Helldown ransomware exploits Zyxel VPN flaw to breach networks

November 19, 2024 at 12:03PM The ‘Helldown’ ransomware operation targets vulnerabilities in Zyxel firewalls, enabling data theft and device encryption. Newly documented, it has quickly amassed victims, primarily small to medium-sized firms. Recent findings indicate potential exploitation of a specific Zyxel vulnerability, with ongoing investigations into its tactics and payloads. **Meeting Takeaways: Helldown Ransomware Operation … Read more

Bumblebee malware returns after recent law enforcement disruption

October 21, 2024 at 11:49AM Bumblebee malware has resurfaced more than four months after being disrupted by Europol’s ‘Operation Endgame.’ This malware, created by TrickBot developers, infects systems through phishing and promotes fake software. Recent attacks involve malicious ZIP files leading to stealthy installations. Researchers warn of its potential resurgence in cyber threats. ### Meeting … Read more

Black Basta-Linked Attackers Target Users with SystemBC Malware

August 14, 2024 at 02:15PM An ongoing social engineering campaign linked to the Black Basta ransomware group involves multiple intrusion attempts aiming at credential theft and deploying the SystemBC malware dropper. Threat actors use tactics such as email bombing, phone calls, and fake solutions to persuade users to download legitimate remote access software for deploying … Read more

How Manufacturers Can Secure Themselves Against Cyber Threats

July 15, 2024 at 10:15AM Manufacturers face a pressing need to address cybersecurity, particularly as they are the primary target for ransomware threats. There’s a shortage of cybersecurity professionals, but manufacturers can enhance their defenses with adequate training and tools. Recognizing and responding to early warning signs of ransomware attacks is crucial, along with taking … Read more

Mandiant Highlights Russian and Chinese Cyber Threats to NATO on Eve of 75th Anniversary Summit

July 8, 2024 at 02:28PM Cyber threats against NATO are on the rise, with primary adversaries being Russian and Chinese nation state actors, financially motivated criminal activity, and ideologically driven hacktivists. APT29, COLDRIVER, and APT44 are Russian state actors involved in cyber espionage and hybrid warfare. Chinese espionage has focused on using zero-day vulnerabilities and … Read more

Resurgence of Ransomware: Mandiant Observes Sharp Rise in Criminal Extortion Tactics

June 5, 2024 at 08:00AM Mandiant’s new threat research revealed a resurgence in criminal extortion in 2023, with more ransomware investigations and a 75% increase in data leak site postings. The use of data exfiltration and breach-shaming in ransomware attacks is growing, with criminals exploring payment in Monero cryptocurrency. The report highlights evolving ransomware techniques … Read more

Perfecting the Proactive Security Playbook

June 4, 2024 at 10:05AM SUMMARY Successful sports coaching relies on a playbook, and the same applies to cybersecurity. A proactive security playbook should include an incident response plan, an effective measurement strategy, and assessments of team strengths and weaknesses. This proactive approach is critical for maintaining data confidentiality and combating evolving threats. Cyber-insurance engagement … Read more

In Other News: China Hacked Volkswagen, DDoS Service Shutdown, Rubrik IPO

April 26, 2024 at 08:25AM SecurityWeek’s cybersecurity news roundup provides concise coverage of significant stories. This week, notable developments include a Chinese government-linked hack of Volkswagen, German police shutting down a DDoS attack service, and the NSA’s updates to the Commercial National Security Algorithm Suite. Other stories cover critical findings in Microsoft products, cybersecurity executive … Read more

How Red Team Exercises Increases Your Cyber Health

April 11, 2024 at 04:41PM Red team exercises play a vital role in enhancing organizational security through simulated cyberattacks, including tactics like phishing and lateral movement within networks. Regular testing and improvement are needed to counter evolving threats effectively. Different types of exercises such as external red teaming, assumed breach, and purple teaming have distinct … Read more

Panera Bread week-long IT outage caused by ransomware attack

April 5, 2024 at 09:58AM Panera Bread’s recent week-long outage was caused by a ransomware attack, leading to encrypted virtual machines and preventing access to data and applications. Panera has not identified the responsible ransomware group and has not responded to inquiries about the incident. Employees expressed concerns about the company’s lack of transparency regarding … Read more