January 16, 2024 at 10:09AM Ransomware poses a significant challenge for businesses, with debates on the best response. While a US-led coalition to reject ransom payments is symbolic, it ignores practical aspects and lacks a preemptive approach. For some companies, paying ransoms may be the most efficient way to minimize damage. However, the real solution … Read more
January 12, 2024 at 05:43PM The Cybersecurity and Infrastructure Security Agency (CISA) added a critical privilege escalation vulnerability, CVE-2023-29357, affecting Microsoft SharePoint servers to its list of Known Exploited Vulnerabilities (KEV). This vulnerability, rated 9.8 out of 10, allows attackers to bypass authentication and gain administrative access. Despite a June patch, active exploitation continues, as … Read more
January 12, 2024 at 02:49PM Security experts have warned about a ransomware group exploiting a critical Microsoft SharePoint vulnerability, CVE-2023-29357, which can lead to remote code execution. This vulnerability was added to the US’s must-patch list, giving agencies three weeks to patch it. The exploit chain has been a concern, and patching is crucial to … Read more
January 12, 2024 at 12:11AM Pikabot malware, associated with the Water Curupira intrusion set, was used in phishing campaigns through 2023. Similar to Qakbot, it consists of a loader and core module enabling unauthorized access. The campaigns targeted victims via spam emails with malicious attachments, evolving to include a PDF file delivery method. Organizations are … Read more
January 11, 2024 at 09:00AM The article highlights the growing threat of phishing-driven ransomware, with the rise of Generative Artificial Intelligence (GenAI) making it more difficult to detect and defend against phishing attacks. To counter this, companies are advised to upgrade to next-generation multi-factor authentication (MFA) solutions, such as Token Ring, to protect against sophisticated … Read more
January 11, 2024 at 09:00AM Cybersecurity researchers have found an enhanced version of the macOS information stealer, Atomic (AMOS), with updated capabilities, including payload encryption to bypass detection rules. Its cost has risen to $3,000/month with a festive promotion. Malvertising campaigns impersonating Slack and TradingView are used to distribute the malware. Caution is advised when … Read more
January 10, 2024 at 06:23PM Fidelity National Financial disclosed a cybersecurity incident that led to unauthorized access of 1.3 million customers’ data. The intrusion was attributed to ransomware group ALPHV/BlackCat. FNF’s forensic investigation revealed that certain data was exfiltrated, though it claimed no direct customer impact. The company is providing credit monitoring and identity services … Read more
January 10, 2024 at 12:07PM Ransomware victims facing extortion attempts from a third party posing as a security researcher. Arctic Wolf Labs highlighted cases involving victims of Royal and Akira gangs being extorted by an individual or group, requesting a fee of 5 Bitcoin. The victims, US-based SMBs in finance and construction, did not pay … Read more
January 10, 2024 at 06:34AM Cisco Talos released a decryptor for the Tortilla variant of Babuk ransomware, enabling victims to regain file access. The cybersecurity firm shared intelligence that led to the arrest of the threat actor. Avast also obtained the encryption key, updating its decryptor for all Tortilla victims. Meanwhile, Security Research Labs unveiled … Read more
January 9, 2024 at 01:57PM Financially motivated Turkish hackers are targeting Microsoft SQL servers worldwide, encrypting victims’ files using Mimic ransomware. Tracked as RE#TURGENCE, the attacks have hit targets in the EU, US, and Latin America. The hackers compromise insecure MSSQL servers using brute force attacks, then deploy ransomware payloads and execute other malicious activities. … Read more