May 15, 2024 at 01:10PM Financially-motivated cybercriminals are exploiting the Windows Quick Assist feature for social engineering attacks, deploying Black Basta ransomware on victims’ networks. Microsoft, Rapid7, and other security firms have observed the tactics of the threat group Storm-1811 and advise network defenders to block or uninstall Quick Assist and train employees to recognize … Read more
May 15, 2024 at 09:08AM Alexey Pertsev, a main developer of the Tornado Cash cryptocurrency tumbler, has been sentenced to 64 months in prison for his involvement in laundering over $2 billion worth of cryptocurrency. The platform, used by cybercriminals, was sanctioned by the US Department of Treasury. With the fate of the project uncertain, … Read more
May 15, 2024 at 07:06AM Ebury, a sophisticated malware botnet, has compromised 400,000 Linux servers since 2009, with over 100,000 still affected as of late 2023. It is employed for various nefarious activities such as spam distribution, web traffic redirection, and credential theft, as well as cryptocurrency heists and credit card stealing. The threat actors … Read more
May 14, 2024 at 12:37PM Summary: Ebury, a malware botnet, has infected nearly 400,000 Linux servers since 2009, with around 100,000 still compromised in late 2023. ESET researchers have tracked the financially motivated operation for over a decade, observing updates in its capabilities. Recent tactics involve breaching hosting providers, stealing credentials, exploiting vulnerabilities, and employing … Read more
May 13, 2024 at 07:55AM Europol is investigating a cybercriminal’s claim of stealing confidential data from its sources. The Europol Platform for Experts is confirmed as the main subject, but no operational data has been compromised. The cybercriminal, operating as IntelBroker, has also targeted Zscaler and the European Parliament’s PEOPLE app. Europol is assessing the … Read more
May 13, 2024 at 07:36AM The Black Basta ransomware group has targeted over 500 organizations globally, impacting critical infrastructure in North America, Europe, and Australia. Operating under a Ransomware-as-a-Service (RaaS) model, the group has earned over $100 million in ransom payments. Cyber-attacks are conducted through phishing, exploiting vulnerabilities, and deploying ransomware. Mitigations are recommended by … Read more
May 13, 2024 at 06:22AM Black Basta ransomware has targeted over 500 entities in North America, Europe, and Australia since April 2022. Affiliates utilize common access techniques and a double-extortion model, without initial ransom demands. The group is linked to 28 of 373 ransomware attacks in April 2024 and increased activity in Q1 2024. The … Read more
May 13, 2024 at 05:28AM Recent discussions in the British parliament highlighted concerns about the country’s cybersecurity preparedness. Both public and private organizations face threats like ransomware, data breaches, and extortion. Richard Cassidy, Rubrik’s EMEA CISO, stresses the importance of proactive security measures and developing a comprehensive understanding of cybersecurity posture to mitigate potential threats. … Read more
May 11, 2024 at 08:44AM Europol’s Europol Platform for Experts (EPE) portal was breached, and the agency is investigating after threat actor IntelBroker claimed to have stolen “For Official Use Only” (FOUO) documents containing classified data. IntelBroker has been linked to previous data breaches including those involving government agencies and private companies. Zscaler has confirmed … Read more
May 11, 2024 at 03:45AM FIN7, a financially motivated threat actor, has used malicious Google ads to imitate reputable brands, such as AnyDesk and Google Meet, to spread the NetSupport RAT. The group has evolved from targeting point-of-sale systems to launching ransomware campaigns and has expanded its malware arsenal. This activity has prompted Microsoft to … Read more