June 14, 2024 at 12:42PM CISA added a high-severity Windows vulnerability (CVE-2024-26169) to its list of actively exploited bugs. It allows attackers to gain SYSTEM permissions without user interaction. Microsoft patched it on March 12, 2024, but the Black Basta ransomware gang likely exploited it as a zero-day. FCEB agencies have three weeks to secure … Read more
June 12, 2024 at 11:50AM TellYouThePass, a ransomware group, is targeting businesses and individuals using open source Web development languages, exploiting a critical PHP vulnerability (CVE-2024-4577) for remote code execution. This allows them to execute arbitrary code on vulnerable servers, posing significant risks. They also use various attack techniques and exploit known vulnerabilities such as … Read more
June 12, 2024 at 06:04AM Last spring, BlackCat/AlphV’s ransomware implosion left affiliates without money and infrastructure. RansomHub recruited the Scattered Spider threat group with promising ads on the Dark Web, offering attractive ransom splits and payment terms to avoid exit scams. This has resulted in rapid growth for RansomHub, with a prediction for continued expansion. … Read more
June 12, 2024 at 05:06AM Cybersecurity firm Imperva reports the exploitation of a recent PHP vulnerability, CVE-2024-4577, in ransomware attacks just days after its public disclosure. The bug impacts Windows servers using Apache and PHP-CGI and was addressed with the release of PHP versions 8.1.29, 8.2.20, and 8.3.8. The TellYouThePass ransomware gang was observed exploiting … Read more
May 29, 2024 at 09:07AM A new cybercrime group named “Moonstone Sleet,” associated with North Korea and tracked by Microsoft, deceives targets with fake job offers to distribute malware and ransomware for financial gain. The group deployed trojanized software via LinkedIn, Telegram, and freelancing platforms, and has been linked to the deployment of a new … Read more
May 3, 2024 at 08:25AM Mimic, a new ransomware defense company, aims to detect, deflect, and recover from ransomware attacks. The software-as-a-service platform can restore an organization’s data within 24 hours without paying a ransom. Backed by industry experts and having secured $27 million in funding, Mimic’s platform works in tandem with existing security controls. … Read more
April 24, 2024 at 10:26AM Waterfall Security Solutions and ICS Strive’s “2024 Threat Report” notes a 19% increase in cyberattacks causing physical consequences, with 68 attacks recorded in 2023. Despite the increase, ransomware attacks with physical impact decreased slightly, while hacktivist attacks remained constant. The report’s cautious approach, focusing on public disclosures, likely underestimates the … Read more
April 19, 2024 at 07:42PM Ransomware attacks decreased after disruptions by LockBit and BlackCat, but have since increased with the emergence of RansomHub. Change HealthCare was extorted through RansomHub after already paying a ransom to BlackCat/ALPHV. Other targets included Omni Hotels, Nexperia, United Nations, and Octapharma Plasma. Additional ransomware variants were also identified this week. … Read more
April 19, 2024 at 08:04AM Akira ransomware has victimized over 250 organizations globally, collecting $42 million in ransom payments. Initially targeting Windows systems, it has expanded to infect VMware ESXi virtual machines. Through various tactics like targeting VPN services and known vulnerabilities in Cisco products, the operators gain access to victims’ environments. They then deploy … Read more
April 18, 2024 at 02:18PM The Akira ransomware has targeted 250+ organizations and amassed $42 million in ransom payments. It gained notoriety in March 2023, deploying a Linux encryptor for VMware ESXi virtual machines. Ransoms ranged from $200,000 to millions. The FBI, CISA, Europol, and NCSC-NL issued guidance to mitigate the attacks’ impact and risk. … Read more