September 3, 2024 at 09:54AM Cicada3301, a new ransomware variant, targets small to medium-sized businesses through opportunistic attacks. Written in Rust, it targets Windows and Linux/ESXi hosts and uses techniques similar to the now-defunct BlackCat operation. It encrypts files, manipulates system recovery, and compromises EDR detection. Its emergence may be connected to the demise of … Read more
September 1, 2024 at 12:39PM Cicada3301 is a new ransomware-as-a-service (RaaS) operation with 19 victims listed on its portal. It conducts double-extortion tactics, utilizing data theft as leverage. The malware overlaps with ALPHV/BlackCat, employing similar encryption methods. It may have ties to the Brutus botnet and targets VMware ESXi setups, causing significant damage to enterprise … Read more
March 28, 2024 at 12:38PM Cisco has released recommendations to address password-spraying attacks targeting Remote Access VPN services on Cisco Secure Firewall devices, which are believed to be part of reconnaissance activity. The company suggests indicators of compromise for detection and blocking, such as abnormal authentication requests and inability to establish VPN connections. Security researcher … Read more