Data Breach Today

DECEMBER 13, 2023

Oxygen of Publicity' Helps Intimidate Victims and Recruit Affiliates, Experts Warn Seeking to maximize profits no matter the cost, ransomware groups have been bolstering their technical prowess and psychological shakedowns with a fresh strategy: attempting to control the narrative.

Ransomware 311

Ransomware Marketing Security 311

Data Breach Today

MAY 3, 2024

Mandiant Says APT42 Members Have Been Posing as Journalists to Steal Troves of Data Members of the Iranian state hacking group APT42 have been observed posing as journalists from credible news outlets and well-known research institutions as part of a global effort to harvest credentials and hack into victim cloud networks, according to a Mandiant report (..)

Cloud 277

Cloud 277

Data Breach Today

OCTOBER 11, 2023

Microsoft Says Campaign Exploiting Escalation Flaw Began in September A Chinese nation state hacking group is exploiting a zero day flaw in Atlassian's Confluence Data Center and Server products as part a campaign spotted in mid-September, Microsoft researchers say.

318

318

Data Breach Today

JUNE 21, 2024

The Group Published 104 Files It Says Come From NHS Hospitals in London A ransomware group late Thursday published information stolen during an attack that's led to postponed cancer treatment and organ transplant surgeries at two London National Health Service hospitals. The Qilin ransomware group hit Synnovis, a U.K.

Ransomware 144

Ransomware IT 144

Data Breach Today

MARCH 5, 2024

Affiliate Claims Administrators Kept All $22 Million Paid by Change Healthcare The administrators of the BlackCat ransomware-as-a-service group claim law enforcement has shut down their operation.

Ransomware 283

Ransomware 283

Data Breach Today

FEBRUARY 26, 2024

Espionage Groups Deploy Info Stealer to Monitor Russia's Diplomatic Moves North Korean espionage group TA406, aka the Konni Group, deployed information-stealing malware on a Russian government-owned software to spy on the country's foreign ministry officials.

Government 269

Government 269

Data Breach Today

FEBRUARY 14, 2024

Researchers See Waning Mystique, Use of Ghost Groups, Breach Tricks, Trauma of War While overall ransomware profits might remain high, many of the remaining or rebooted top-tier groups are "really struggling" with scarce talent, trauma from the Russia-Ukraine war and repeated disruptions by law enforcement, say researchers from threat intelligence (..)

Ransomware 283

Ransomware 283

Data Breach Today

NOVEMBER 28, 2023

5 Suspects Arrested; Group Tied to Ransomware Attacks Against 1,800 Victims Police have arrested a group of criminals in Ukraine, including their alleged ringleader, who they suspect launched ransomware attacks against organizations across 71 countries, amassing at least 1,800 victims, from which they demanded ransoms collectively worth hundreds of (..)

Ransomware 309

Ransomware 309

Data Breach Today

MARCH 15, 2024

Don't Let the Quest for Data Lead You to Amplify What Criminals Might Be Claiming For the love of humanity, please stop playing into ransomware groups' hands by treating their data leak blogs as reliable sources of information and then using them to build lists of who's amassed the most victims.

Ransomware 323

Ransomware 323

Data Breach Today

FEBRUARY 22, 2024

Numerous Impediments Remain If Administrators Attempt to Reboot the Operation The notorious ransomware-as-a-service group LockBit, disrupted by law enforcement this week, was developing a new version of its crypto-locking malware prior to being shut down, security researchers reported.

Ransomware 261

Ransomware Security IT 261

Data Breach Today

MARCH 16, 2023

Microsoft Patches Another SmartScreen Signature-Based Vulnerability A financial motivated hacking group has been exploiting a now-patched zero-day vulnerability in the Windows operating system to deliver ransomware. Google Threat Analysis Group attributed the campaign to Magniber ransomware group.

Ransomware 347

Ransomware IT 347

Data Breach Today

FEBRUARY 22, 2024

Numerous Impediments Remain, Should Administrators Attempt to Reboot Operation The notorious ransomware-as-a-service group LockBit, disrupted by law enforcement this week, was developing a new version of its crypto-locking malware prior to being disrupted, security researchers report.

Ransomware 259

Ransomware Security IT 259

Data Breach Today

DECEMBER 19, 2023

authorities seized dark web infrastructure of the BlackCat ransomware-as-a-service group, also known as Alphv, although the Russian-speaking threat actor said it has reestablished operations. The group's data leak site and its Tox instant messaging account went offline Dec.

Ransomware 279

Ransomware IT 279

Data Breach Today

OCTOBER 29, 2023

In a new campaign spotted by Kaspersky researchers, the Lazarus group is targeting a version of an unnamed software product with vulnerabilities reported and patches available.

313

313

Data Breach Today

JANUARY 18, 2024

Coldriver' Has Been Sending Backdoors Embedded in PDFs Since November 2022 A Russian domestic intelligence agency hacking group known for long-lasting logon credential phishing campaigns against Western targets is now deploying malware embedded into PDFs, say security researchers from Google.

Phishing 291

Phishing Security 291

Data Breach Today

APRIL 8, 2024

RansomHub Claims It Has 4TBs of Data Stolen by BlackCat in Change Healthcare Attack A second cybercriminal gang - RansomHub - is trying to shake down Change Healthcare's parent company, UnitedHealth Group, and have it pay another ransom for data that an affiliate of ransomware-as-a-service group BlackCat claims to have stolen in February.

Ransomware 246

Ransomware IT 246

Data Breach Today

DECEMBER 11, 2023

Prolific Ransomware Operation Tied to Big Hits Claims 'Everything Will Work Soon' Cybercrime underground chatter suggests ransomware group BlackCat - aka Alphv - is being disrupted by law enforcement.

Ransomware 317

Ransomware 317

Data Breach Today

FEBRUARY 26, 2024

Some Researchers Confident ConnectWise ScreenConnect Flaw Was Exploited in Attack Healthcare industry groups are urging their members to take certain precautionary actions in the wake of the attack last week on Change Healthcare, a unit of Optum.

282

282

Data Breach Today

SEPTEMBER 20, 2023

HHS: North Korean-Sponsored Group Is Exploiting Critical Zoho ManageEngine Flaw Federal authorities are warning of "significant risk" for potential attacks on healthcare and public health sector entities by the North Korean state-sponsored Lazarus Group involving exploitation of a critical vulnerability in 24 Zoho ManageEngine products.

Risk 283

Risk 283

Data Breach Today

OCTOBER 30, 2023

Patch or Perish: Researchers See Mass Exploits of NetScaler ADC and Gateway Devices Ransomware-wielding groups are among the attackers exploiting vulnerabilities in NetScaler devices to bypass authentication and gain initial access to victims' networks.

Ransomware 283

Ransomware Authentication Access 283

Data Breach Today

JULY 28, 2023

North Korean Group Uses Watering Hole Techniques to Access, Distribute Malware The highly active, North Korea-linked Lazarus Group is targeting unpatched Microsoft Internet Information Services servers to escalate privileges and distribute malware.

Access 243

Access 243

Data Breach Today

SEPTEMBER 22, 2023

HHS Report Lists APT41, APT43 and Lazarus Among Top Threat Groups Chinese and North Korean nation-state groups continue to pose significant "unique threats" to the U.S.

287

287

Data Breach Today

FEBRUARY 29, 2024

Microsoft Fixed Bug in February That Gave Kernel-Level Access to North Korean APT North Korea's Lazarus hackers exploited a Windows AppLocker driver zero-day to gain kernel-level access and turn off security tools that could detect the group's bring-your-own-vulnerable-driver exploitation techniques.

Access 255

Access Security IT 255

Data Breach Today

NOVEMBER 2, 2023

Aerospace Giant Says Elements of Parts and Distribution Business Are Affected Boeing has confirmed suffering a "cyber incident" affecting its parts and distribution business days after the notorious LockBit ransomware group claimed to have breached systems at the world's biggest aerospace company and to have stolen "a tremendous amount of sensitive (..)

Ransomware 297

Ransomware IT 297

Krebs on Security

JANUARY 30, 2024

Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. Multiple security firms soon assigned the hacking group the nickname “ Scattered Spider.” 9, 2024, U.S. technology companies during the summer of 2022.

Passwords 322

Passwords Phishing Access Encryption 322

Data Breach Today

MAY 24, 2024

Also: The End of an Era at Mandiant and Privacy and Ethics Concerns Related to LLMs In the latest weekly update, ISMG editors discussed the implications of Kevin Mandia stepping down as Mandiant CEO; UnitedHealth Group's responsibility for a massive HIPAA breach at its subsidiary, Change Healthcare; and privacy concerns over large language models.

Privacy 167

Privacy IT 167

Data Breach Today

FEBRUARY 14, 2023

The Tonto Team Used Spear-Phishing Emails to Target Group-IB Employees Group-IB says a July 2022 spear-phishing attempt on its own employees came from the Chinese threat actor known variously as Tonto Team and CactusPete. Malwarebytes says the group has ramped up spying against Russian government agencies.

Phishing 333

Phishing Government IT 333

Data Breach Today

JUNE 18, 2024

Buy Will Propel Growth Synopsys' Software Integrity Group will become a standalone company under Francisco Partners and Clearlake once the $2.1 GM Jason Schmitt on How Francisco Partners, Clearlake $2.1B billion transaction closes.

157

157

Data Breach Today

NOVEMBER 10, 2023

Security Firm Adds Chris Krebs, Alex Stamos to C-Suite to Take on Geopolitical Risk SentinelOne purchased a boutique consultancy established by two of the world's most famous security minds and launched its own strategic risk analysis and advisory group.

Risk 288

Risk Security IT 288

Krebs on Security

SEPTEMBER 27, 2023

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. Or perhaps they are simply selling any stolen data (and any corporate access) to active and hungry ransomware group affiliates.

Ransomware 255

Ransomware Phishing Access Passwords 255

Data Breach Today

JULY 1, 2024

The healthcare software firm says it will handle breach notifications, but industry groups want to ensure the government will go along with that plan.

Data breaches 167

Data breaches Government IT 167

Data Breach Today

JANUARY 19, 2024

Complaint Alleges Tech Giant Is Breaking Privacy Promises, Putting Patients at Risk Two tech advocacy groups are pushing the Federal Trade Commission to investigate Google, alleging the company has reneged on a promise it made after the Supreme Court's 2022 overturn of Roe v.

Privacy 262

Privacy Risk IT 262

Data Breach Today

NOVEMBER 28, 2023

CISA Investigating Iranian Hacking Group Attack on Pennsylvania Water Authority The U.S.

Cybersecurity 279

Cybersecurity Security IT 279