February 22, 2024 at 06:47PM The LockBit ransomware group faced issues and was shut down by an international law enforcement effort led by the UK’s National Crime Agency due to dissent among members and affiliates. The takedown disrupted its infrastructure and led to several arrests. The group’s viability and reputation have been severely affected, and … Read more
February 21, 2024 at 04:27AM Cybersecurity researchers discovered two malicious Python packages on PyPI repository, NP6HelperHttptest and NP6HelperHttper, using DLL side-loading to evade detection by security software. These fake packages aimed to deceive developers into downloading rogue counterparts of legitimate ones. The malicious code included a remote access trojan and was part of a wider … Read more
February 21, 2024 at 04:18AM Trend Micro and other private entities worked with INTERPOL on Operation Synergia, successfully taking down over 1,000 C&C servers and identifying suspects related to phishing, banking malware, and ransomware. Trend provided threat intelligence, aiding in the identification of malicious activities and culprits, ultimately contributing to the apprehension of 70 suspects. … Read more
February 21, 2024 at 03:23AM Identity-related threats, such as stolen credentials, pose a growing risk to network security. IBM X-Force and CrowdStrike report a significant increase in cyber attacks using legitimate credentials, with compromise of cloud account credentials being predominant. Meanwhile, phishing attacks remained a leading initial access vector. Adversaries target identities as the easiest … Read more
February 20, 2024 at 03:17PM Ransomware attacks in 2023 saw a 20% increase in median initial ransom demands, reaching $600,000. Sectors such as legal, government, retail, and energy are seeing median demands of $1 million or more. LockBit, BlackCat/ALPHV, and Cl0p were the primary groups carrying out attacks, with LockBit dominating the market. Key takeaways … Read more
February 19, 2024 at 07:27AM Network Detection and Response (NDR) has become the most effective technology for detecting cyber threats, offering adaptive cybersecurity with reduced false alerts and efficient threat response. NDR uses risk-based alerting to prioritize alerts based on potential risk, enabling more efficient resource allocation, prompt response to high-risk alerts, and better decision-making. … Read more
February 17, 2024 at 03:07AM Winter Vivern, a Russia-aligned threat group, exploited cross-site scripting vulnerabilities in Roundcube webmail servers across Europe, primarily targeting government, military, and national infrastructure in Georgia, Poland, and Ukraine. Using social engineering techniques and a zero-day exploit, they gained unauthorized access to mail servers, potentially for cyber-espionage serving the interests of … Read more
February 16, 2024 at 06:45AM NTT Security is addressing cybersecurity challenges for small to medium businesses (SMBs) by democratizing security operations through its Global Threat Intelligence Center (GTIC), which provides advanced threat research and security intelligence, and by developing the Samurai XDR product, a cloud-hosted application that offers affordable security solutions for SMBs. The product … Read more
February 15, 2024 at 11:05AM OpenAI removed state-sponsored threat groups’ accounts from Iran, North Korea, China, and Russia, misusing its ChatGPT chatbot for malicious purposes. Microsoft provided key information, and the threat groups exploited ChatGPT for a variety of activities including research, social engineering, and intelligence gathering. OpenAI and Microsoft aim to monitor and disrupt … Read more
February 15, 2024 at 12:21AM Microsoft has confirmed active exploitation of a critical security flaw in Exchange Server, allowing attackers to gain privileges and execute operations. It has released patches to address this and other vulnerabilities in its Patch Tuesday updates. Threat actors, including APT28, have a history of exploiting such flaws for NTLM relay … Read more