Ransomware gangs now abuse Microsoft Azure tool for data theft

September 17, 2024 at 12:16PM Ransomware gangs like BianLian and Rhysida are increasingly utilizing Microsoft’s Azure Storage Explorer and AzCopy to steal data from breached networks and store it in Azure Blob storage. Despite extra work required to get Azure Storage Explorer operational, the focus on data theft is indicative of the increasing leverage for … Read more

Ransomware gang deploys new malware to kill security software

August 15, 2024 at 02:03PM RansomHub ransomware operators have deployed a new malware, EDRKillShifter, to disable EDR security software in BYOVD attacks. Discovered by Sophos researchers, the malware exploits vulnerable drivers to escalate privileges and disable security solutions. Sophos recommends enabling tamper protection and maintaining a separation between user and admin privileges to mitigate such … Read more

New AMD SinkClose flaw helps install nearly undetectable malware

August 9, 2024 at 01:02PM AMD has issued a warning about a high-severity CPU vulnerability, SinkClose, affecting multiple generations of EPYC, Ryzen, and Threadripper processors. This flaw allows attackers to gain Ring -2 privileges, enabling malware installation undetectable by typical security tools. The attack has gone undetected for almost 20 years and poses significant threats, … Read more

Monitoring Changes in KEV List Can Guide Security Teams

August 7, 2024 at 06:05PM The Known Exploited Vulnerabilities (KEV) catalog, containing over 1,140 known exploited vulnerabilities, may not effectively convey changes to the severity of issues. CISA’s lack of notification on updates potentially hinders security teams’ ability to prioritize remediation. Additionally, changes in ransomware status and shorter remediation deadlines indicate evolving policies and critical … Read more

Cryptonator seized for laundering ransom payments, stolen crypto

August 2, 2024 at 01:32PM U.S. and German law enforcement seized the domain of Cryptonator, a crypto wallet platform used for illicit activities, and indicted its operator, Roman Boss, on charges of money laundering and running an unlicensed money service business. Cryptonator failed to implement anti-money laundering controls, enabling illicit transactions totaling over $235 million. … Read more

Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks

July 29, 2024 at 01:12PM Microsoft alerted of ransomware gangs exploiting VMware ESXi authentication bypass vulnerability, allowing attackers to gain full admin privileges. This flaw, CVE-2024-37085, was discovered by Microsoft researchers and patched in ESXi 8.0 U3 last month. The vulnerability has been exploited in ransomware attacks by various groups, leading to data theft and … Read more

Ukraine busts SIM farms targeting soldiers with spyware

June 14, 2024 at 09:28AM The Security Service of Ukraine dismantled infrastructure enabling pro-Russia residents to deploy spyware on soldiers’ devices and operate bot farms. A woman in Zhytomyr supported mobile numbers used for attacks, while a man in Dnipro ran a larger operation selling access to social media accounts to Russian intelligence. Investigations are … Read more

The Week in Ransomware – April 5th 2024 – Virtual Machines under Attack

April 5, 2024 at 06:04PM Numerous enterprises have fallen victim to ransomware attacks on virtual machine platforms, causing widespread disruption and loss of services. Attackers targeted companies like Panera, Omni Hotels, and IxMetro Powerhost, encrypting their virtual machines and demanding ransom. The attacks highlight the vulnerability of virtual machine platforms and the importance of robust … Read more

New kids on the ransomware block in 2023: Akira and 8Base lead dozens of newbies

February 6, 2024 at 05:22AM In 2023, over 25 new ransomware gangs emerged, with Akira and 8Base emerging as the most successful. Despite increased law enforcement attention and high competition, these gangs thrived, while many others failed to survive. The full list of new gangs in 2023 and their status was provided. Akira and 8Base … Read more

CISA Director Jen Easterly Targeted in Swatting Incident

January 23, 2024 at 01:19PM CISA Director Jen Easterly was the target of a swatting incident at her home. A false 911 call reported a shooting, prompting an armed police response. Easterly emphasized the serious risks and harm caused by such incidents. Swatting has also affected other public officials, leading to legislative efforts to prohibit … Read more