Found 29 bookmarks
Custom sorting
Ransomware roundup: 2024 end-of-year report - Comparitech
Ransomware roundup: 2024 end-of-year report - Comparitech
In 2024, ransomware groups claimed responsibility for 5,461 successful ransomware attacks on organizations worldwide. 1,204 of these attacks were confirmed by the targeted organizations. The rest were claimed by ransomware groups on their data leak sites, but have not been acknowledged by the targets.
#comparitech#EN#2025#2024#report#ransomware#confirmed#statistcs
·comparitech.com·
Ransomware roundup: 2024 end-of-year report - Comparitech
Cisco Event Response: Reports of Security Incident
Cisco Event Response: Reports of Security Incident
Version 1.1: October 18, 2024 Based on our investigations, we are confident that there has been no breach of our systems. We have determined that the data in question is on a public-facing DevHub environment—a Cisco resource center that enables us to support our community by making available software code, scripts, etc. for customers to use as needed. At this stage in our investigation, we have determined that a small number of files that were not authorized for public download may have been published. As of now, we have not observed any confidential information such as sensitive PII or financial data to be included but continue to investigate to confirm. Out of an abundance of caution, we have disabled public access to the site while we continue the investigation. * Meanwhile, Cisco will engage directly with customers if we determine they have been impacted by this event.
#cisco.com#EN#2024#DevHub#incident#public-facing#report
·sec.cloudapps.cisco.com·
Cisco Event Response: Reports of Security Incident
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.
#talosintelligence#EN#2024#vulnerability#report#OpenPLC#CVE-2024-34026
·talosintelligence.com·
OpenPLC OpenPLC_v3 OpenPLC Runtime EtherNet/IP parser stack-based buffer overflow vulnerability
Cybercriminals operating ransomware as a service from overseas continue to be responsible for most high-profile cybercrime attacks against the UK
Cybercriminals operating ransomware as a service from overseas continue to be responsible for most high-profile cybercrime attacks against the UK
The deployment of ransomware remains the greatest serious and organised cybercrime threat, the largest cybersecurity threat, and also poses a risk to the UK’s national security. Ransomware attacks can have a significant impact on victims due to financial, data, and service losses, which can lead to business closure, inaccessible public services, and compromised customer data. Threat actors are typically based in overseas jurisdictions where limited cooperation makes it challenging for UK law enforcement to disrupt their activities.
#nationalcrimeagency.gov.uk#EN#2024#ransomware#report#assassment#cybercrime#UK
·nationalcrimeagency.gov.uk·
Cybercriminals operating ransomware as a service from overseas continue to be responsible for most high-profile cybercrime attacks against the UK
Risk assessment report on cyber resilience on EU’s telecommunications and electricity sectors
Risk assessment report on cyber resilience on EU’s telecommunications and electricity sectors
EU Member States, with the support of the European Commission and ENISA, the EU Agency for Cybersecurity, published the first report on the cybersecurity and resilience of Europe’s telecommunications and electricity sectors.
#digital-strategy.ec.europa.eu#2024#EU#ENISA#cybersecurity#resilience#report#electricity#telecommunications
·digital-strategy.ec.europa.eu·
Risk assessment report on cyber resilience on EU’s telecommunications and electricity sectors
'Fortune 50' Company Made Record-Breaking $75M Ransomware Payment
'Fortune 50' Company Made Record-Breaking $75M Ransomware Payment
A major company made a staggering $75 million ransomware payment to hackers earlier this year, according to cybersecurity vendor Zscaler. Zscaler made the claim in a Tuesday report examining the latest trends in ransomware attacks, which continue to ensnare companies, hospitals, and schools across the country.
#pcmag#EN#2024#Zscaler#report#Fortune50#record#ransomware#payment#DarkAngels
·pcmag.com·
'Fortune 50' Company Made Record-Breaking $75M Ransomware Payment
Mid-year Doppelgänger information operations in Europe and the US
Mid-year Doppelgänger information operations in Europe and the US
This report delves into Doppelgänger information operations conducted by Russian actors, focusing on their activities from early June to late-July 2024. Our investigation was motivated by the unexpected snap general election in France, prompting a closer look at Doppelgänger activities during this period. While recent activities have been described since1,2, our first dive into the information operations topic offers a complementary threat-intelligence analysts’ perspective on the matter, brings additional knowledge on associated infrastructure, tactics and motivation in Europe and the United States.
#HarfangLab#EN#2024#Russia#Doppelgänger#disinformation#report
·harfanglab.io·
Mid-year Doppelgänger information operations in Europe and the US
NVD Analysis Report
NVD Analysis Report
The following estimates are calculated using data from the NVD Dashboard. At the time of this reports generation, NVD's 2024 daily average for analyzing new CVEs is 30.27. There is a current backlog of 16777 CVEs awaiting analysis. With an average influx of 111.07 new CVEs per day, a daily average of 217.93 analyses is required to clear this backlog and process new CVEs. Currently, NVD is falling short of this goal by 187.66 CVEs a day. Given this data, if the current daily rate of CVE analysis persists, the projected number of CVEs awaiting analysis by the end of 2024 will be 29462.6.
#fortressinfosec#EN#2024#stats#CVEs#report#estimate#trends#averages
·fortressinfosec.com·
NVD Analysis Report
APT trends report Q1 2024
APT trends report Q1 2024
For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
#securelist#Kaspersky#EN#2024#report#APT#Gelsemium#Careto
·securelist.com·
APT trends report Q1 2024
From IcedID to Dagon Locker Ransomware in 29 Days
From IcedID to Dagon Locker Ransomware in 29 Days
  • In late August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID. IcedID dropped and executed a Cobalt Strike beacon, which was then used through-out the intrusion. The threat actor leveraged a bespoke PowerShell tool known as AWScollector to facilitate a range of malicious activities including discovery, lateral movement, data exfiltration, and ransomware deployment. Group Policy was used to distribute Cobalt Strike beacons at login to a specific privileged user group. The threat actor utilized a suite of tools to support their activities, deploying Rclone, Netscan, Nbtscan, AnyDesk, Seatbelt, Sharefinder, and AdFind. * This case had a TTR (time to ransomware) of 29 days.
#thedfirreport#EN#2024#PrometheusTDS#TTR#IcedID#report
·thedfirreport.com·
From IcedID to Dagon Locker Ransomware in 29 Days
The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider | Trend Micro (US)
The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider | Trend Micro (US)
On Thursday, April 18, 2024, the UK’s Metropolitan Police Service, along with fellow UK and international law enforcement, as well as several trusted private industry partners, conducted an operation that succeeded in taking down the Phishing-as-a-Service (PhaaS) provider LabHost. This move was also timed to coincide with a number of key arrests related to this operation. In this entry, we will briefly explain what LabHost was, how it affected its victims, and the impact of this law enforcement operation — including the assistance provided by Trend Micro.
#trendmicro#EN#2024#cybercrime#report#LabHost#takedown#PhaaS#Phishing-as-a-Service
·trendmicro.com·
The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider | Trend Micro (US)
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US)
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US)
Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.
#trendmicro#EN#2024#targeted-attacks#research#report#Earth-Krahang#i-soon
·trendmicro.com·
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US)
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability CVE-2024-21412 in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.
#trendmicro#EN#2024#CVE-2024-21412#Water-Hydra#exploits-&-vulnerabilities#research#report#apt-&-targeted-attacks
·trendmicro.com·
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
KV-Botnet: Don’t call it a Comeback - Lumen
KV-Botnet: Don’t call it a Comeback - Lumen
Executive Summary On December 13, 2023, Lumen’s Black Lotus Labs reported our findings on the KV-botnet, a covert data transfer network used by state-sponsored actors based in China to conduct espionage and intelligence activities targeting U.S. critical infrastructure. Around the time of the first publication, we identified a spike in activity that we assess aligns
#lumen#EN#2024#KV-Botnet#China#espionnage#report
·blog.lumen.com·
KV-Botnet: Don’t call it a Comeback - Lumen
Ransomware Hit $1 Billion in 2023
Ransomware Hit $1 Billion in 2023
In 2023, ransomware actors intensified their operations, targeting high-profile institutions and critical infrastructure, including hospitals, schools, and government agencies. Major ransomware supply chain attacks were carried out exploiting the ubiquitous file transfer software MOVEit, impacting companies ranging from the BBC to British Airways. As a result of these attacks and others, ransomware gangs reached an unprecedented milestone, surpassing $1 billion in extorted cryptocurrency payments from victims. Last year’s developments highlight the evolving nature of this cyber threat and its increasing impact on global institutions and security at large.
#chainalysis#En#2024#Ransomware#Statistics#2023#report
·chainalysis.com·
Ransomware Hit $1 Billion in 2023
Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()
Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()
The Qualys Threat Research Unit (TRU) has recently unearthed four significant vulnerabilities in the GNU C Library, a cornerstone for countless applications in the Linux environment. Before diving into the specific details of the vulnerabilities discovered by the Qualys Threat Research Unit in the GNU C Library, it’s crucial to understand these findings’ broader impact and importance. The GNU C Library, or glibc, is an essential component of virtually every Linux-based system, serving as the core interface between applications and the Linux kernel. The recent discovery of these vulnerabilities is not just a technical concern but a matter of widespread security implications.
#qualys#EN#2024#report#research#GNU#C#Library#syslog#CVE-2023-6246#CVE-2023-6779#CVE-2023-6780
·blog.qualys.com·
Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()