Ransomware royale: US confirms Royal, BlackSuit are linked

November 14, 2023 at 09:53AM The FBI and CISA have released guidance on the Royal ransomware operation, suggesting that it may undergo a rebrand. The agencies have observed code overlaps and similarities in intrusion techniques between Royal and BlackSuit ransomware, indicating a potential rebrand or spinoff variant. The advisory provides information on the IOCs and … Read more

CISA Sets a Deadline – Patch Juniper Junos OS Flaws Before November 17

November 14, 2023 at 01:33AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has set a November 17 deadline for federal agencies and organizations to address security flaws in Juniper Junos OS. CISA added five vulnerabilities to the Known Exploited Vulnerabilities catalog, with potential for remote code execution. CISA also warned about the Royal ransomware … Read more

Australian Ports Resume Operation After Crippling Cyber Disruption

November 13, 2023 at 04:35PM Four major ports in Australia, operated by DP World, experienced a cyber attack that caused disruptions over the weekend. The company is responsible for 40% of freight in and out of the country. The exact nature of the attack is still unknown, but some experts speculate it may involve ransomware. … Read more

FBI: Royal ransomware asked 350 victims to pay $275 million

November 13, 2023 at 03:43PM The Royal ransomware gang has breached over 350 organizations worldwide since September 2022, demanding over $275 million in ransom. They conduct data exfiltration and extortion before encryption and will leak victim data if the ransom is not paid. The gang may be planning a rebranding initiative and a spinoff variant … Read more

Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party

November 13, 2023 at 11:09AM Industrial cybersecurity company Dragos has found no evidence of a data breach after ransomware group BlackCat and Alphv claimed to have hacked their systems through a third party. Dragos stated that while they take such claims seriously, their investigation has not produced any evidence of a compromise. This is not … Read more

Ransomware Group RansomedVC Closes Shop

November 13, 2023 at 10:03AM The RansomedVC group, operating under a ransomware-as-a-service (RaaS) model, has announced its shutdown and plans to sell its infrastructure. The group targeted organizations in Europe and was responsible for attacks on Sony and the District of Columbia Board of Elections. The shutdown is unlikely to have a significant impact on … Read more

New Ransomware Group Emerges with Hive’s Source Code and Infrastructure

November 13, 2023 at 07:48AM Hunters International, a new ransomware group, has acquired the source code and infrastructure from the now-dismantled Hive operation to jumpstart its own efforts. Despite similarities, Hunters International claims to have purchased the Hive source code and website. The group focuses on data exfiltration rather than encryption, targeting victims for data … Read more

Royal Mail cyber security still a mess, say infosec researchers

November 13, 2023 at 01:32AM The UK’s Royal Mail has been found to have an open redirect flaw on one of its websites, which potentially exposes customers to malware infections and phishing attacks. The vulnerability allows attackers to use the legitimate website to redirect users to malicious sites. The Royal Mail has been notified of … Read more

LockBit ransomware leaks gigabytes of Boeing data

November 12, 2023 at 06:56PM LockBit ransomware has leaked more than 43GB of files stolen from Boeing after the aerospace company refused to pay the ransom. The leaked data includes backups for various systems, with the most recent files dated October 22. LockBit had warned Boeing about the leak and threatened to publish a sample … Read more

Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518

November 10, 2023 at 05:23AM Cerber ransomware has been exploiting the Atlassian Confluence vulnerability CVE-2023-22518. The vulnerability allows unauthorized users to reset and create a Confluence instance administrator account, granting them full admin privileges. Cerber previously targeted Atlassian in 2021. The ransomware uses an encoded PowerShell command to download and execute a remote payload, encrypting … Read more