A Russian developer of Trickbot malware has been sentenced to five years and four months in prison, the U.S. Department of Justice said on Thursday.
An “unauthorized party” hijacked the cell phone number of the person running the SEC’s X account before taking over the social media feed and posting messages.
In a statement on Monday, an SEC spokesperson explained that two days after the January 9 account takeover, the government agency spoke to its telecom carrier and discovered that someone “obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack.”
Two bugs in Citrix technology are drawing serious attention this week from the Cybersecurity and Infrastructure Security Agency.
CISA says federal agencies much patch one of the vulnerabilities — tagged as CVE-2023-6548 — by January 24. It’s one of the rare times the cyber agency has put a remediation date of less than three weeks on a vulnerability.
CISA did not respond to requests for comment about why the remediation timeline was shorter than most.
The other bug — listed as CVE-2023-6548 — must be fixed by February 7. CISA’s alerts are aimed at federal agencies but often serve as general warnings for the public.
What happened in Denmark can also happen to you, cybersecurity researchers are warning in a new report that examines attacks against the country’s energy sector last year.
Waves of incidents in May that seemed like a highly-targeted effort by a nation-state actor — perhaps Russia’s Sandworm hacking group — might have been less connected than originally thought, according to a new report by Forescout.
The researchers say their analysis found two distinct waves against Danish energy providers, and evidence suggests they were unrelated.
The World Council of Churches reported an incident in December, and the Lutheran World Federation said it experienced a related incident. The Rhysida gang claimed it carried out the attack on the federation.
The printing and business services giant said its XBS division "experienced a security incident." A cybercrime gang called INC said it was responsible.
Since it appeared in July 2022, Play ransomware has launched devastating attacks on municipalities and critical infrastructure, agencies said.
Ukraine's defense intelligence directorate (GUR) said it infected thousands of servers belonging to Russia's state tax service with malware, and destroyed databases and backups.
The British government accused a unit of Russia’s Federal Security Service (FSB) on Thursday of using cyberattacks in a “sustained but unsuccessful” campaign to undermine democratic institutions in the country.
The company’s AirLink cellular routers are often used in critical infrastructure sectors, such as government and emergency services.
Killmilk is a 30-year-old Russian citizen, according to the news site Gazeta.ru. The report has drawn extra scrutiny to Killnet, known for DDoS attacks on Western targets.
The attack on a medical transcription company is one of the worst healthcare-related data breaches in recent years, according to U.S. Department of Health and Human Services records.
An Atlassian spokesperson said the company had evidence to support what cybersecurity researchers reported over the weekend: A vulnerability affecting the Confluence Data Center and Confluence Server products was being used in cybercrime.
Several new vulnerabilities with critical severity scores are causing alarm among experts and cyber officials.
Zero-day bugs affecting products from Citrix and Apache have recently been added to the Cybersecurity and Infrastructure Security Agency’s (CISA) known exploited vulnerability (KEV) list.
Incident responders at the cybersecurity company Rapid7 warned of hackers connected to the HelloKitty ransomware exploiting a vulnerability affecting Apache ActiveMQ, classified as CVE-2023-46604. Apache ActiveMQ is a Java-language open source message broker that facilitates communication between servers.
Hackers encrypted the servers of the municipal service provider Südwestfalen IT, leading the company to restrict access to its infrastructure for over 70 municipalities in western Germany.
Initial alerts about a bug in the obscure but widely used libwebp library have expanded into concerns that it affects not only web browsers like Chrome, but also many other common pieces of software.
Every morning at roughly the same time, a Russian hacker group known as NoName057(16) carries out distributed denial-of-service (DDoS) attacks on European financial institutions, government websites or transportation services.
A group that operates through a data leak blog called Ransomed tells its alleged victims that shelling out an extortion payment is smarter than facing a government fine for a data breach.
Hackers are modifying the open source code of a popular malware strain, adding tools and functions that make it easier to steal data.
Two teenagers, ages 18 and 17, were found guilty of hacking into major corporations. The cases involved Uber, Nvidia and more.
Absentee voters flooded social media to express their frustration at not being able to cast votes through an online system created by the government.
After analyzing millions of computers infected with info-stealing malware, researchers at Hudson Rock said they identified 120,000 that contained credentials used for logging into cybercrime forums.
The number of ransomware attacks posted on extortion websites shot up to a record high in July, with ransomware gangs publicly claiming more than 15 attacks per day on average.
In total there were 484 ransomware attacks in July, compared to 408 the previous month, according to data collected by Recorded Future from extortion sites, government agencies, news reports, hacking forums, and other sources.
A second vulnerability affecting mobile endpoint management software from IT giant Ivanti has been discovered, according to a new advisory from the company.
Microsoft has announced changes to a system that was exploited by Chinese hackers over the last month that allowed them to access email accounts and spy on the inner workings of two dozen organizations, including government agencies, a lawmaker’s staff and even Commerce Secretary Gina Raimondo.
A Chinese hacking group exploited a bug in Microsoft’s cloud email service to spy on two-dozen organizations, including some government agencies, the tech giant said late Tuesday.
One incident affected the OCR and Pearson Edexcel examiners, and another hit AQA, Britain's largest exam board.
The efforts by governments in Europe and elsewhere to degrade Russia's human intelligence networks could have blowback in other areas, Swiss intelligence is warning.
Top U.S. cybersecurity officials confirmed Thursday that several federal agencies have been impacted by cyberattacks on the widely used MOVEit file transfer tool.
Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly told reporters that her team and the FBI are working to provide assistance to federal agencies that used MOVEit, which is being exploited by the Russia-based Clop ransomware gang in a widespread breach that appears to have compromised dozens of entities.
“We’ve been working closely with Progress Software [which makes MOVEit], the FBI and our federal partners to understand its prevalence within federal agencies,” she said. Earlier in the day, CNN first reported that several government agencies were compromised in the hacks. Easterly said that CISA is providing support to “several agencies that have experienced intrusions of their MOVEit applications.”
Rheinmetall confirmed on Monday that the Black Basta ransomware group was behind a cyberattack it detected last month.
Hackers infiltrated networks of at least two colleges over the last week, disrupting the schools during the season of final exams and commencement ceremonies.
Tennessee’s Chattanooga State Community College has been responding to a cyberattack since Saturday, forcing the school to cancel classes on Monday and modify schedules for staff members. The school serves more than 11,000 students.
The United Kingdom and United States on Thursday sanctioned seven people connected to what officials have told The Record is a single network behind the Conti and Ryuk ransomware gangs as well as the Trickbot banking trojan.
The sanctions are described as the first major move of a “new campaign of concerted action” between Britain and the United States, and insiders say that further actions should be expected later this year.
Distributed denial-of-service (DDoS) attacks by pro-Russian hacking groups are causing alarm in the U.S. and Denmark after several incidents affected websites of hospitals and government offices in both countries.
On Tuesday, Denmark announced that it was raising its cyber risk alert level after weeks of attacks on banks and the country’s defense ministry.
The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.
Researchers in China claim to have reached a breakthrough in quantum computing, figuring out how they can break the RSA public-key encryption system using a quantum computer of around the power that will soon be publicly available.
Breaking 2048-bit RSA — in other words finding a method to consistently and quickly discover the secret prime numbers underpinning the algorithm — would be extremely significant. Although the RSA algorithm itself has largely been replaced in consumer-facing protocols, such as Transport Layer Security, it is still widely used in older enterprise and operational technology software and in many code-signing certificates.
More than 200 local governments, schools and hospitals in the U.S. were affected by ransomware in 2022, according to research conducted by cybersecurity firm Emsisoft.
The annual “State of Ransomware in the US” report found that 105 local governments; 44 universities and colleges; 45 school districts; and 25 healthcare providers operating 290 hospitals dealt with ransomware attacks last year.
The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.
Public schools in two Michigan counties are reopening on Thursday after a ransomware attack crippled their ability to function and closed doors to students for three days.
All of the public schools in Jackson and Hillsdale counties announced their reopening on Thursday in letters to parents, assuring them that cybersecurity experts, tech officials and law enforcement worked around the clock to restore the systems following outages that began on Monday.
Microsoft tied hackers with the Vice Society ransomware gang to several ransomware strains on Tuesday, noting that the group has been behind a wave of attacks on primary schools and colleges across the world.
The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.
Editor’s Note: Last April, a ransomware group threatened to expose police informants and other sensitive information if the Washington, D.C. Metropolitan Police Department did not pay a demand.
The brazen attack was the work of a gang known as Babuk, which in early 2021 gained a reputation for posting stolen databases on its website from victims that refused to pay a ransom. Just days after it tried to extort the Metropolitan Police Department, Babuk announced it was closing its ransomware affiliate program, and would focus on data theft and extortion instead.
Cisco confirmed on Wednesday that it was attack by the Yanluowang ransomware group in May, but said the hackers were not able to steal sensitive data or impact the company’s operations.
In a statement to The Record, Cisco said the incident occured on their corporate network in late May and that they “immediately took action to contain and eradicate the bad actors.”
The Justice Department, IRS and FBI seized and shut down a popular marketplace used by cybercriminals to buy stolen Social Security numbers and other sensitive personal information.
The SSNDOB Marketplace – which the DOJ said generated more than $19 million in sales revenue – was shut down in coordination with law enforcement agencies in Cyprus and Latvia.
Seizure orders were executed against several domains associated with SSNDOB including ssndob.ws, ssndob.vip, ssndob.club, and blackjob.biz.
Two cybersecurity firms with a strong business presence in Ukraine—ESET and Broadcom’s Symantec—have reported tonight that computer networks in the country have been hit with a new data-wiping attack.
The attack is taking place as Russian military troops have crossed the border and invaded Ukraine’s territory in what Russian President Putin has described as a “peacekeeping” mission.
Hackers have stolen roughly $1.9 million from South Korean cryptocurrency platform KLAYswap after they pulled off a rare and clever BGP hijack against the server infrastructure of one of the platform’s providers.