Amateurish ‘CosmicBeetle’ Ransomware Stings SMBs in Turkey

September 12, 2024 at 02:04AM The cybercriminal group “CosmicBeetle” targets small businesses in Turkey, Spain, India, and South Africa with ransomware, often experiencing glitches due to its low sophistication. The group exploits older vulnerabilities, particularly in software used by small businesses, and has links to the LockBit group. Small and midsize businesses are its main … Read more

Cyber crooks shut down UK, US schools, thousands of kids affected

September 11, 2024 at 06:53PM Cybercriminals caused school closures in America and Britain by launching ransomware attacks, disrupting internet-based systems for students. Highline Public Schools in Washington state and Charles Darwin School in England faced closures and system shutdowns. These incidents highlight the vulnerability of educational institutions to cyber threats, emphasizing the need for robust … Read more

Major sales and ops overhaul leads to much more activity … for Meow ransomware gang

September 11, 2024 at 02:47PM The Meow ransomware group has gained momentum, claiming the second most active gang spot in global ransomware attacks. The group has shifted its focus from encrypting files to selling stolen data, adopting a new tactic in the cybercrime landscape. Meanwhile, RansomHub continues to dominate the rankings with 15 percent of … Read more

Hunters International claims ransom on Chinese mega-bank’s London HQ

September 11, 2024 at 02:03PM Hunters International ransomware gang claims to have stolen 5.2 million files from the London branch of the Chinese state-owned bank ICBC and set a deadline of September 13 for their release. ICBC has not responded, and the authenticity of the stolen information remains unconfirmed. Financially motivated criminals target banks due … Read more

Data Breach at Golf Course Management Firm KemperSports Impacts 62,000

September 11, 2024 at 05:15AM Golf management company Kemper Sports Management reported a data breach affecting over 62,000 individuals, including current and former employees. Personal data, such as names and Social Security numbers, was compromised. Despite no evidence of misuse, those affected are being offered one year of free credit monitoring. This is not the … Read more

RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software

September 10, 2024 at 02:31PM The RansomHub ransomware gang has utilized TDSSKiller, a legitimate tool from Kaspersky, to neutralize endpoint detection and response (EDR) services on target systems. Based on the meeting notes, it appears that the RansomHub ransomware gang has been utilizing TDSSKiller, a legitimate tool from Kaspersky, to bypass endpoint detection and response … Read more

CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub

September 10, 2024 at 12:34PM CosmicBeetle debuts new ransomware, ScRansom, targeting SMBs globally, possibly as an affiliate for RansomHub. The attack spans various sectors and uses brute-force attacks and known security flaws for infiltration. Cicada3301 ransomware is observed with modifications, while a kernel-mode signed Windows driver, POORTRY, used by multiple ransomware gangs as an EDR … Read more

Crypto scams rake in $5.6B a year for cyberscum lowlifes, FBI says

September 10, 2024 at 10:33AM The FBI’s annual report on crypto-related cybercrime highlights a grim reality, with over $5.6 billion in losses in the US in 2023, a 45% increase from the previous year. Those aged 60 and over are the most vulnerable, falling victim to investment scams promising huge returns from cryptocurrency. The FBI … Read more

Critical SonicWall SSLVPN bug exploited in ransomware attacks

September 9, 2024 at 05:52PM Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims’ networks, impacting Gen 5, Gen 6, and Gen 7 firewalls. The vulnerability initially affected the firewalls’ management access interface, but was later found to also impact the SSLVPN feature and exploited in attacks. Mitigation measures … Read more

Akira Ransomware Actors Exploit SonicWall Bug for RCE

September 9, 2024 at 05:00PM Akira ransomware affiliates are exploiting a critical remote code execution vulnerability (CVE-2024-40766) in SonicWall’s Gen 5, Gen 6, and some Gen 7 firewall products. The US CISA has added it to their list of known exploited vulnerabilities. SonicWall advises customers to update affected appliances and take measures to limit firewall … Read more