Lucene search
K

13 matches found

The Hacker News
The Hacker News
added 2025/04/26 10:38 a.m.33 views

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

Cybersecurity researchers have detailed the activities of an initial access broker IAB dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/04 4:21 p.m.44 views

Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates

Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect BC module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. "Once infiltrated...

7.7AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2025/03/03 12:0 a.m.13 views

Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal

In this blog entry, we discuss how the Black Basta and Cactus ransomware groups utilized the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/26 12:0 a.m.7 views

PT-2024-12934 · Undefined · Undefined

OSINT CTI Qlik Sense Users - Adversary Tactics: - Initial Access: CVE-2023-412662, CVE-2023-412653 - RMMs: ManageEngine UEMS, Zoho Assist, DWAgent - Lateral Mov: RDP & PuTTY Link8 - Exfil: WizTree & Rclone - Impact: Cactus Ransomware https://t.co/gt0dhuFniS...

7.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/26 12:0 a.m.6 views

PT-2024-12933 · Undefined · Undefined

OSINT CTI Qlik Sense Users - Adversary Tactics: - Initial Access: CVE-2023-412662, CVE-2023-412653 - RMMs: ManageEngine UEMS, Zoho Assist, DWAgent - Lateral Mov: RDP & PuTTY Link8 - Exfil: WizTree & Rclone - Impact: Cactus Ransomware https://t.co/gt0dhuFniS...

7.3AI score
Exploits0References1
The Hacker News
The Hacker News
added 2024/03/04 5:24 a.m.70 views

Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure

U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. "Structured as a ransomware as a...

9.8CVSS8.1AI score0.99949EPSS
Exploits6
HackRead
HackRead
added 2024/01/31 12:26 p.m.23 views

Schneider Electric Energy Giant Confirms Cactus Ransomware Attack

By Waqas Schneider Electric Hit by Ransomware Attack: Sustainability Business Division Impacted. This is a post from HackRead.com Read the original post: Schneider Electric Energy Giant Confirms Cactus Ransomware Attack...

7.3AI score
Exploits0
hivepro
hivepro
added 2023/12/05 6:32 a.m.18 views

Attacks, Vulnerabilities and Actors 27 November to 3 December 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of eight attacks were executed, six vulnerabilities were uncovered, and two active adversaries were...

7.4AI score
Exploits0
hivepro
hivepro
added 2023/12/05 5:17 a.m.15 views

Cactus Ransomware Exploits Vulnerabilities in Qlik Sense

Summary: The Cactus ransomware is actively exploiting critical Qlik Sense vulnerabilities, with the ultimate goal of establishing persistence and enabling remote control, infiltrating corporate networks stealthily. This serves as a stark reminder that unpatched Qlik Sense instances are prime...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/12/04 4:20 a.m.39 views

Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware

Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. The DanaBot infections led to "hands-on-keyboard activity by ransomware operator Storm-0216 Twisted Spider, UNC2198, culminating in the deployment of...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/30 11:16 a.m.47 views

CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks

A CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into targeted environments. "This campaign marks the first documented instance ... where threat actors deployi...

9.9CVSS8.3AI score0.84967EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/08/29 12:0 a.m.30 views

CVE-2023-41265

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

9.9CVSS9.3AI score0.84967EPSS
In wildExploits0References5
The Hacker News
The Hacker News
added 2023/05/09 5:48 a.m.3 views

New Ransomware Strain 'CACTUS' Exploits VPN Flaws to Infiltrate Networks

Cybersecurity researchers have shed light on a new ransomware strain called CACTUS that has been found to leverage known flaws in VPN appliances to obtain initial access to targeted networks. "Once inside the network, CACTUS actors attempt to enumerate local and network user accounts in addition ...

6.9AI score
Exploits0
Rows per page
Query Builder