June 12, 2024 at 08:10AM The Black Basta ransomware operation exploited a Windows privilege escalation vulnerability (CVE-2024-26169) as a zero-day before a fix was available. Microsoft patched it on March 12, 2024. Symantec’s report links the exploit to Black Basta, with indications of its usage as a zero-day. This highlights the need to apply the … Read more
June 12, 2024 at 07:39AM Symantec reports that threat actors using Black Basta ransomware exploited a privilege escalation flaw in Microsoft’s Windows Error Reporting Service as a zero-day, patched in March 2024. Symantec’s observation points to attempts to exploit the vulnerability in an unsuccessful ransomware attack. It also highlights the emergence of a new ransomware … Read more
May 17, 2024 at 05:35PM Summary: – Black Basta ransomware operation breached over 500 organizations worldwide from April 2022 to May 2024, causing disruption at Ascension Healthcare. – Inc Ransomware attempted to sell its source code for $300,000, while Phorpiex botnet conducted LockBit Black ransomware campaigns. – MediSecure in Australia suffered a large-scale ransomware data … Read more
May 13, 2024 at 05:18PM Summary: Despite a history of targeted attacks, the Black Basta cybercriminal group has adopted a new strategy of bombarding victims with spam emails and offering fake customer support to trick them into downloading malware. Rapid7 researchers warn organizations to be vigilant and take measures to block unauthorized remote monitoring and … Read more
May 13, 2024 at 10:19AM CISA and FBI reported that Black Basta ransomware affiliates breached over 500 organizations, encrypting and stealing data from critical infrastructure sectors. The gang targeted private industry and healthcare organizations in North America, Europe, and Australia. The advisory also includes tactics for defenders to mitigate ransomware risks, particularly for healthcare organizations. … Read more
May 13, 2024 at 07:36AM The Black Basta ransomware group has targeted over 500 organizations globally, impacting critical infrastructure in North America, Europe, and Australia. Operating under a Ransomware-as-a-Service (RaaS) model, the group has earned over $100 million in ransom payments. Cyber-attacks are conducted through phishing, exploiting vulnerabilities, and deploying ransomware. Mitigations are recommended by … Read more
May 13, 2024 at 06:22AM Black Basta ransomware has targeted over 500 entities in North America, Europe, and Australia since April 2022. Affiliates utilize common access techniques and a double-extortion model, without initial ransom demands. The group is linked to 28 of 373 ransomware attacks in April 2024 and increased activity in Q1 2024. The … Read more
February 27, 2024 at 03:10AM Summary: The blog post details recent vulnerabilities in ConnectWise ScreenConnect—CVE-2024-1708 and CVE-2024-1709—exploited by threat actor groups like Black Basta and Bl00dy Ransomware gangs. It highlights the technical and operational aspects of the vulnerabilities and provides indicators of compromise for detection and mitigation. Let me know if you need any further … Read more
February 13, 2024 at 09:57AM Aircraft parts dealer Willis Lease Finance Corporation (WLFC) reported a cyberattack to the US Securities and Exchange Commission, detected on January 31. The company contained the incident by February 2 and is investigating the scope and impact of the attack. The Black Basta ransomware gang claims responsibility and threatens to … Read more
February 9, 2024 at 04:09PM Bitdefender reports the discovery of the macOS backdoor RustDoor, linked to ransomware families Black Basta and Alphv/BlackCat. The malware supports Intel and Arm architectures and has been undetected since November 2023. It harvests and exfiltrates files, generates victim IDs, and has variants with different functionalities, including impersonating applications. From the … Read more