Critical Atlassian Confluence bug exploited in Cerber ransomware attacks

November 6, 2023 at 12:40PM Attackers are exploiting a critical security flaw in Atlassian Confluence to encrypt files with Cerber ransomware. The flaw, tracked as CVE-2023-22518, received a severity rating of 9.1/10 and affects all versions of Confluence Data Center and Confluence Server software. Although there are currently no reports of active exploitation, Atlassian has … Read more

US slaps sanctions on accused fave go-to money launderer of Russia’s rich

November 6, 2023 at 11:20AM Ekaterina Zhdanova, a Russian woman, has been added to the US Treasury’s Specially Designated Nationals And Blocked Persons list for her alleged involvement in money laundering activities on behalf of oligarchs and ransomware criminals. She is accused of moving funds for the Ryuk ransomware operation and helping wealthy individuals hide … Read more

US Sanctions Russian National for Helping Ransomware Groups Launder Money

November 6, 2023 at 09:00AM The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has announced sanctions against Ekaterina Zhdanova, a Russian national involved in money laundering for ransomware affiliates and Russian elites. Zhdanova used various methods, including virtual currency exchange transfers, fraudulent accounts and purchases, and connections to international money launderers. … Read more

Attackers Target Max-Severity Apache ActiveMQ Bug to Drop Ransomware

November 2, 2023 at 05:17PM More than 3,000 Apache ActiveMQ Servers are at risk of a critical remote code execution vulnerability. An attacker has already started targeting the vulnerability to deploy ransomware. The flaw allows remote attackers to execute arbitrary commands on affected systems. Proof-of-concept exploit code and details of the vulnerability are publicly available, … Read more

Critical Apache ActiveMQ flaw under attack by ‘clumsy’ ransomware crims

November 2, 2023 at 01:20PM Ransomware criminals are exploiting a severe vulnerability in Apache ActiveMQ, allowing for remote code execution. The developers released fixes for the affected versions, but many services remain unpatched, with China having the highest number of vulnerable services. The attacks are attributed to the HelloKitty ransomware family, known for targeting smaller … Read more

HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability

November 2, 2023 at 05:30AM Researchers have identified a critical security flaw in the Apache ActiveMQ message broker service that could allow remote code execution. The flaw has been exploited to deploy HelloKitty ransomware on target systems. The vulnerability has a severity score of 10.0 and has been addressed in the latest ActiveMQ versions. Users … Read more

Ransomware crooks SIM swap medical research biz exec, threaten to leak stolen data

November 1, 2023 at 06:52PM A cybercriminal group called Alphv, also known as BlackCat, claims to have stolen data from Advarra, a firm that helps run medical trials. The group gained access to an executive’s account by SIM swapping their cellphone number. The attackers have threatened to leak the stolen data if a ransom is … Read more

Get your very own ransomware empire on the cheap, while stocks last

November 1, 2023 at 07:55AM The owner of the RansomedVC ransomware operation is attempting to sell the operation, offering a 20 percent discount to a verified and trusted buyer. The sale includes the ransomware builder, access to affiliate groups and social media channels, and 37 databases worth over $10 million. It is speculated that the … Read more

Boeing Breached by Ransomware, LockBit Gang Claims

October 30, 2023 at 03:00PM The ransomware group LockBit claims to have breached Boeing and threatens to release sensitive data if their ransom demands aren’t met by November 2. Boeing is evaluating the claim, and if true, it could lead to significant consequences, including an increased risk of phishing attacks. LockBit, known for their previous … Read more

New Hunters International ransomware possible rebrand of Hive

October 29, 2023 at 08:00PM Hunters International, a new ransomware-as-a-service brand, appears to be linked to the Hive ransomware operation. Analysis of the Hunters International malware reveals significant code similarities with the Hive ransomware. However, Hunters International denies the allegations, claiming they purchased the encryptor source code from Hive developers. The group emphasizes that their … Read more