January 9, 2024 at 11:47AM Researchers from Cisco Talos and the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware, leading to the arrest of the operator. This variant emerged after the original malware leaked. The threat actor targeted Microsoft Exchange servers using ProxyShell exploits. Avast released a decrypter for Babuk … Read more
January 9, 2024 at 11:24AM A new report from cybersecurity firm Securonix warns that financially motivated threat actors based in Turkey have been targeting Microsoft SQL Server databases with ransomware attacks. The campaign, primarily aimed at organizations in the US, Europe, and Latin America, involves various malicious activities including brute-forcing credentials, executing shell commands, and … Read more
January 8, 2024 at 03:46PM Sea Turtle, a Turkish state-backed cyber espionage group, has expanded its spying campaigns to the Netherlands, targeting telcos, media, ISPs, and Kurdish websites. Using DNS hijacking and traffic redirection, they conduct man-in-the-middle attacks to acquire economic and political intelligence aligned with Turkish interests. Analysts at Hunt & Hackett observed these … Read more
January 8, 2024 at 04:27AM Digital expansion increases the external attack surface, exposing organizations to cyberthreats. Traditional security tools such as firewalls and VPNs contribute to this vulnerability. External Attack Surface Management (EASM) is a growing priority, with zero trust security being a key solution to minimize the attack surface. Join the webinar with Zscaler … Read more
January 7, 2024 at 03:37PM An ongoing campaign has been distributing the AsyncRAT malware for the past 11 months, utilizing various loader samples and domains. AsyncRAT, a Windows remote access tool, facilitates unauthorized access, data theft, and malware deployment. The attacks target specific individuals and companies, employing sophisticated techniques to avoid detection. Researchers provide detection … Read more
January 6, 2024 at 02:33AM A recent cyber attack targeting Albanian organizations involved the use of a destructive wiper called No-Justice, attributed to an Iranian group called Homeland Justice. The attack aimed at entities in Albania and involved tools such as PowerShell scripts and legitimate tools for reconnaissance and remote access. Pro-Iranian threat actors have … Read more
January 5, 2024 at 04:59PM Extortionists are issuing swatting threats against hospitals if ransom demands are not met. After cyberattacks on medical centers, criminals threatened to swat the patients, aiming to pressure the hospitals to pay. This escalating trend of extreme tactics, including direct threats to patients, indicates a disturbing shift in cybercrime. The frequency … Read more
January 5, 2024 at 06:30AM The US Department of Energy is offering $70 million in funding through the All-Hazards Energy Resilience program for research in cybersecurity, physical threats, natural disasters, and extreme weather events. The DOE aims to enhance the resilience and security of the energy sector and will fund up to 25 projects, with … Read more
January 4, 2024 at 01:40PM Verified X (formerly Twitter) accounts with ‘gold’ and ‘grey’ checkmarks are increasingly targeted by hackers for cryptocurrency scams, including accounts of government, business, and official organizations. CloudSEK report shows compromised accounts sold in a black market for $1,200-$2,000, with hackers also offering to affiliate scam accounts to verified gold accounts … Read more
January 4, 2024 at 04:06AM The UAC-0050 threat actor is using phishing attacks to distribute the Remcos RAT, employing new tactics to avoid detection by security software. Uptycs researchers highlight the group’s use of a pipe method for interprocess communication, demonstrating advanced adaptability. The group has a history of targeting Ukrainian and Polish entities through … Read more