The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum.
Αρχή Ψηφιακής Ασφάλειας – Εθνική Ομάδα Αντιμετώπισης Ηλεκτρονικών Επιθέσεων:
A new ransomware called Pay2Key has been targeting organizations from Israel and Brazil, encrypting their networks within an hour in targeted attacks still under investigation.
Το Emotet είναι γνωστό κακόβουλο λογισμικό είδους τραπεζικό trojan. Η πρώτη έκδοση εμφανίστηκε το 2014. Διαδίδεται κυρίως μέσω ανεπιθύμητων μηνυμάτων ηλεκτρονικού ταχυδρομείου (malspam).
Ransomware gangs are increasingly failing to keep their promise to delete stolen data after a victim pays a ransom.
Cisco has disclosed today a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software with proof-of-concept exploit code publicly available.
Oracle issued an out-of-band security update over the weekend to address a critical remote code execution (RCE) vulnerability impacting multiple Oracle WebLogic Server versions.
This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Cyber Command Cyber National Mission Force (CNMF). This advisory describes the tactics, techniques, and procedures (TTPs) used by North Korean advanced persistent threat (APT) group Kimsuky—against worldwide targets—to gain intelligence on various topics of interest to the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
US Cyber Command today shared information on malware implants used by Russian hacking groups in attacks targeting multiple ministries of foreign affairs, national parliaments, and embassies.
Emotet switched to a new template this week that pretends to be a Microsoft Office message stating that Microsoft Word needs to be updated to add a new feature.
A month after details were published about three severe vulnerabilities in a type of server used to manage fleets of mobile devices, multiple threat actors are now exploiting these bugs to take over crucial enterprise servers and even orchestrate intrusions inside company networks.
Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company’s Cisco IOS XR Software.
GravityRAT, a malware strain known for checking the CPU temperature of Windows computers to detect virtual machines or sandboxes, is now multi-platform spyware as it can now also be used to infect Android and macOS devices.
Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) attacks.
A critical stack-based Buffer Overflow vulnerability has been discovered in SonicWall VPNs. When exploited, it allows unauthenticated remote attackers to execute arbitrary code on the impacted devices.
The TrickBot gang operators are increasingly targeting high-value targets with the new stealthy BazarLoader trojan before deploying the Ryuk ransomware.
Emotet attacks have targeted multiple state and local governments in the U.S. as part of potentially targeted campaigns that have been ramping up since August, the Cybersecurity and Infrastructure Security Agency (CISA) said in an alert published today.
The client’s default configuration for SSL-VPN has a certificate issue, researchers said.
A decryptor for the ThunderX ransomware has been released by cybersecurity firm Tesorion that lets victims recover their files for free. ThunderX is a relatively new ransomware that became active towards the end of August 2020.
On 9 August, QuoIntelligence disseminated a Warning to its government customers about a new APT28 (aka Sofacy, Sednit, Fancy Bear, STRONTIUM, etc.) campaign targeting government bodies of NATO members (or countries cooperating with NATO). In particular, we found a malicious file uploaded to VirusTotal, which ultimately drops a Zebrocy malware and communicates with a C2 in France. After our discovery, we reported the malicious C2 to the French law enforcement as part of our responsible disclosure process.
