing IT 145

Security Affairs

OCTOBER 12, 2023

Ransomlooker monitors ransomware groups’ extortion sites and delivers consolidated feeds of their claims worldwide. Cybernews presented Ransomlooker , a tool to monitor ransomware groups’ extortion sites and delivers consolidated feeds of their claims worldwide.

Ransomware 136

Ransomware Personal data Access Cybersecurity 136

Lenny Zeltser

OCTOBER 13, 2020

In addition to providing numerous tools as part of the REMnux distro, the project also offers several malware analysis tools as Docker images. To learn about the analysis workflow within which you can use these tools, take a look at my article Mastering 4 Stages of Malware Analysis.

Information Security 145

Information Security Security 145

Data Breach Today

OCTOBER 18, 2023

While RARLabs Patched Flaw, 'Many Users' Don't Appear to Have Updated the Software Nation-state hackers are targeting a vulnerability in WinRAR, a popular Windows utility for archiving files, warns Google’s Threat Analysis Group, which said it has seen "government-backed hacking groups" who hail from multiple countries, including China and Russia, (..)

Archiving 297

Archiving Government IT 297

Data Breach Today

FEBRUARY 22, 2024

Million Civil Penalty to Settle Privacy Investigation This week: more fallout from LockBit, Avast to pay $16.5M, Russia-linked group targeted mail servers, no indication that AT&T was hacked, analysis of a patched Apple flaw, Microsoft enhanced logging, an Android banking Trojan, North Korean hackers and a baking giant fell to ransomware.

Ransomware 262

Ransomware Privacy 262

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. The group focuses on internet-facing services, in at least one instance the group exploited the vulnerability CVE-2024-21887 in Ivanti Connect Secure VPN.

Communications 113

Communications Encryption IT Security 113

Data Breach Today

JANUARY 31, 2024

Information-Sharing Groups Call Reporting Requirements 'Too Costly, Overreaching' Multiple Information Sharing and Analysis Centers decried a proposed incident reporting measure for vendors selling to the U.S. federal government as being costly and ineffective.

Government 256

Government 256

Security Affairs

NOVEMBER 16, 2023

Google Threat Analysis Group (TAG) researchers revealed that a zero-day vulnerability, tracked as CVE-2023-37580 (CVSS score: 6.1), in the Zimbra Collaboration email software was exploited by four different threat actors to steal email data, user credentials, and authentication tokens from government organizations.

Government 126

Government Authentication Phishing IT 126

Security Affairs

JANUARY 18, 2022

A new ransomware gang named White Rabbit appeared in the threat landscape, experts believe it is linked to the FIN8 hacking group. A new ransomware gang called ‘White Rabbit’ launched its operations and according to the experts, it is likely linked to the FIN8 financially motivated group. ” concludes the analysis.

Ransomware 143

Ransomware Encryption Passwords IT 143

Lenny Zeltser

JANUARY 6, 2021

Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. Understand Where You Currently Fit Into the Malware Analysis Process. I like grouping them in 4 categories, which I detailed in the post Mastering 4 Stages of Malware Analysis.

Metadata 145

Metadata IT Access Security 145

Krebs on Security

MARCH 7, 2022

Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. penned a two-part analysis on why smart contracts will make ransomware more profitable.

Ransomware 206

Ransomware Mining Blockchain Sales 206

Krebs on Security

APRIL 8, 2019

Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by deleting those groups. What did we find?

Passwords 194

Passwords Privacy Manufacturing Phishing 194

KnowBe4

MARCH 29, 2024

New analysis of APT29’s (aka Cozy Bear) activities and their association with Russia’s Foreign Intelligence Service (SVR) has revealed suspected attempts to collect political intelligence.

Phishing 93

Phishing Security 93

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. ” reads the analysis published by Trend Micro.

Libraries 97

Libraries Communications Big data Passwords 97

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. Google experts are tracking ARCHIPELAGO since 2012 and have observed the group targeting individuals with expertise in North Korea policy issues. ” reads the analysis published by Google TAG.

Phishing 93

Phishing Passwords Military Education 93

Security Affairs

MARCH 27, 2023

China-linked Earth Preta cyberespionage group has been observed adopting new techniques to bypass security solutions. Trend Micro researchers reported that the China-linked Earth Preta group (aka Mustang Panda ) is actively changing its tools, tactics, and procedures (TTPs) to bypass security solutions.

Archiving 95

Archiving Phishing Passwords Government 95

Data Breach Today

APRIL 13, 2018

Verizon's latest Data Breach Investigations Report shows that half of data breaches in 2017 worldwide were orchestrated by organized cybercriminal groups, says Verizon's Ashish Thapar, who offers an in-depth analysis of the findings.

Data breaches 113

Data breaches 113

Security Affairs

DECEMBER 28, 2021

Researchers analyzed the DoubleFeature logging tool of DanderSpritz Framework that was used by the Equation Group APT group. DanderSpritz made the headlines on April 14, 2017, when it was leaked by the Shadow Broker hacking group along with other tools and exploits belonging to NSA’s arsenal. Pierluigi Paganini.

Authentication 105

Authentication IT Access Security 105

Data Breach Today

JANUARY 4, 2018

This episode of the ISMG Security Report is devoted to producer/host Eric Chabrow's recollection of the evolution of cybersecurity news and analysis during his nine years at Information Security Media Group. Chabrow is retiring after 45 years in journalism.

Cybersecurity 136

Cybersecurity Information Security Security 136

Security Affairs

APRIL 11, 2023

The experts pointed out that while the majority of zero-days they have discovered in the past were used by APT groups, this zero-day was exploited by a sophisticated cybercrime group. This group is known to have used similar CLFS driver exploits in the past that were likely developed by the same author.

Ransomware 98

Ransomware Education Cybersecurity Security 98

Security Affairs

MAY 29, 2022

Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. Pro-Russian hacker group KillNet is threatening again Italy, it announced a massive and unprecedented attack on May 30. ” reads the analysis published by CyberKnown. To nominate, please visit:?.

Cybersecurity 142

Cybersecurity Risk Security Government 142