Tag: group
-
Ransomware Groups Target Organizations to Exfiltrate Data and Blackmail via Leak Site Posts
by
in SecurityNewsRansomware attacks have continued their relentless assault on organizations worldwide, with a focus on data exfiltration and subsequent blackmail through leak site posts. Rapid7 Labs’ analysis of internal and public data provides insights into the evolving landscape of ransomware threats. Evolving Tactics in Ransomware Operations The ransomware ecosystem has seen a shift where established and…
-
Hellcat Ransomware Upgrades Arsenal to Target Government, Education, and Energy Sectors
by
in SecurityNews
Tags: attack, cyber, cybersecurity, exploit, government, group, phishing, ransomware, service, spear-phishing, tactics, vulnerability, zero-dayThe cybersecurity community has raised alarms over the rapid evolution of the Hellcat ransomware group, which has escalated its tactics to target critical sectors. Hellcat, which emerged in mid-2024, now employs a sophisticated blend of psychological manipulation, zero-day vulnerabilities, and Ransomware-as-a-Service (RaaS) to expand its influence. Spear Phishing and Zero-day Exploits Hellcat operators initiate attacks…
-
Medusa Ransomware Claims NASCAR Breach in Latest Attack
by
in SecurityNewsMedusa ransomware hits NASCAR, demands $4M ransom, leaks internal files. Group also claims Bridgebank, McFarland, and Pulse Urgent Care. First seen on hackread.com Jump to article: hackread.com/medusa-ransomware-claims-nascar-breach-latest-attack/
-
Group-IB Launches Strategic Partner Program to Expand Cybersecurity Collaboration in Europe
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/group-ib-launches-strategic-partner-program-to-expand-cybersecurity-collaboration-in-europe
-
Third-party ransomware attack jeopardizes DBS Group, Bank of China Singapore data
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/third-party-ransomware-attack-jeopardizes-dbs-group-bank-of-china-singapore-data
-
Labour MPs launch digital ID campaign
by
in SecurityNewsA large group of Labour MPs have called for the introduction of a digital ID system to crack down on illegal migration and benefits fraud First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366622277/Labour-MPs-launch-digital-ID-campaign
-
New GIFTEDCROOK Stealer Targets Government Organizations to Exfiltrate Sensitive Data
by
in SecurityNewsCybersecurity experts have uncovered an alarming escalation in cyber-espionage operations targeting Ukrainian critical sectors, as outlined in CERT-UA’s latest alert, CERT-UA#14303. The campaign, attributed to the UAC-0226 hacking group, leverages a sophisticated C/C++-based stealer called GIFTEDCROOK to infiltrate systems, steal sensitive data, and exfiltrate it via covert channels. The operation has been active since February…
-
Everest ransomware group’s Tor leak site offline after a defacement
by
in SecurityNewsThe Tor leak site of the Everest ransomware group went offline after being hacked and defaced over the weekend. The Everest ransomware gang’s darknet site went offline after being hacked and defaced, with victim listings replaced by the following message. “Don’t do crime CRIME IS BAD xoxo from Prague” read the message published on the…
-
CVE-2024-11859: ToddyCat Group Hides Malware in ESET’s Scanner to Bypass Security
Advanced Persistent Threat (APT) groups are constantly evolving their techniques to evade detection. Kaspersky Labs has recently uncovered a sophisticated method employed by the ToddyCat group: hiding their malicious activity within the context of legitimate security software. In early 2024, Kaspersky’s investigation into ToddyCat incidents revealed a suspicious file named >>version.dll
-
Smishing Triad Expands Fraud Campaign, Targets Toll Payment Services
by
in SecurityNewsA China-based cybercriminal group known as the Smishing Triad is escalating its smishing activities, now targeting consumers in the US and UK with fraudulent text messages related to toll payment services. The Resecurity report reveals that these campaigns involve deceptive text messages that claim unpaid toll bills or payment requests linked to services like FasTrak,…
-
Google hopes its experimental AI model can unearth new security use cases
by
in SecurityNewsSecGemini is free, but its access will initially be limited to a select group of organizations that will test the model in their own cybersecurity work. First seen on cyberscoop.com Jump to article: cyberscoop.com/google-sec-gemini-experimental-ai-cybersecurity-assistant/
-
FedRAMP’s Automation Goal Brings Major Promises – and Risks
by
in SecurityNewsAnalysts Praise FedRAMPs Speed Goals, But Worry About Unclear Execution Details. The General Services Administration is aiming to speed up cloud approvals by automating security assessments for FedRAMP, but experts tell Information Security Media Group that key questions remain on its execution, with concerns over vague directives and the impact on existing processes. First seen…
-
Lazarus Expands NPM Campaign With Trojan Loaders
by
in SecurityNewsNorth Korea’s Lazarus Deploys Malicious NPM Packages to Steal Data. North Korea’s Lazarus Group expanded a malicious campaign of uploading malicious code to the JavaScript runtime environment npm repository, publishing 11 packages embedded with Trojan loaders. Researchers identified 11 malicious packages in the repository, a hotspot for supply chain attacks. First seen on govinfosecurity.com Jump…
-
Threat Actors Exploit Toll Payment Services in Widespread Hacking Campaign
by
in SecurityNewsIn a sophisticated cybercrime operation, the Smishing Triad, a China-based group, has been identified as the orchestrator behind a surge in smishing campaigns targeting consumers in the US and UK. These campaigns exploit toll payment services like FasTrak, E-ZPass, and I-Pass, with expectations of expanding globally. The Smishing Triad’s Modus Operandi The group employs fraudulent…
-
ToddyCat Attackers Exploited ESET Command Line Scanner Vulnerability to Conceal Their Tool
by
in SecurityNewsIn a sophisticated cyberattack, the notorious ToddyCat APT group utilized a previously unknown vulnerability in ESET’s Command Line Scanner (ecls) to mask their malicious activities. The attack came to light when researchers detected a suspicious file named version.dll in the temp directories of multiple compromised systems. This file was identified as a tool called TCESB,…
-
Russia arrests CEO of tech company linked to Doppelgänger disinformation campaign
by
in SecurityNewsTwo other employees at the St. Petersburg-based hosting provider Azea Group were arrested. The company has alleged links to state-sponsored disinformation campaigns and cybercriminal infrastructure. First seen on therecord.media Jump to article: therecord.media/doppelganger-ceo-arrests-russia-tech
-
Ransomware Underground Faces Declining Relevance
by
in SecurityNewsRising Attacks Masks Lowering Profits, Attention Economy Competition Ransomware groups’ collective power to command victims’ attention and compel extortion is waning, notwithstanding the disruption and chaos that continues to be their hallmark. The criminal underground powering ransomware is a world in flux where old, established groups are giving way to new brands. First seen on…
-
An Operator’s Guide to Device-Joined Hosts and the PRT Cookie
by
in SecurityNewsIntroduction About five years ago, Lee Chagolla-Christensen shared a blog detailing the research and development process behind his RequestAADRefreshToken proof-of-concept (POC). In short, on Entra ID joined (including hybrid joined) hosts, it’s possible to obtain a primary refresh token (PRT) cookie from the logged in user’s logon session, enabling an attacker to satisfy single-sign-on (SSO)…
-
Scattered Spider’s ‘King Bob’ Pleads Guilty to Cyber Charges
by
in SecurityNewsThe 20-year-old was arrested in January 2024 alongside four other group members who carried out related cybercriminal acts, earning them similar charges. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/scattered-spider-king-bob-pleads-guilty-charges
-
Everest ransomware group’s darknet site offline following defacement
by
in SecurityNewsThe darknet leak site used by the ransomware gang Everest went offline Monday after being apparently hacked and defaced over the weekend. First seen on therecord.media Jump to article: therecord.media/everest-ransomware-site-offline-following-defacement
-
Flaw in ESET security software used to spread malware from ToddyCat group
by
in SecurityNewsResearchers said a vulnerability in software from security firm ESET was used to spread malware. The company has acknowledged the bug and patched it. First seen on therecord.media Jump to article: therecord.media/eset-software-vulnerability-malware-toddycat-apt
-
Five Steps to Move to Exposure Management
by
in SecurityNews
Tags: access, attack, breach, business, cloud, compliance, cve, cyber, data, exploit, group, identity, infrastructure, Internet, iot, monitoring, network, password, risk, service, software, strategy, technology, threat, tool, vulnerability, vulnerability-managementEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we explore the five steps to take on your journey to exposure management. You can read the entire Exposure Management Academy series here. Chances are, you’re buried in vulnerabilities and…
-
HellCat, Rey, and Grep Groups Dispute Claims in Orange and HighWire Press Cases
by
in SecurityNewsSuspectFile.com has uncovered a complex web of overlapping claims and accusations within the cybercrime underworld, highlighting a case involving the ransomware groups HellCat, Rey, and grep, along with the controversial group Babuk2. The investigation delves into two significant cyberattacks: one against the telecommunications company >>Orange>HighWire Press.
-
A member of the Scattered Spider cybercrime group pleads guilty
by
in SecurityNewsA 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California. Noah Urban, a 20-year-old from Palm Coast, pleaded guilty to conspiracy, wire fraud, and identity theft in two federal cases, one in Florida and another in California. >>In the California case, he pleaded guilty to…
-
20-Year-Old Scattered Spider Hacker Pleads Guilty in Major Ransomware Case
by
in SecurityNewsA 20-year-old Noah Urban, a resident of Palm Coast, Florida, pleaded guilty to a series of federal charges in a Jacksonville courtroom. Urban, linked to the infamous Scattered Spider hacking group, admitted to charges of conspiracy, wire fraud, and aggravated identity theft in Florida, as well as conspiracy to commit wire fraud in a separate…
-
Lazarus Adds New Malicious npm Using Hexadecimal String Encoding to Evade Detection Systems
by
in SecurityNewsNorth Korean state-sponsored threat actors associated with the Lazarus Group have intensified their Contagious Interview campaign by deploying novel malicious npm packages leveraging hexadecimal string encoding to bypass detection mechanisms. These packages deliver BeaverTail infostealers and remote access trojan (RAT) loaders, targeting developers to exfiltrate credentials, financial data, and cryptocurrency wallets. SecurityScorecard researchers identified 11…
-
EDR-as-a-Service makes the headlines in the cybercrime landscape
by
in SecurityNewsCybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as “EDR-as-a-Service,” is taking hold in the cybersecurity landscape. In a nutshell, some criminal groups are exploiting compromised accounts belonging to law enforcement […]…
-
Credential Dumping: GMSA
by
in SecurityNewsReadGMSAPassword Attack is a technique where attackers abuse misconfigured Group Managed Service Accounts (gMSA) to retrieve their passwords. In Active Directory, only specific computers or First seen on hackingarticles.in Jump to article: www.hackingarticles.in/credential-dumping-gmsa/