August 22, 2024 at 08:34AM Ransomware attacks on critical industrial organizations rose in July, with 34% of 395 attacks targeting this sector. Experts note increased confidence among perpetrators due to limited law enforcement intervention. Additionally, increasing connectivity between operational technology and IT has expanded the attack surface. Meanwhile, the use of infostealer malware continues to … Read more
August 6, 2024 at 12:03PM The Grand Palais Réunion des musées nationaux (Rmn) in France experienced a ransomware cyberattack on August 3, 2024. While there were operational disruptions reported, the museum shops are operating independently, and the Olympic events proceeded without issues. The cybersecurity taskforce is assisting with network restoration amidst concerns of data theft … Read more
July 31, 2024 at 12:43PM Google is bolstering Chrome’s security for Windows users by implementing app-bound encryption to protect sensitive data like session cookies from infostealer malware. This new encryption method links data to specific apps and requires system privileges, making it harder for attackers to steal user data. Google plans to expand this encryption … Read more
June 10, 2024 at 11:32PM Unknown financially motivated crime crew “UNC5537” has stolen a substantial amount of data from Snowflake customers by using stolen credentials. The crew may have ties to “Scattered Spider” and has targeted multiple organizations by compromising contractor systems. The theft was enabled by the absence of multi-factor authentication and the use … Read more
January 4, 2024 at 08:18AM The massive outage at Orange Spain, affecting around half its network’s traffic, was caused by an infostealer malware gaining access to an employee’s account with the weak password “ripeadmin.” This breach allowed an attacker operating under the alias “Snow” to manipulate the network’s border gateway protocol (BGP) traffic. The incident … Read more
January 2, 2024 at 03:06PM Info-stealing malware can still access compromised Google accounts even after passwords are changed, due to a zero-day exploit first mentioned by the cybercriminal “PRISMA.” The exploit involves regenerating session tokens to access emails and cloud storage. CloudSEK identified the exploit in the undocumented Google OAuth endpoint “MultiLogin.” The discover reveals … Read more
October 18, 2023 at 11:16AM Cybercrime, specifically data extortion ransomware attacks, is increasing dramatically. Stealer logs, which are logs containing stolen credentials and session cookies, are being distributed through Telegram channels and pose a significant threat. Single sign-on (SSO) applications used by enterprises are being compromised, exposing sensitive information and making social engineering tactics easier. … Read more