Back in 2022, Fortinet warned that somebody had a zero day vulnerability and was using it to exploit Fortigate firewalls https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2022-40684

Today, Belsen Group publicly released Fortigate firewall configs from just over 15k unique devices:

MThe Hunt for Initial Access With the default disablement of VBA macros originating from the internet, Microsoft may be pitching a curveball to threat actors and red […]

Russian military intelligence, the G.R.U., is behind arson attacks aimed at undermining support for Ukraine’s war effort, security officials say.

Majority of public-facing devices still unpatched against critical vulns from as far back as 2022

Since it appeared in July 2022, Play ransomware has launched devastating attacks on municipalities and critical infrastructure, agencies said.

According to ecrime.ch data, confirmed ransomware incidents occurred in 105 countries, originating from 58 ransomware groups.  This number is relatively consistent with last year’s data, in which we calculated that incidents impacted organizations in 109 countries and documented at least 60 distinct ransomware families.  Though the overall statistics remain relatively consistent from last year to this year, there is more to the story: new trends in the ecosystem include the shifting dynamics of ransomware groups, the rise of the education sector as a key target, and the trends in geographic distribution of attacks.

The Rust Security Response WG and the crates.io team were notified on 2022-05-02 of the existence of the malicious crate rustdecimal, which contained malware. The crate name was intentionally similar to the name of the popular rust_decimal crate, hoping that potential victims would misspell its name (an attack called "typosquattin

• Mandiant tracked 55 zero-day vulnerabilities that we judge were exploited in 2022. Although this count is lower than the record-breaking 81 zero-days exploited in 2021, it still represents almost triple the number from 2020.
• Chinese state-sponsored cyber espionage groups exploited more zero-days than other cyber espionage actors in 2022, which is consistent with previous years.
• We identified four zero-day vulnerabilities exploited by financially motivated threat actors. 75% of these instances appear to be linked to ransomware operations.
• Products from Microsoft, Google, and Apple made up the majority of zero-day vulnerabilities in 2022, consistent with previous years. The most exploited product types were operating systems (OS) (19), followed by browsers (11), security, IT, and network management products (10), and mobile OS (6).

We have been seeing notable changes to TTPs used in GOOTLOADER operations since 2022.

Google Ads is one of the most popular advertising platform, but it's also a target for cybercriminals. Learn how they are using it to spread malware.

A newly uncovered technique to abuse Google’s ad-words powerful advertisement platform is spreading rogue promoted search results in mass. Pointing to allegedly credible advertisement sites that are fully controlled by threat actors, those are used to masquerade and redirect ad-clickers to malicious phishing pages gaining the powerful credibility and targeting capabilities of Google’s search results. Adding customized malware payloads, threat actors are raising the bar for successful malware deployments on Personal PCs with ad words like Grammarly, Malwarebytes, and Afterburner as well as with Visual Studio, Zoom, Slack, and even Dashlane to target organizations.

How Finland Is Teaching a Generation to Spot Misinformation
The Nordic country is testing new ways to teach students about propaganda. Here’s what other countries can learn from its success.

• Ukraine has released an instruction video for Russian soldiers on surrendering to a drone.
• It's part of the "I Want to Live" hotline, which entices Russians to stop fighting in Ukraine.
• The video suggests that surrendering via drone may become increasingly common.

As part of our research into the cryptomining botnet kmsdbot, we rendered it useless.

We see that one of our vulnerabilities is exploited in the wild Link. So we decided to public the detail analysis of our two bug chains. Any customer has enough information to mitigate these bugs. The vendor also released all patches a week ago. This blog post shares the detail

After inadvertently finding that InfoSys leaked an AWS key on PyPi I wanted to know how many other live AWS keys may be present on Python package index. After scanning every release published to PyPi I found 57 valid access keys from organisations like:

Amazon themselves 😅
Intel
Stanford, Portland and Louisiana University
The Australian Government
General Atomics fusion department
Terradata
Delta Lake
And Top Glove, the worlds largest glove manufacturer 🧤

We recently discovered ransomware, which performs MSDTC service DLL Hijacking to silently execute its payload. We have named this ransomware CatB, based on the contact email that the ransomware group uses. The sample was first uploaded to VT on November 23, 2022 and tagged by the VT community as a possible variant of the Pandora Ransomware. The assumed connection to the Pandora Ransomware was due to some similarities between the CatB and Pandora ransom notes. However, the similarities pretty much end there. The CatB ransomware implements several anti-VM techniques to verify execution on a “real machine”, followed by a malicious DLL drop and DLL hijacking to evade detection.

Suite à un piratage, Adecco a lancé début novembre une enquête. La société donne de plus amples informations : « certaines de vos données personnelles présentes dans un de nos systèmes d’informations (noms, prénoms, adresses email...

More than 200 local governments, schools and hospitals in the U.S. were affected by ransomware in 2022, according to research conducted by cybersecurity firm Emsisoft.

The annual “State of Ransomware in the US” report found that 105 local governments; 44 universities and colleges; 45 school districts; and 25 healthcare providers operating 290 hospitals dealt with ransomware attacks last year.

A comprehensive analysis of the year's new malware