January 23, 2024 at 03:04PM A ransomware operation called ‘Kasseika’ has emerged, employing Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files. It abuses a vulnerable driver to disable antivirus products protecting the system. Similarities with BlackMatter indicate possible connections. Victims are given 72 hours to deposit 50 Bitcoins, with … Read more
January 23, 2024 at 12:12PM Approximately 16.6 million people had their personal information stolen in a ransomware attack on mortgage lender loanDepot. The attack forced the company to shut down systems and caused delays in payment history. The company has confirmed it will notify individuals impacted and provide free credit monitoring. This is loanDepot’s second … Read more
January 23, 2024 at 09:12AM AerCap, an aircraft leasing company, confirmed being targeted by ransomware on January 17. The company asserted control of its IT systems and reported no financial loss. It notified law enforcement and is investigating potential data compromise. ‘Slug’ claimed responsibility, threatening to leak stolen data unless a ransom is paid. AerCap … Read more
January 23, 2024 at 03:14AM The Kasseika ransomware group has been observed deploying BYOVD attacks, utilizing PsExec and exploiting Martini driver. It is suggested that the group may have acquired access to the source code of BlackMatter ransomware. The attack chain involves targeted phishing for initial access followed by remote administration tools and defense evasion … Read more
January 22, 2024 at 03:51PM AerCap, the world’s largest aircraft leasing company, reported a ransomware infection on January 17. Despite the intrusion by the Slug ransomware crew, the company claims to have not incurred financial losses. LoanDepot also disclosed a ransomware attack, affecting about 16.6 million individuals, prompting an ongoing investigation and restoration efforts. From … Read more
January 21, 2024 at 11:03PM Cybersecurity researchers have observed an increase in threat actor activity exploiting a vulnerability in Apache ActiveMQ by delivering the Godzilla web shell. The web shells are concealed within an unknown binary format to evade security measures. This vulnerability has been actively exploited to deploy ransomware, rootkits, cryptocurrency miners, and DDoS … Read more
January 19, 2024 at 06:09AM Ransomware-as-a-service is poised to drive an increase in attacks in Nigeria, impacting both public and private sectors. A Cyber Security Experts of Nigeria (CSEAN) report highlights the impact of ransomware groups and variants in 2023, urging proactive measures such as prompt patching and stronger monitoring practices to mitigate the anticipated … Read more
January 18, 2024 at 01:50PM Kansas State University is managing a cybersecurity incident disrupting VPN, K-State Today emails, and Canvas and Mediasite videos. Its prompt response includes engaging third-party IT forensic experts, providing guidance to maintain educational continuity, and ongoing updates. Email services will resume with limitations on January 18. No data breach has been … Read more
January 18, 2024 at 12:04PM The cyber-insurance market is expected to see rising claim volumes due to increasing threat activities, potentially leading to higher premiums in the next 12 to 24 months. Despite recent declines in average prices, industry experts anticipate a shift towards increased costs as the threat landscape evolves. While costs temporarily eased … Read more
January 18, 2024 at 11:03AM Infostealer malware poses a significant risk to corporate information security by stealing credentials, cookies, and other data, leading to data breaches and ransomware distribution. Leaked credentials from breaches and infostealers are a substantial threat, prompting organizations to monitor and defend against them. Flare offers a solution to detect and mitigate … Read more