We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents.
Researchers for Avast have developed a decryptor for the Akira ransomware and released it for public download. The Akira ransomware appeared in March 2023 and since then, the gang claims successful attacks on various organizations in the education, finance and real estate industries, amongst others.
In June 2003, GCHQ experts were involved in responding to a cyber attack against the UK Government for the first time.
The LockBit ransomware group claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC), but the chip giant says only one of its suppliers was breached.
The notorious cybercrime group announced on Thursday on its website that it targeted TSMC, suggesting — based on the $70 million ransom demand — that it has stolen vast amounts of sensitive information. The victim was initially given seven days to respond, but the deadline has been extended to August 6 at the time of writing.
Dokumente der Bundespolizei Fedpol sind im Darknet gelandet - darunter auch Schutzmassnahmen für ausländische Botschaften und den Bundesrat.
Après la cyberattaque contre Xplain – un des prestataires de la Confédération – les dispositifs de sécurité détaillés de Fedpol et des données de connexions de certains offices fédéraux se retrouvent sur le Darknet. Le Parlement demande des comptes.
Des pirates informatiques ont dérobé des documents confidentiels du Service fédéral de sécurité (SFS) lors de l'attaque contre le prestataire de la Confédération Xplain, selon des informations concordantes des médias. Des fichiers ont été publiés sur le DarkNet.
After a cybersecurity audit mistakenly reset everyone’s password, a high school changed every student’s password to “Ch@ngeme!” giving every student the chance to hack into any other student’s account, according to emails obtained by TechCrunch.
Bishop Fox internally developed an exploit for CVE-2023-27997, a heap overflow in FortiOS—the OS behind FortiGate firewalls—that allows remote code execution. There are 490,000 affected SSL VPN interfaces exposed on the internet, and roughly 69% of them are currently unpatched. You should patch yours now
One of the world's biggest chipmakers confirmed a data breach after the LockBit ransomware gang targeted one of its third-party providers.
AhnLab Security Emergency response Center (ASEC) has confirmed instances where DNS TXT records were being utilized during the execution process of malware.
This is considered meaningful from various perspectives, including analysis and detection as this method has not been widely utilized as a means of executing malware.
The Securities and Exchange Commission has notified the chief financial officer and CISO of SolarWinds about potential enforcement actions related to the 2020 cyberattack against the company’s Orion software platform, the company disclosed in a regulatory filing with the agency.
I stumbled upon an intriguing concept presented by Will Thomas (BushidoToken) in his blog post titled “Unmasking Ransomware Using Stylometric Analysis: Shadow, 8BASE, Rancoz.” This concept revolves around utilizing stylometry to identify potential modifications in new ransomware variants based on existing popular strains. If you’re interested, you can read the blog post here. (Notably, Will Thomas also appeared on Dark Net Diaries, discussing his tracking of the Revil ransomware.)
Via une convention avec les communes, l’IT du canton de Vaud va créer une équipe d’intervention chargée de leur prêter main forte aux niveaux organisationnel et technique en cas de cyberattaque. La force de réaction s'appuiera également sur des prestataires spécialisés locaux.
Cyble Research & Intelligence Labs examines the Linux variant of Akira Ransomware and assesses its impact on various sectors.
The efforts by governments in Europe and elsewhere to degrade Russia's human intelligence networks could have blowback in other areas, Swiss intelligence is warning.
Kazakhstan - the world's last SSLv2 superpower... and a country with potentially vulnerable last-mile internet infrastructure, Author: Jan Kopriva
Les équipes d’Orange Cyberdefense ont détecté le trafic réseau anormal ayant trahi l’occurrence d’une cyberattaque. Celui-ci impliquait un compte VPN mis à disposition d’un tiers à fin de maintenance applicative.
Security researchers have found a bug that could allow attackers to deliver malware directly into employees' Microsoft Teams inbox.
