November 10, 2023 at 03:06AM China’s largest bank, ICBC, experienced a ransomware attack that disrupted its financial services systems. The incident has impacted US Treasury markets and prevented the settling of trades on behalf of other market players. The attack exploited an unpatched Citrix Netscaler box. The ransomware gang LockBit is suspected to be behind … Read more
November 9, 2023 at 12:16PM Lace Tempest, the threat actor behind the Cl0p ransomware, has exploited a zero-day flaw in SysAid IT support software. The flaw, tracked as CVE-2023-47246, allows code execution and has been patched by SysAid. Lace Tempest uses the vulnerability to deliver the Gracewire malware, engage in data theft, and deploy ransomware. … Read more
November 9, 2023 at 07:40AM Cybercriminals associated with the Cl0p ransomware gang, known as Lace Tempest, have exploited a zero-day vulnerability in on-prem versions of IT service and help desk software SysAid. Microsoft’s Threat Intelligence discovered the exploits and reported them to SysAid, who promptly released patches. The attackers used a new path traversal vulnerability … Read more
November 9, 2023 at 07:36AM Japanese electronics manufacturer Japan Aviation Electronics Industry has been recovering from a cyberattack caused by the Alphv/BlackCat ransomware group. The incident occurred on November 2, with unauthorized access to some of the company’s servers. Though there have been delays in email communication, no data leakage has been confirmed. The ransomware … Read more
November 9, 2023 at 05:30AM SysAid IT service management software has been targeted by a zero-day vulnerability used by a ransomware operation. Microsoft’s threat intelligence team discovered the exploitation and alerted SysAid, who released a patch on November 8. The vulnerability enables arbitrary code execution and was used by the group Lace Tempest, also linked … Read more
November 8, 2023 at 04:44PM Farnetwork, a prolific cybercriminal, was exposed after engaging with researchers posing as potential associates. Farnetwork was responsible for multiple strains of ransomware, including Nefilim, Karma, Nemty, and JSWORM. The cybercriminal had affiliations with the now-defunct Nokoyawa ransomware group and was actively recruiting for their operations. Despite retirement claims, experts predict … Read more
November 8, 2023 at 06:39AM Approximately 665,000 customers of the Marina Bay Sands luxury resort in Singapore have been affected by a recent data breach. The breach specifically impacts members of the shopping loyalty program, with no indication that the casino rewards program was affected. While passwords and financial information were not compromised, the exposed … Read more
November 8, 2023 at 04:37AM The Nokoyawa ransomware-as-a-service (RaaS) operator, ‘farnetwork’, was involved in malware development and operation management for various affiliate programs. A cybersecurity company, Group-IB, reported their activities and revealed their connections to ransomware operations since 2019. Despite retiring the Nokoyawa RaaS program, it is believed that farnetwork will rebrand and continue their … Read more
November 8, 2023 at 03:21AM Cybersecurity researchers have identified a threat actor known as farnetwork, who has been involved in multiple ransomware-as-a-service (RaaS) programs, including JSWORM, Nefilim, Karma, and Nemty. They have recently launched their own RaaS program using the Nokoyawa ransomware. The threat actor is adept at using stolen corporate account credentials to carry … Read more
November 7, 2023 at 04:29PM Singapore’s Marina Bay Sands hotel and casino has suffered a data breach affecting 665,000 members of its non-casino loyalty program. Personal data including names, email addresses, and phone numbers were exposed. The company has apologized and reported the incident to relevant authorities. Cyberattacks against luxury hospitality organizations are becoming more … Read more