Between late January and early March, Forescout Research – Vedere Labs identified a series of intrusions based on two Fortinet vulnerabilities. It began with the exploitation of Fortigate firewall appliances — culminating in the deployment of a newly discovered ransomware strain we have dubbed SuperBlack.
Attacks using this ransomware have displayed consistent TTPs and grown steadily since 2023.
Cistec, fournisseur suisse de système d'information d'information clinique, d'une attaque par ransom
A travers la caisse de compensation de Swissmem, la faîtière de l’industrie des machines et des technologies, les données des employés de 180 firmes travaillant pour la Confédération et l’armée ont été mises en ligne. Une faille de sécurité majeure pour la Suisse
Les échanges internes au groupe Black Basta divulgués la semaine dernière offrent une nouvelle opportunité d’enquêter sur l’un de ses leaders : tramp. Il pourrait avoir été arrêté en Arménie en juin 2024, avant d’être relâché.
Key Takeaways The intrusion began with the exploitation of CVE-2023-22527 on an exposed Windows Confluence server, ultimately leading to the deployment of LockBit ransomware across the environment.…
Cybersecurity researchers are analyzing about 200,000 messages from inside the high-profile Black Basta ransomware operation that were leaked recently.
CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations.
#CISA #Computer #Cring #Critical #FBI #Ghost #InfoSec #Infrastructure #Ransomware #Security
The prolific Medusa ransomware group claims to have stolen troves of data from HCRG, including patients’ sensitive health data
First observed in March 2024, “BlackLock” (aka El Dorado or Eldorado) has rapidly emerged as a major player in the ransomware-as-a-service (RaaS) ecosystem. By Q4 2024, it ranked as the 7th most prolific ransomware group on data-leak sites, fueled by a staggering 1,425% increase in activity from Q3. BlackLock uses a double extortion tactic—encrypting data while stealing sensitive information—to pressure victims with the threat of public exposure. Its ransomware is built to target Windows, VMWare ESXi, and Linux environments, though the Linux variant offers fewer features than its Windows counterpart.
One of the challenges with investigating cybercrime is the infrastructure the adversaries leverage to conduct attacks. Cybercriminal infrastructure has evolved drastically over the last 25 years, which now involves hijacking web services, content distribution networks (CDNs), residential proxies, fast flux DNS, domain generation algorithms (DGAs), botnets of IoT devices, the Tor network, and all sorts of nested services.
This blog shall investigate a small UK-based hosting provider known as BitLaunch as an example of how challenging it can be to tackle cybercriminal infrastructure. Research into this hosting provider revealed that they appear to have a multi-year history of cybercriminals using BitLaunch to host command-and-control (C2) servers via their Anonymous VPS service.
This follows a series of high-impact arrests targeting Phobos ransomware:An administrator of Phobos was arrested in South Korea in June 2024 and extradited to the United States in November of the same year. He is now facing prosecution for orchestrating ransomware attacks that encrypted critical infrastructure, business systems, and personal data for ransom.A key Phobos affiliate was arrested in Italy...
A fresh post on the Kraken ransomware group’s leak website refers to data stolen in a 2022 cyberattack, Cisco says.
The data, a list of credentials apparently exfiltrated from Cisco’s systems, appeared over the weekend on a new data leak site operated by the Kraken ransomware group.
“Cisco is aware of certain reports regarding a security incident. The incident referenced in the reports occurred back in May 2022, and we fully addressed it at that time,” a Cisco spokesperson said, responding to a SecurityWeek inquiry.
Chainalysis says a combination of law enforcement actions and better defenses led to less money going out to ransomware actors.
After a ransomware attack on the state's health and social services system, Deloitte is giving Rhode Island $5 million to help cover expenses.
La caisse de compensation de Swissmem a subi un piratage, avec vol de 10 % des données. L'origine des attaquants semble provenir de Russie.
L’entreprise ITSS Global, basée à Plan-les-Ouates et spécialisée dans les logiciels bancaires, a été victime d’une attaque par ransomware.
La radio et la chaîne télévisée du groupe TOP à Winterthour sont à l'arrêt après avoir été piratées ce week-end. Les diffusions en direct n'étaient plus possibles dimanche en milieu de journée.
Learn how the WantToCry ransomware group is exploiting vulnerable SMB (Server Message Block) services to launch devastating attacks. Understand the risks of misconfigured SMB and discover best practices to protect your organization from ransomware.
India's Tata Technologies has disclosed a ransomware attack affecting its IT assets.
