Found 1407 bookmarks
Custom sorting
 The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups
 The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups
The Trellix Advanced Research Center has recently observed an uptick of LockBit-related cyber activity surrounding vulnerabilities in ScreenConnect. This surge suggests that despite the Law Enforcement's (LE) "Operation Cronos" aimed at dismantling LockBit's infrastructure, the ransomware operators somehow managed to survive and stay a float. It appears that the cybercriminals group behind LockBit ransomware partially restored their infrastructure and created an impression that the LE actions did not affect their normal operation. Concurrently, alongside the resurgence of LockBit's exploitation of ScreenConnect vulnerabilities, we have seen other threat actors have either impersonated LockBit ransomware or incorporated LockBit into their own cyber attack campaigns.
#Trellix#EN#2024#LockBit-related#LockBit#campaigns#ransomware#LockBitSupp
·trellix.com·
 The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups
Advanced Cyber Threats Impact Even the Most Prepared
Advanced Cyber Threats Impact Even the Most Prepared
Foreign nation-state cyber adversaries are tenacious. Their attacks are evolving to get around the industry’s most sophisticated defenses. Last year was exploitation of routers, and this year’s theme has been compromise of edge protection devices. MITRE, a company that strives to maintain the highest cybersecurity possible, is not immune. Despite our commitment to safeguarding our digital assets, we’ve experienced a breach that underscores the nature of modern threats. In this blog post, we provide an initial account of the incident, outlining the tactics, techniques, and procedures (TTPs) employed by the adversaries, as well as some of our ongoing incident response efforts and recommendations for future steps to fortify your defenses.
#medium#EN#2024#MITRE#cyberincident#Ivanti#TTPs
·medium.com·
Advanced Cyber Threats Impact Even the Most Prepared
Kapeka: A novel backdoor spotted in Eastern Europe
Kapeka: A novel backdoor spotted in Eastern Europe
This report provides an in-depth technical analysis of the backdoor and its capabilities, and analyzes the connection between Kapeka and Sandworm group. The purpose of this report is to raise awareness amongst businesses, governments, and the broader security community. WithSecure has engaged governments and select customers with advanced copies of this report. In addition to the report, we are releasing several artifacts developed as a result of our research, including a registry-based & hardcoded configuration extractor, a script to decrypt and emulate the backdoor’s network communication, and as might be expected, a list of indicators of compromise, YARA rules, and MITRE ATT&CK mapping
#withsecure#EN#2024#Kapeka#analysis#Sandworm
·labs.withsecure.com·
Kapeka: A novel backdoor spotted in Eastern Europe
Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability
Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability
The recently disclosed Palo Alto Networks firewall vulnerability tracked as CVE-2024-3400, which has been exploited in attacks for at least one month, has been found to impact one of Siemens’ industrial products. In an advisory published late last week, Siemens revealed that its Ruggedcom APE1808 devices configured with a Palo Alto Networks virtual next-generation firewall (NGFW) could be affected by CVE-2024-3400.
#securityweek#EN#2024#CVE-2024-3400#Palo#Alto#Networks#firewall#Siemens#IoT
·securityweek.com·
Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg. #APT28 #Computer #Credential #Escalation #Exploit #GooseEgg #InfoSec #NSA #Print #Privilege #Security #Spooler #Theft #Windows
#bleepingcomputer#EN#2024#NSA#Spooler#Print#Theft#Escalation#Credential#Windows#Privilege#GooseEgg#Exploit#APT28
·bleepingcomputer.com·
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Hackers are threatening to leak World-Check, a huge sanctions and financial crimes watchlist | TechCrunch
Hackers are threatening to leak World-Check, a huge sanctions and financial crimes watchlist | TechCrunch
A financially motivated criminal hacking group says it has stolen a confidential database containing millions of records that companies use for screening potential customers for links to sanctions and financial crime. The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online.
#techcrunch#EN#2024#GhostR#stolen#confidential#database#World-Check#financial#crime.
·techcrunch.com·
Hackers are threatening to leak World-Check, a huge sanctions and financial crimes watchlist | TechCrunch
'Crude' ransomware tools proliferating on the dark web for cheap, researchers find
'Crude' ransomware tools proliferating on the dark web for cheap, researchers find
Cheap ransomware is being sold for one-time use on dark web forums, allowing inexperienced freelancers to get into cybercrime without any interaction with affiliates. Researchers at the intelligence unit at the cybersecurity firm Sophos found 19 ransomware varieties being offered for sale or advertised as under development on four forums from June 2023 to February 2024.
#therecord#EN#2024#Crude#Sophos#ransomware#tools#DarkWeb
·therecord.media·
'Crude' ransomware tools proliferating on the dark web for cheap, researchers find
Ransomware attack has cost UnitedHealth $872 million; total expected to surpass $1 billion
Ransomware attack has cost UnitedHealth $872 million; total expected to surpass $1 billion
he ransomware attack on a company owned by healthcare giant UnitedHealth Group (UHG) has so far caused $872 million in losses, according to the corporation’s latest earnings report. UnitedHealth owns Change Healthcare, a key cog in the U.S. healthcare industry that was crippled by a ransomware attack in February. Change Healthcare and UHG subsidiary Optum took hundreds of systems offline as a result of the incident and faced criticism from the White House and Congress over its handling of the ransomware attack.
#therecord#EN#2024#UnitedHealth#cost#ransomware#change-healthcare
·therecord.media·
Ransomware attack has cost UnitedHealth $872 million; total expected to surpass $1 billion
Cisco: Hacker breached multifactor authentication message provider on April 1
Cisco: Hacker breached multifactor authentication message provider on April 1
Cisco said one of the providers it uses to send multifactor authentication (MFA) messages was breached by a threat actor on April 1. In emails to customers, Cisco said the incident specifically affected Duo — a multifactor authentication company it acquired in 2018. The attacker breached the system of a telephony supplier that Duo uses to send MFA messages through texts and phone calls to its customers.
#therecord#EN#2024#Cisco#breached#multifactor#authentication#duo
·therecord.media·
Cisco: Hacker breached multifactor authentication message provider on April 1
The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider | Trend Micro (US)
The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider | Trend Micro (US)
On Thursday, April 18, 2024, the UK’s Metropolitan Police Service, along with fellow UK and international law enforcement, as well as several trusted private industry partners, conducted an operation that succeeded in taking down the Phishing-as-a-Service (PhaaS) provider LabHost. This move was also timed to coincide with a number of key arrests related to this operation. In this entry, we will briefly explain what LabHost was, how it affected its victims, and the impact of this law enforcement operation — including the assistance provided by Trend Micro.
#trendmicro#EN#2024#cybercrime#report#LabHost#takedown#PhaaS#Phishing-as-a-Service
·trendmicro.com·
The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider | Trend Micro (US)
New Backdoor, MadMxShell
New Backdoor, MadMxShell
Beginning in March of 2024, Zscaler ThreatLabz observed a threat actor weaponizing a cluster of domains masquerading as legitimate IP scanner software sites to distribute a previously unseen backdoor. The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged GoogleAds to push these domains to the top of search engine results targeting specific search keywords, thereby luring victims to visit these sites. The newly discovered backdoor uses several techniques such as multiple stages of DLL sideloading, abusing the DNS protocol for communicating with the command-and-control (C2) server, and evading memory forensics security solutions. We named this backdoor “MadMxShell” for its use of DNS MX queries for C2 communication and its very short interval between C2 requests.
#zscaler#EN#2024#typosquatting#MadMxShell#GoogleAds#DNS#Malvertising#Advance-ip-scanner
·zscaler.com·
New Backdoor, MadMxShell
Idle GPUs Are the Devil's Workshop
Idle GPUs Are the Devil's Workshop
Salad, a company that pays gamers in Fortnite skins and Roblox gift cards to rent their idle GPUs remotely to generative AI companies, is using those idle computers to create AI-generated porn. Though 404 Media hasn’t seen evidence that any of the images produced by Salad and its network of idle gaming PCs produced nonconsensual AI-generated sexual images, it’s technically possible, and Salad has had a generative AI client that previously produced that type of content.
#404media#EN#2024#Salad#GPUs#AI-generated#porn.
·404media.co·
Idle GPUs Are the Devil's Workshop
Exclusive: Northrop Grumman working with Musk's SpaceX on U.S. spy satellite system | Reuters
Exclusive: Northrop Grumman working with Musk's SpaceX on U.S. spy satellite system | Reuters
Aerospace and defense company Northrop Grumman is working with SpaceX, the space venture of billionaire entrepreneur Elon Musk, on a classified spy satellite project already capturing high-resolution imagery of the Earth, according to people familiar with the program.
#reuters#EN#2024#SpaceX#Northrop-Grumman#satellite#spy#spy-satellite
·reuters.com·
Exclusive: Northrop Grumman working with Musk's SpaceX on U.S. spy satellite system | Reuters