Read Uptycs' analysis of the newly discovered Meduza Stealer malware targeting Windows users, revealing capabilities, potential impact & mitigation steps.

One incident affected the OCR and Pearson Edexcel examiners, and another hit AQA, Britain's largest exam board.

Japan’s biggest port, the Port of Nagoya, has been shut down after a cyberattack by the LockBit ransomware gang. The Russian cybercriminals have been on a crime spree this week, claiming ten new victims in the last five days.

Threat actors are using increasingly sophisticated forms of evasion and anti-analysis as they respond to increased attention to macOS security in the enterprise.

Operation Nervone has dealt a significant blow to the OPERA1ER group.

The infamous Clop ransomware, mainly known as Cl0p, targets various industries and organizations, extorting data for a huge amount of ransom. It advances actively with new emerging campaigns. This blog walks through the Clop timeline, Mitre TTPs and their emulation.

Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application.

Le groupe Cl0p a poursuivi la diffusion des données volées à Cegedim à l’occasion de sa campagne de cyberattaques contre les instances MOVEit Transfer. Il met désormais à disposition plus de 1,5 To de données.

Plus furtive et discrète que les cyberattaques avec rançongiciel, la menace des maliciels dérobeurs se maintient à un niveau élevé. Panorama de la menace en collaboration avec Sekoia.io.

DDoSia is a DDoS attack toolkit used by the pro-Russia hacktivist group NoName057(16) against countries critical the invasion of Ukraine.

In the last couple of months, Check Point Research (CPR) has been tracking the activity of a Chinese threat actor targeting Foreign Affairs ministries and embassies in Europe. Combined with other Chinese activity previously reported by Check Point Research, this represents a larger trend within the Chinese ecosystem, pointing to a shift to targeting European entities, with a focus on their foreign policy.

The activity described in this report, utilizes HTML Smuggling to target governmental entities in Eastern Europe. This specific campaign has been active since at least December 2022, and is likely a direct continuation of a previously reported campaign attributed to RedDelta (and also to Mustang Panda, to some extent).

We examine malicious Cobalt Strike case studies with distinct techniques using Malleable C2 profiles.

We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents.

Researchers for Avast have developed a decryptor for the Akira ransomware and released it for public download. The Akira ransomware appeared in March 2023 and since then, the gang claims successful attacks on various organizations in the education, finance and real estate industries, amongst others.

In June 2003, GCHQ experts were involved in responding to a cyber attack against the UK Government for the first time.

The LockBit ransomware group claims to have hacked Taiwan Semiconductor Manufacturing Company (TSMC), but the chip giant says only one of its suppliers was breached.

The notorious cybercrime group announced on Thursday on its website that it targeted TSMC, suggesting — based on the $70 million ransom demand — that it has stolen vast amounts of sensitive information. The victim was initially given seven days to respond, but the deadline has been extended to August 6 at the time of writing.

Dokumente der Bundespolizei Fedpol sind im Darknet gelandet ­- darunter auch Schutzmassnahmen für ausländische Botschaften und den Bundesrat.

Après la cyberattaque contre Xplain – un des prestataires de la Confédération – les dispositifs de sécurité détaillés de Fedpol et des données de connexions de certains offices fédéraux se retrouvent sur le Darknet. Le Parlement demande des comptes.

Des pirates informatiques ont dérobé des documents confidentiels du Service fédéral de sécurité (SFS) lors de l'attaque contre le prestataire de la Confédération Xplain, selon des informations concordantes des médias. Des fichiers ont été publiés sur le DarkNet.

Bishop Fox internally developed an exploit for CVE-2023-27997, a heap overflow in FortiOS—the OS behind FortiGate firewalls—that allows remote code execution. There are 490,000 affected SSL VPN interfaces exposed on the internet, and roughly 69% of them are currently unpatched. You should patch yours now