November 14, 2023 at 06:31PM Russian and Moldovan national Sergei Makinin has been arrested in Florida for operating a botnet called IPStorm. Makinin admitted to violating US law by intentionally causing damage to protected systems. The botnet used the InterPlanetary File System (IPFS) to hide its activities and allow infected machines to be used as … Read more
November 14, 2023 at 09:53AM The FBI and CISA have released guidance on the Royal ransomware operation, suggesting that it may undergo a rebrand. The agencies have observed code overlaps and similarities in intrusion techniques between Royal and BlackSuit ransomware, indicating a potential rebrand or spinoff variant. The advisory provides information on the IOCs and … Read more
November 13, 2023 at 03:43PM The Royal ransomware gang has breached over 350 organizations worldwide since September 2022, demanding over $275 million in ransom. They conduct data exfiltration and extortion before encryption and will leak victim data if the ransom is not paid. The gang may be planning a rebranding initiative and a spinoff variant … Read more
October 24, 2023 at 12:30PM A former NSA employee, Jareh Sebastian Dalke, has pleaded guilty to charges of attempting to transmit classified defense information to Russia. Dalke used an encrypted email account to send excerpts of classified documents to an individual he believed to be a Russian agent, but was actually an FBI employee. He … Read more
October 19, 2023 at 12:34PM Law enforcement agencies, including Europol’s European Cybercrime Centre, the FBI, and Germany’s Bundeskriminalamt, have taken control of RagnarLocker ransomware group’s leak site in a coordinated effort. The takedown is part of a broader campaign to dismantle ransomware groups. RagnarLocker is known for targeting critical infrastructure and using a double extortion … Read more
October 19, 2023 at 08:42AM The US cybersecurity agency CISA, along with the NSA, FBI, and MS-ISAC, has released a joint guide on phishing techniques. Threat actors use social engineering to trick victims into revealing their credentials or visiting malicious websites. To mitigate credential theft phishing, organizations are advised to implement strong multi-factor authentication and … Read more
October 16, 2023 at 11:08AM CISA, FBI, and MS-ISAC have issued a warning to network administrators to immediately patch their Atlassian Confluence servers due to a critical privilege escalation flaw (CVE-2023-22515) that is actively being exploited. The flaw affects Confluence Data Center and Server 8.0.0 and later versions. Atlassian has released security updates and advised … Read more
October 13, 2023 at 07:06AM AvosLocker ransomware gang has been linked to recent attacks on critical infrastructure sectors in the U.S. The gang uses legitimate software and open-source remote administration tools to compromise networks and exfiltrate data. AvosLocker leverages sophisticated techniques to avoid detection and affects Windows, Linux, and VMware environments. The attacks rely on … Read more
October 12, 2023 at 07:46PM The US government has updated the list of tools used by AvosLocker ransomware affiliates in attacks to include open-source utilities and custom PowerShell and batch scripts. The FBI and CISA have shared a YARA rule for detecting malware disguised as a legitimate network monitoring tool. AvosLocker affiliates use legitimate software … Read more
October 12, 2023 at 09:57AM The Everest ransomware group is seeking to recruit corporate insiders to gain access to corporate networks directly. The group is offering a percentage of the profits from successful attacks to those who assist in the initial intrusion, promising transparency and confidentiality. Everest is specifically targeting organizations in the US, Canada, … Read more