December 19, 2023 at 06:03AM CISA, FBI, and ACSC have issued an advisory on Play ransomware, detailing its tactics, targets, and impact. The ransomware gang uses double-extortion tactics, exploits various vulnerabilities for access, and encrypts victim data. The advisory includes indicators of compromise, mitigation steps, and recommends testing security controls against the threat behaviors outlined … Read more
December 15, 2023 at 04:21PM Summary: Over the past two weeks, there have been notable developments in the ransomware landscape. The BlackCat/ALPHV drama continues, with affiliates reaching out to victims directly. The LockBit operation is exploiting this situation for recruitment. Various ransomware attacks and law enforcement actions have also been reported. Lastly, new ransomware variants … Read more
December 11, 2023 at 07:48AM Recent cyber attacks by Iranian hackers on US water authorities and ransomware attacks on the health care industry should prompt utilities and industries to enhance cybersecurity. Deputy national security adviser Anne Neuberger emphasized the need for stricter digital security, particularly against persistent threats from hostile countries and criminal groups. The … Read more
November 30, 2023 at 09:42AM Arctic Wolf has linked three critical vulnerabilities in Qlik’s analytics products to ransomware attacks, notably Cactus ransomware. The vulnerabilities, reported by Praetorian and patched by Qlik, allow remote code execution and admin access, with over 17,000 internet-exposed instances. The same threat actor seems responsible for multiple intrusions. Meeting Takeaways: 1. … Read more
November 21, 2023 at 10:56AM A sophisticated phishing campaign using DarkGate and PikaBot malware is posing a significant threat to organizations. The campaign began after the takedown of the Qakbot operation and is considered one of the most advanced since then. The attackers employ tactics similar to the previous Qakbot campaigns, indicating a shift to … Read more
November 21, 2023 at 10:56AM VirusTotal, a cybersecurity intelligence website, has integrated IP address and URL scans from Criminal IP, a Cyber Threat Intelligence search engine. VirusTotal aggregates data from antivirus engines, website scanners, and user contributions to enhance internet safety. Criminal IP specializes in aggregating threat data related to IP and domain addresses and … Read more
November 20, 2023 at 03:46PM A new variant of the Phobos ransomware has emerged, attempting to frame the VX-Underground malware-sharing collective. This variant appends the email address staff@vx-underground.org and the extension ‘VXUG’ to encrypted files, while ransom notes make reference to the group. Threat actors sometimes taunt security researchers and organizations in their malware and … Read more
November 18, 2023 at 07:00AM Cisco Talos has discovered that the 8Base ransomware group is using a variant of the Phobos ransomware in its attacks. The malware is distributed through the SmokeLoader backdoor trojan, and the group has been active at least since March 2022. The findings also reveal the methods and characteristics of the … Read more
November 17, 2023 at 01:35PM ALPHV/BlackCat ransomware gang has changed their tactics by filing a complaint with the SEC against their victim, MeridianLink, for not disclosing a breach within the required timeframe. This is an attempt to pressure MeridianLink to pay the ransom sooner. Businesses should consider having an incident response plan, deciding on paying … Read more
November 17, 2023 at 10:13AM US CEOs believe a recession is imminent, leading to cost-cutting measures. Despite this, security budgets are being prioritized due to the increase in cyberattacks and evolving regulatory requirements. Ransomware attacks are on the rise, costing companies millions. Organizations plan to increase security investments and comply with regulatory changes. To maintain … Read more