What it"s really like to negotiate with ransomware attackers
The most critical moment in a ransomware negotiation usually comes long before the victim and the hackers discuss a price......»»
US Authorities Issue RansomHub Ransomware Alert
RansomHub spun out of the now defunct ALPHV......»»
New ransomware group is hitting VMware ESXi systems hard
Researchers spot a new ransomware actor called Cicada3301, but it's not linked to the game of the same name......»»
City of Columbus sues man after he discloses severity of ransomware attack
Mayor said data was unusable to criminals; researcher proved otherwise. Enlarge (credit: Getty Images) A judge in Ohio has issued a temporary restraining order against a security researcher who presented evidence that a.....»»
How RansomHub went from zero to 210 victims in six months
RansomHub, a ransomware-as-a-service (RaaS) outfit that “popped up” earlier this year, has already amassed at least 210 victims (that we know of). Its affiliates have hit government services, IT and communication companies, healthcare ins.....»»
A macro look at the most pressing cybersecurity risks
Forescout’s 2024H1 Threat Review is a new report that reviews the current state of vulnerabilities, threat actors, and ransomware attacks in the first half of 2024 and compares them to H1 2023. “Attackers are looking for any weak point to bre.....»»
Why ransomware attackers target Active Directory
Ransomware attacks have surged 78% year-over-year, affecting various sectors and organizations and significantly impacting supply chains. In this Help, Net Security video, Craig Birch, Technology Evangelist, and Principal Security Engineer at Cayosof.....»»
Unpatchable 0-day in surveillance cam is being exploited to install Mirai
Vulnerability is easy to exploit and allows attackers to remotely execute commands. Enlarge (credit: Getty Images) Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mira.....»»
Pioneer Kitten: Iranian hackers partnering with ransomware affiliates
A group of Iranian hackers – dubbed Pioneer Kitten by cybersecurity researchers – is straddling the line between state-contracted cyber espionage group and initial access provider (and partner in crime) for affiliates of several ransomwar.....»»
Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)
Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB,.....»»
BlackByte affiliates use new encryptor and new TTPs
BlackByte, the ransomware-as-a-service gang believed to be one of Conti’s splinter groups, has (once again) created a new iteration of its encryptor. “Talos observed some differences in the recent BlackByte attacks. Most notably, encrypte.....»»
Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)
Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentia.....»»
Lateral movement: Clearest sign of unfolding ransomware attack
44% of unfolding ransomware attacks were spotted during lateral movement, according to Barracuda Networks. 25% of incidents were detected when the attackers started writing or editing files, and 14% were unmasked by behavior that didn’t fit with kn.....»»
SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)
SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash the appliances. About CVE-2024-40766 CVE-2024-40766 is.....»»
Rebrand, regroup, ransomware, repeat
Changes witnessed over the last few years have led to larger ransomware groups breaking into smaller units, posing more considerable challenges for law enforcement. Ransomware actors are evading arrest more easily and adapting methods with innovative.....»»
Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PostgreSQL databases under attack Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers......»»
The changing dynamics of ransomware as law enforcement strikes
After peaking in late 2023, the ransomware industry is beginning to stabilize in productivity, with notable developments in ransomware targets, and industry dynamics, according to WithSecure. Sectors impacted by ransomware (Source: WithSecure) While.....»»
QNAP releases QTS 5.2 to prevent data loss from ransomware threats
QNAP has released the QTS 5.2 NAS operating system. A standout feature of this release is the debut of Security Center, which actively monitors file activities and thwarts ransomware threats. Additionally, system security receives a boost with the in.....»»
Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty pro.....»»
New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)
A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity vulnerability caused by a type confusion weakness in V8, the open-source JavaScript.....»»
Most ransomware attacks occur between 1 a.m. and 5 a.m.
There’s been an alarming increase in ransomware attacks over the past year, alongside significant shifts in the tactics and strategies employed by cybercriminals that underscore the necessity for organizations to implement around-the-clock moni.....»»