Tag: group
-
Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices
by
in SecurityNewsThe precedent-setting ruling from a Northern California federal judge could lead to massive damages against NSO Group, whose notorious spyware has been reportedly used by various governments worldwide.]]> First seen on therecord.media Jump to article: therecord.media/judge-rules-nso-group-liable-for-hack-of-1400-whatsapp-users
-
RansomHub emerges as dominant ransomware group as 2024 ends
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/ransomhub-emerges-as-dominant-ransomware-group-as-2024-ends
-
US Ban on TP-Link Routers More About Politics Than Exploitation Risk
by
in SecurityNewsWhile a number of threat groups have used TP-Link bugs to infiltrate networks, a proposed ban of the company’s popular routers is more about geopolitics than actual cybersecurity, and that may not be a bad thing. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/us-ban-tp-link-routers-politics-exploitation-risk
-
Enhance Microsoft security by ditching your hybrid setup for Entra-only join
by
in SecurityNews
Tags: ai, authentication, business, cloud, compliance, conference, credentials, email, firewall, group, identity, infrastructure, intelligence, Internet, microsoft, network, ntlm, office, powershell, risk, service, switch, technology, tool, vpn, windowsArtificial intelligence is top of mind for nearly everything Microsoft is doing these days, but there’s another goal the company would like to see its users strive to attain, one that may not be easily obtained, and that’s to be Entra-joined only.That means no more Active Directory (AD) and no more traditional domain: instead, your…
-
Romanian Netwalker ransomware affiliate sentenced to 20 years in US prison
by
in SecurityNewsDaniel Christian Hulea admitted to earning up to $21.5 million from attacks carried out by Netwalker, a group known for targeting the healthcare sector during the COVID-19 pandemic.]]> First seen on therecord.media Jump to article: therecord.media/romanian-netwalker-sentenced-prison-twenty
-
US unseals complaint against Russian-Israeli accused of working for LockBit
by
in SecurityNewsRostislav Panev is facing 40 counts for allegedly working for the cybercrime group as a software developer from 2019 up until February 2024, the same month that law enforcement disrupted the LockBit scheme by seizing its darknet website and infrastructure.]]> First seen on therecord.media Jump to article: therecord.media/us-unseals-lockbit-complaint-israel
-
North Korean Hackers Stole $1.34 Billion in Crypto in 2024
by
in SecurityNewsNorth Korean hackers stole $1.34 billion in cryptocurrency in 2024, more than half of the $2.2 billion stolen in all crypto hacks, and the attacks by threat groups linked to the rogue nation are becoming more frequent and are happening more quickly. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/north-korean-hackers-stole-1-34-billion-in-crypto-in-2024/
-
Ransomware Group Claims Theft of Personal, Financial Data From Krispy Kreme
by
in SecurityNewsThe Play ransomware group claims to have stolen sensitive data from donut and coffee retail chain Krispy Kreme. The post Ransomware Group Claims Theft of Personal, Financial Data From Krispy Kreme appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ransomware-group-claims-theft-of-personal-financial-data-from-krispy-kreme/
-
Russia fires its biggest cyberweapon against Ukraine
by
in SecurityNews
Tags: access, attack, breach, cisa, communications, country, cyber, cyberattack, defense, email, governance, government, group, incident response, infrastructure, intelligence, microsoft, mitigation, mobile, risk, russia, service, strategy, threat, ukraine, vulnerability, warfareUkraine has faced one of the most severe cyberattacks in recent history, targeting its state registries and temporarily disrupting access to critical government records.Ukrainian Deputy Prime Minister Olga Stefanishyna attributed the attack to Russian operatives, describing it as an attempt to destabilize the country’s vital digital infrastructure amid the ongoing war.”It’s already clear that the…
-
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
The Lazarus Group, an infamous threat actor linked to the Democratic People’s Republic of Korea (DPRK), has been observed leveraging a “complex infection chain” targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024.The attacks, which culminated in the deployment of a new modular backdoor…
-
Ransomware Attackers Target Industries with Low Downtime Tolerance
by
in SecurityNewsA Dragos report observed 23 new ransomware groups targeting industrial organizations in Q3 2024 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomware-industries-downtime/
-
TA397 Leverages Sophisticated Spearphishing Techniques to Deploy Malware in Defense Sector
by
in SecurityNewsProofpoint researchers have identified a new spearphishing campaign by TA397, a South Asia-based advanced persistent threat (APT) group also known as Bitter. The campaign, observed on November 18, 2024, targets... First seen on securityonline.info Jump to article: securityonline.info/ta397-leverages-sophisticated-spearphishing-techniques-to-deploy-malware-in-defense-sector/
-
Earth Koshchei’s Rogue RDP Campaign: A Sophisticated APT Attack Targets Governments and Enterprises
by
in SecurityNewsTrend Micro has unveiled a large-scale rogue remote desktop protocol (RDP) campaign conducted by the threat group Earth Koshchei. Known for their espionage operations, Earth Koshchei leveraged spear-phishing emails and... First seen on securityonline.info Jump to article: securityonline.info/earth-koshcheis-rogue-rdp-campaign-a-sophisticated-apt-attack-targets-governments-and-enterprises/
-
Weaponized Hacktivism: How Countries Use Activists for Cyber Warfare
by
in SecurityNewsThe intersection of hacking and activism, commonly known as hacktivism, has transformed into a formidable force in the digital era. Trellix’s latest report explores how these groups are increasingly intertwined... First seen on securityonline.info Jump to article: securityonline.info/weaponized-hacktivism-how-countries-use-activists-for-cyber-warfare/
-
Crypto Roundup: LastPass Breach Linked to $5.4M Crypto Theft
by
in SecurityNewsAlso, CoinLurker Malware Steals Data via Fake Updates. Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, LastPass breach linked to $5.4M crypto theft, CoinLurker malware steals data via fake updates, cryptocurrency key to 27 million euro seizure and nearly 800 arrested in crypto-romance scam. First seen on govinfosecurity.com…
-
Rhode Island officials warn residents as ransomware group threatens social services data leak
by
in SecurityNewsThe personal data of hundreds of thousands of vulnerable residents is at risk after a threat group attacked a state social services database. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/rhode-island-ransomware-social-services/735912/
-
European authorities say AI can use personal data without consent for training
by
in SecurityNewsThe European Data Protection Board (EDPB) issued a wide-ranging report on Wednesday exploring the many complexities and intricacies of modern AI model development. It said that it was open to potentially allowing personal data, without owner’s consent, to train models, as long as the finished application does not reveal any of that private information.This reflects…
-
Europol Details on How Cyber Criminals Exploit legal businesses for their Economy
Europol has published a groundbreaking report titled >>Leveraging Legitimacy: How the EU’s Most Threatening Criminal Networks Abuse Legal Business Structures.Decoding […] The post Europol Details on How Cyber Criminals Exploit legal businesses for their Economy appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on gbhackers.com Jump to article: gbhackers.com/europol-details-on-cyber-criminals/
-
In potential reversal, European authorities say AI can indeed use personal data, without consent, for training
by
in SecurityNewsThe European Data Protection Board (EDPB) issued a wide-ranging report on Wednesday exploring the many complexities and intricacies of modern AI model development. It said that it was open to potentially allowing personal data, without owner’s consent, to train models, as long as the finished application does not reveal any of that private information.This reflects…
-
Ransomware in 2024: New players, bigger payouts, and smarter tactics
by
in SecurityNewsIn 2024, ransomware remained the top cybersecurity threat to organizations worldwide. New groups filled the void left by law enforcement crackdowns, targeting businesses with … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/19/ransomware-surveys-2024/
-
Russia-linked APT29 group used red team tools in rogue RDP attacks
by
in SecurityNewsRussia-linked APT29 group uses malicious RDP configuration files, adapting red teaming methods for cyberattacks to compromise systems. In October 2024, the Russia-linked cyber espionage group APT29 (aka Earth Koshchei, SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) used rogue RDP attacks via phishing emails targeting governments, think tanks, and Ukrainian entities to steal data and install malware. The…
-
Russian hackers use RDP proxies to steal data in MiTM attacks
by
in SecurityNewsThe Russian hacking group tracked as APT29 (aka “Midnight Blizzard”) is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-use-rdp-proxies-to-steal-data-in-mitm-attacks/
-
Midnight Blizzard Taps Phishing Emails, Rogue RDP Nets
The Russian-based attack group uses legitimate red-team tools, 200 domain names, and 34 back-end RDP servers, making it harder to identify and block malicious activity. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/midnight-blizzard-taps-phishing-email-rogue-rdp-nets
-
Attack Exposure: Unpatched Cleo Managed File-Transfer Software
by
in SecurityNewsAt Least 200 Servers Still Vulnerable as Ransomware Group Claims Mass Exploits. More than 200 Cleo managed file-transfer servers remain internet-exposed and unpatched, despite warnings of a mass attack targeting critical vulnerabilities in the widely used software. The Clop ransomware operation, which has repeatedly targeted MFT software, claimed credit for the attacks. First seen on…
-
A new ransomware regime is now targeting critical systems with weaker networks
by
in SecurityNews
Tags: access, attack, authentication, breach, control, corporate, credentials, cybercrime, data, defense, exploit, extortion, finance, flaw, fortinet, group, infrastructure, law, lockbit, malware, mfa, network, ransomware, risk, tactics, usa, vmware, vpn, vulnerability, zyxelThe year 2024’s ransomware shake-up, fueled by law enforcement crackdowns on giants like LockBit, has shifted focus to critical operations, with major attacks this year hitting targets like Halliburton, TfL, and Arkansas water plant.A Dragos study for the third quarter of 2024 highlighted a surge in activity from new groups like RansomHub, Play, and Fog,…
-
Earth Koshchei Employs RDP Relay, Rogue RDP server in Server Attacks
by
in SecurityNewsA new cyber campaign by the advanced persistent threat (APT) group Earth Koshchei has brought rogue Remote Desktop Protocol (RDP) attacks to the forefront of cybersecurity concerns. Leveraging a combination of RDP relays, rogue RDP servers, and custom malicious configuration files, this campaign has targeted high-profile organizations, posing a serious threat to global cybersecurity. The…
-
Careto A legendary Threat Group Targets Windows By Deploy Microphone Recorder And Steal Files
by
in SecurityNewsRecent research has linked a series of cyberattacks to The Mask group, as one notable attack targeted a Latin American organization in 2022, where attackers compromised the organization’s MDaemon email server and exploited the WorldClient webmail component to maintain persistent access. While the initial compromise vector remains unknown, the successful exploitation of the MDaemon server…
-
RiseLoader Attack Windows By Employed A VMProtect To Drop Multiple Malware Families
RiseLoader, a new malware family discovered in October 2024, leverages a custom TCP-based binary protocol similar to RisePro for downloading and executing second-stage payloads. Despite RisePro’s development discontinuation in June 2024, RiseLoader’s emergence suggests a potential connection to the threat group behind RisePro and PrivateLoader. The malware often employs VMProtect for code obfuscation and has…
-
The Mask APT is back after 10 years of silence
Kaspersky researchers linked a new wave of cyber attacks to the cyber espionage group tracked as The Mask. Kaspersky researchers linked several targeted attacks to a cyber espionage group known as The Mask. The APT group targeted an organization in Latin America in 2019 and 2022. Threat actors accessed an MDaemon email server and used…
-
Key strategies to enhance cyber resilience
by
in SecurityNews
Tags: attack, awareness, backup, banking, breach, business, ceo, compliance, control, crowdstrike, cyber, cybersecurity, data, finance, government, group, healthcare, incident, incident response, infrastructure, insurance, metric, network, phishing, programming, ransom, ransomware, resilience, risk, security-incident, service, skills, software, strategy, supply-chain, technology, threat, training, update, vulnerability, windowsThe faulty CrowdStrike software update that triggered IT outages on a global scale in July was a sobering reminder of the importance of incident response and business continuity plans.The update caused more than eight million Windows devices to crash and take down with them airline reservation systems, hospital and government services, financial and banking applications…