The Week in Ransomware – May 19th 2023 – A Shifting Landscape
In the ever-shifting ransomware landscape, we saw new ransomware gangs emerge, threat actors return from a long absence, operations shifting...
cybersecurity
Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks
A financially motivated cybercriminal group known as FIN7 resurfaced last month, with Microsoft threat analysts linking it to attacks where...
Luxottica confirms 2021 data breach after info of 70M leaks online
Luxottica has confirmed one of its partners suffered a data breach in 2021 that exposed the personal information of 70...
CISA warns of Samsung ASLR bypass flaw exploited in attacks
CISA warned today of a security vulnerability affecting Samsung devices used in attacks to bypass Android address space layout randomization...
Dish Network likely paid ransom after recent ransomware attack
Dish Network, an American television provider, most likely paid a ransom after being hit by a ransomware attack in February...
Hackers target vulnerable WordPress Elementor plugin after PoC released
Hackers are now actively probing for vulnerable Essential Addons for Elementor plugin versions on thousands of WordPress websites in massive...
KeePass exploit helps retrieve cleartext master password, fix coming soon
The popular KeePass password manager is vulnerable to extracting the master password from the application's memory, allowing attackers who compromise...
LayerZero launches record-breaking $15M crypto bug bounty program
LayerZero Labs has launched a bug bounty on the Immunefi platform that offers a maximum reward of $15 million for...
18-year-old charged with hacking 60,000 DraftKings betting accounts
The Department of Justice revealed today that an 18-year-old man named Joseph Garrison from Wisconsin had been charged with hacking...
Cybercrime gang pre-infects millions of Android devices with malware
A large cybercrime enterprise tracked as the "Lemon Group" has reportedly pre-installed malware known as 'Guerilla' on almost 9 million...
Cisco warns of critical switch bugs with public exploit code
Cisco warned customers today of four critical remote code execution vulnerabilities with public exploit code affecting multiple Small Business Series...
FBI confirms BianLian ransomware switch to extortion only attacks
A joint Cybersecurity Advisory from government agencies in the U.S. and Australia, and published by the Cybersecurity and Infrastructure Security...
ScanSource says ransomware attack behind multi-day outages
Technology provider ScanSource has announced it has fallen victim to a ransomware attack impacting some of its systems, business operations, and...
Malicious Microsoft VSCode extensions steal passwords, open remote shells
Cybercriminals are starting to target Microsoft's VSCode Marketplace, uploading three malicious Visual Studio extensions that Windows developers downloaded 46,600 times....
MalasLocker ransomware targets Zimbra servers, demands charity donation
Image: Bing Create A new ransomware operation is hacking Zimbra servers to steal emails and encrypt files. However, instead of...
Parental control app with 5 million downloads vulnerable to attacks
Image: Gaelle Marcel Kiddowares 'Parental Control – Kids Place' app for Android is impacted by multiple vulnerabilities that could enable attackers...
Open-source Cobalt Strike port ‘Geacon’ used in macOS attacks
Geacon, a Go-based implementation of the beacon from the widely abused penetration testing suite Cobalt Strike, is being used more and more...
Ransomware Prevention – Are Meeting Password Security Requirements Enough
As ransomware attacks continue to wreak havoc on organizations worldwide, many official standards and regulations have been established to address...
Russian ransomware affiliate charged with attacks on critical infrastructure
The U.S. Justice Department has filed charges against a Russian citizen named Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x,...
Hackers infect TP-Link router firmware to attack EU entities
A Chinese state-sponsored hacking group named "Camaro Dragon" infects residential TP-Link routers with a custom "Horse Shell" malware used to...
Hackers use Azure Serial Console for stealthy access to VMs
A financially motivated cybergang tracked by Mandiant as 'UNC3944' is using phishing and SIM swapping attacks to hijack Microsoft Azure...
New ZIP domains spark debate among cybersecurity experts
Cybersecurity researchers and IT admins have raised concerns over Google's new ZIP and MOV Internet domains, warning that threat actors...
New RA Group ransomware targets U.S. orgs in double-extortion attacks
A new ransomware group named 'RA Group' is targeting pharmaceutical, insurance, wealth management, and manufacturing firms in the United States...
Stealthy MerDoor malware uncovered after five years of attacks
A new APT hacking group dubbed Lancefly uses a custom 'Merdoor' backdoor malware to target government, aviation, and telecommunication organizations...
