Agence France-Presse, known by most as AFP, said the attack affected “part of its delivery service to clients.”
One of the largest hospitals in West Texas has been forced to divert ambulances after a ransomware attack shut down many of its systems last Thursday.
The University Medical Center Health System in Lubbock confirmed on Friday that IT outages are being caused by a ransomware incident.
These are some of the results of the third phase of Operation Cronos, a long-running collective effort of law enforcement authorities from 12 countries, Europol and Eurojust, who joined forces to effectively disrupt at all levels the criminal operations of the LockBit ransomware group. These actions follow the massive disruption of LockBit infrastructure in February 2024, as well as the large series of sanctions and operational actions that took place against LockBit administrators in May and subsequent months.
Between 2021 and 2023, LockBit was the most widely employed ransomware variant globally with a notable number of victims claimed on its data leak site. Lockbit operated on the ransom as a service model. The core group sold access to affiliates and received portions of the collected ransom payments. Entities deploying LockBit ransomware attacks had targeted organisations of various sizes spanning critical infrastructure sectors such as financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing and transportation. Reflecting the considerable number of independent affiliates involved, LockBit ransomware attacks display significant variation in observed tactics, techniques and procedures.
#2024 #EN #Eurojust #LockBit #busted #disrupt #europol
A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources.
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, and law enforcement. Storm-0501 is a financially motivated cybercriminal group that uses commodity and open-source tools to conduct ransomware operations.
Discover the details of the critical vulnerability CVE-2024-8353 in GiveWP donation plugin for WordPress and the potential impact on your website.
in light of the escalating frequency and complexity of ransomware attacks, are security leaders confident in their organization’s defenses? According to Group-IB’s Hi-Tech Crime Trends 2023/2024 Report, ransomware will have an increasingly significant impact in 2024 and beyond. Key trends driving this include the expansion of the Ransomware-as-a-Service (RaaS) market, the proliferation of stolen data on Dedicated Leak Sites (DLS), and a rise in affiliate programs.
In November 2023, we identified a BlackCat ransomware intrusion started by Nitrogen malware hosted on a website impersonating Advanced IP Scanner.
Nitrogen was leveraged to deploy Sliver and Cobalt Strike beacons on the beachhead host and perform further malicious actions. The two post-exploitation frameworks were loaded in memory through Python scripts.
After obtaining initial access and establishing further command and control connections, the threat actor enumerated the compromised network with the use of PowerSploit, SharpHound, and native Windows utilities. Impacket was employed to move laterally, after harvesting domain credentials.
The threat actor deployed an opensource backup tool call Restic on a file server to exfiltrate share data to a remote server.
Eight days after initial access the threat actor modified a privileged user password and deployed BlackCat ransomware across the domain using PsExec to execute a batch script.
Six rules were added to our Private Ruleset related to this intrusion.
Extensive data leak in Switzerland: The Zurich-based asset manager Boreal Capital Management has been attacked by a hacker group, with data from around 700 current and former clients being stolen and published, according to media reports.
Critical severity vulnerability CVE-2024-0132 affecting NVIDIA Container Toolkit and GPU Operator presents high risk to AI workloads and environments.
The United States today unveiled sanctions and indictments against the alleged proprietor of Joker's Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The…
The Binarly REsearch team has consistently uncovered security vulnerabilities in the Baseboard Management Controller (BMC) firmware -- a critical component of modern data center infrastructure. These vulnerabilities can be exploited remotely by threat actors, posing significant risk to enterprises.
In a previous report, “Old But Gold: The Underestimated Potency of Decades-Old Attacks on BMC Security,” we documented the BMC architecture in detail and showed that it is still possible to find classes of vulnerabilities known from the early 2000s.
The hacker, known as Judische, has extorted $2.7 million as part of the attacks on Snowflake customers.
A notorious hacker has announced the theft of data from an improperly protected server allegedly belonging to Deloitte.
The hacker known as IntelBroker announced late last week on the BreachForums cybercrime forum the availability of “internal communications” obtained from Deloitte, specifically an internet-exposed Apache Solr server that was accessible with default credentials.
On June 11th, 2024, we discovered a set of vulnerabilities in Kia vehicles that allowed remote control over key functions using only a license plate. These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription.
Additionally, an attacker could silently obtain personal information, including the victim's name, phone number, email address, and physical address. This would allow the attacker to add themselves as an invisible second user on the victim's vehicle without their knowledge.
The Irish Data Protection Commission (DPC) has fined Meta €91 million for a 2019 incident wherein the company stored millions of Facebook and Instagram passwords in plain text.
A key member of the notorious hacker group SiegedSec was arrested today by federal authorities. The arrest came just hours after the hacker published a provocative manifesto titled “The Conscience of a Catgirl.” The document offers sharp criticisms of governments, corporations, and the state of modern surveillance, right before the hacker was taken into custody.
CrowdStrike says it has revamped several testing, validation, and update rollout processes to prevent a repeat of the embarrassing July outage that caused widespread disruption on Windows systems around the world.
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.
Tens of thousands of fuel storage tanks in critical infrastructure facilities remain vulnerable to zero-day attacks due to buggy Automatic Tank Gauge systems from multiple vendors, say infosec researchers.
Automatic Tank Gauges (ATGs) are used to monitor fuel levels in storage tanks and ensure that the tanks don't leak. The ten CVEs disclosed today were found in products from several different vendors: Dover Fueling Solutions (DFS), OPW Fuel Management Systems (owned by DFS), Franklin Fueling Systems, and OMNTEC.
