Hackers breached the systems of the Cybersecurity and Infrastructure Security Agency (CISA) in February through vulnerabilities in Ivanti products, officials said.
Microsoft says the ongoing hacking is part of the Russian government's efforts to figure out what information Microsoft has on its hackers.
Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard
The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files.
An easy phishing attack using a Flipper Zero device can lead to compromising Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7.
Read this blog on the anatomy of an ALPHA SPIDER ransomware attack to better understand how they operate and how to better protect your business.
The U.S. government announced Tuesday sanctions against the founder of the notorious spyware company Intellexa and one of his business partners. This is
Duvel Moortgat Brewery was hit by a ransomware attack late last night, bringing to a halt the beer production in the company's bottling facilities
The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact.
Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Phobos Ransomware, to disseminate known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs), which are from incident response investigations tied to Phobos ransomware activity from as recently as February, 2024.
U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware.
"Structured as a ransomware-as-a-service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and county governments, emergency services, education, public healthcare, and critical infrastructure to successfully ransom several million in U.S. dollars," the government said.
First released in May 2023, an EDR killer – and the vulnerable Zemana drivers it leverages – are still of interest to threat actors, along with variants and ported versions
Learn more about ACEMAGIC Mini PC's swift resolution to the virus incident, along with robust future security measures. Your safety is our top priority.
Threat actors are creating and using fake Skype, Zoom, and Google Meet pages to spread RATs.
Security shop Rapid7 is criticizing JetBrains for flouting its policy against silent patching regarding fixes for two fresh vulnerabilities in the TeamCity CI/CD server.
Rapid7 says it reported the two TeamCity vulnerabilities in mid-February, claiming JetBrains soon after suggested releasing patches for the flaws before publicly disclosing them.
Such a move is typically seen as a no-no by the infosec community, which favors transparency, but there's apparently a time and a place for these things.
website used by hackers responsible for a breach at UnitedHealth Group (UNH.N), opens new tab has been replaced by a notice saying it has been seized by international law enforcement.
But at least one of the agencies allegedly responsible said it had nothing to do with the seizure, raising the possibility that the hackers - who also go by the moniker ALPHV - faked their own takedown.
A message posted to the website of the Blackcat hacking gang on Tuesday said it had been impounded "as part of a coordinated law enforcement action" by U.S. authorities and other law enforcement agencies. Among the logos of non-American agencies involved were those of Europol and Britain's National Crime Agency.
Developing: Someone claiming to be an “affiliate plus” for AlphV claims they were responsible for the Change Healthcare attack but that AlphV stole the payment Change Healthcare had made and suspended the affiliate’s account.
The affiliate’s claims appeared on Ramp Forum and have been circulating since then. The post can be seen below, via @vx-underground:
The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates' money by pretending the FBI seized their site and infrastructure.
Hackers operating from Ukraine’s Main Intelligence Directorate (GUR) have claimed another scalp; the Russian Ministry of Defense (MoD).
The GUR, part of Kyiv’s Ministry of Defense, said a “special operation” enabled it to breach the servers of the Russian MoD (Minoborony) to obtain sensitive documents.
These included orders and reports apparently circulated among over 2000 structural units of the ministry.
Discover vulnerable FortiGate firewalls with the Bishop Fox CVE-2024-21762 vulnerability scanner. Learn more here!
Kandji threat analysis reveals how the AMOS macOS stealer constantly changes its hash signatures while maintaining its functionality.
In February 2024, Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server:
German police seized the largest German-speaking cybercrime marketplace Crimemarket and arrested one of its operators.
The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million.
The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom.
Russia has been accused of attempting to inflame divisions in Germany by publishing an intercepted conversation in which Bundeswehr officials discuss the country’s support for Ukraine, particularly around the supply of Taurus cruise missiles.
The 38-minute conversation, which took place on February 19, was first published on social media platform Telegram by Margarita Simonyan, the editor-in-chief of RT and a sanctioned propagandist, who said the recording had been provided to her by “comrades in uniform.”
Non-techies told to master firmware upgrades and firewall rules. For the infosec hardheads: have some IOCs
The gang claimed responsibility for a high-profile attack against Change Healthcare Wednesday.
