Ransomware crew may have exploited Windows make-me-admin bug as a zero-day

June 12, 2024 at 06:16PM Symantec’s threat hunters suspect Black Basta ransomware gang exploited a Windows privilege escalation bug, CVE-2024-26169, before Microsoft’s patch. Symantec’s analysis suggests the ransomware could have been compiled pre-patch, allowing “at least one group” to exploit the vulnerability as a zero-day. The ransomware gang, tracked as Storm-1811, used social engineering attacks … Read more

TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers

June 11, 2024 at 10:28AM TellYouThePass ransomware gang has swiftly exploited the critical CVE-2024-4577 vulnerability in PHP, despite a recent patch. Using publicly available exploit code, they deploy webshells and execute an encryptor payload. By injecting a ransomware variant into memory, they demand 0.1 BTC for decryption. Over 450,000 exposed PHP servers could be vulnerable. … Read more

Los Angeles Unified School District investigates data theft claims

June 6, 2024 at 06:46PM LAUSD officials are investigating a threat actor’s claim of selling stolen databases holding records of millions of students and thousands of teachers. The alleged data for sale includes over 26 million student records, 24,000 teacher records, and 500 staff records. This follows a previous ransomware attack on LAUSD by the … Read more

New Fog ransomware targets US education sector via breached VPNs

June 6, 2024 at 02:34PM In May 2024, the ransomware ‘Fog’ targeted U.S. educational organizations using compromised VPN credentials. Notably, it employs double-extortion tactics by stealing data. With access to internal networks, attackers conduct various malicious activities and deploy the ransomware, appending encrypted files with specific extensions. Victims are directed to a Tor dark website … Read more

Mallox Ransomware Variant Targets Privileged VMWare ESXi Environments

June 6, 2024 at 01:59PM The Mallox ransomware group has introduced a new Linux variant that targets VMware ESXi environments. This variant uses a custom shell to execute ransomware on virtualized systems with high-level user privileges. The group has targeted various sectors and is now active in Taiwan, India, Thailand, and South Korea. Organizations are … Read more

New Gitloker attacks wipe GitHub repos in extortion scheme

June 6, 2024 at 01:57PM Hackers are targeting GitHub repositories, wiping content, and directing victims to Telegram. This follows an ongoing campaign spotted by security researcher Germ├ín Fern├índez. The threat actor, Gitloker, claims to back up and secure data but demands victims reach out on Telegram. GitHub advises users to strengthen security measures and monitor … Read more

A Russian Cyber Gang Is Thought to Be Behind a Ransomware Attack That Hit London Hospitals

June 6, 2024 at 09:40AM A Russian cyber gang, possibly Qilin, launched a ransomware attack on London hospitals, disabling operations and causing cancellations. The affected hospitals included those managed by the National Health Service, with serious disruptions to healthcare services. The incident was reported to police as ransomware attacks continue to affect various sectors, difficult … Read more

Ransomware Attack Disrupts Operations Across London Hospitals

June 5, 2024 at 11:55AM A ransomware attack on UK healthcare provider Synnovis has disrupted services at several London hospitals, impacting patient care. The incident has raised concerns about cybersecurity in healthcare and the potential life-threatening consequences of such attacks. The need for proactive measures, including improved security and crisis response planning, is highlighted to … Read more

Ransomware Gang Leaks Data From Australian Mining Company

June 5, 2024 at 05:06AM Northern Minerals, an Australian rare-earth metals producer, fell victim to a data breach by the BianLian ransomware gang. Exfiltrated data, including operational, financial, and personal information, was released on the dark web. Despite the breach, the company’s operations and systems were not materially impacted. The incident coincided with political developments, … Read more

‘Fog’ Ransomware Rolls in to Target Education, Recreation Sectors

June 4, 2024 at 04:05PM A new ransomware group, “Fog,” has been conducting traditional attacks by locking up data in virtual environments for quick payouts. They utilize stolen VPN credentials, exploit vulnerabilities in VPN gateways, and employ tactics like credential stuffing and disabling Windows Defender. Fog targets US organizations, especially in the education sector, due … Read more