Samsung Admits Data Breach that Exposed Details of Some U.S. Customers

South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach. "In late July 2022, an unauthorized third-party acquired information from some of...

Architecting for Extortion: Acting on the IST’s Blueprint for Ransomware Defense

Last month, the Institute for Security and Technology’s IST Ransomware Task Force RTF launched the Blueprint for Ransomware Defense, a mitigation, response, and recovery plan for small- and medium-sized enterprises. This action plan is a cross-industry document that targets business leaders and...

Moisha Ransomware spotted launching highly targeted attacks

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Moisha ransomware based on .Net was first mentioned in mid-August, along with the PTMOISHA team, the threat actor behind it. This ransomware was developed to carry out very targeted attacks, as indicated...

Cyber Signals: 3 strategies for protection against ransomware

The “as a service” business model has gained widespread popularity as growing cloud adoption has made it possible for people to access important services through third-party providers. Given the convenience and agility of service offerings, perhaps it shouldn’t be surprising that the “as a servic...

Cyber Signals: 3 strategies for protection against ransomware

The “as a service” business model has gained widespread popularity as growing cloud adoption has made it possible for people to access important services through third-party providers. Given the convenience and agility of service offerings, perhaps it shouldn’t be surprising that the “as a servic...

CISA and FBI issue alert about Zeppelin ransomware

The Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA have released a joint Cybersecurity Advisory CSA about Zeppelin ransomware. The advisory contains indicators of compromise IOCs and tactics, techniques, and procedures TTPs associated with...

Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics

Zeppelin ransomware is back and employing new compromise and encryption tactics in its recent campaigns against various vertical industries—particularly healthcare—as well as critical infrastructure organizations, the feds are warning. Threat actors deploying the ransomware as a service RaaS are...

Hackers Behind Cuba Ransomware Attacks Using New RAT Malware

Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures TTPs, including a new remote access trojan called ROMCOM RAT on compromised systems. The new findings come from Palo Alto Networks' Unit 42 threat intelligence team,...

Industrial Spy trades stolen data on dark web Marketplace

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Since March 2022, Industrial Spy ransomware, a new menace in the threat environment, has been stealing and selling data on the dark web marketplace and conducting double extortion attacks, combining data theft...

For months, JusTalk messages were accessible to everyone on the Internet

JusTalk, a popular mobile video calling and messaging app with 20 million global users, exposed a massive database of supposedly private messages to the public Internet for months. According to security researcher Anurag Sen, who discovered the open database, the messages were stored unencrypted,...

For months, JusTalk messages were accessible to everyone on the Internet

JusTalk, a popular mobile video calling and messaging app with 20 million global users, exposed a massive database of supposedly private messages to the public Internet for months. According to security researcher Anurag Sen, who discovered the open database, the messages were stored unencrypted,...

The ransomware landscape changes as fewer victims decide to pay

Fewer victims are choosing to pay their ransomware extorters, especially among large enterprises, according to a recent investigation from Coveware. As a result of this, and other circumstances, we can see some shifts in the way that ransomware groups and their affiliates work. Large organization...

To Maze and Beyond: How the Ransomware Double Extortion Space Has Evolved

We're here with the final installment in our Pain Points: Ransomware Data Disclosure Trends report blog series, and today we're looking at a unique aspect of the report that clarifies not just what ransomware actors choose to disclose, but who discloses what, and how the ransomware landscape has...

Revamped version of Redeemer Ransomware has been uncovered on Dark Web Forums

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary A new version of the free Redeemer ransomware has been discovered on hacker forums, providing inexperienced threat actors with an easy entry into the field of encryption-backed extortion campaigns. The new 2.0...

A week in security (July 18 – July 24)

Last week on Malwarebytes Labs: Extortionists target restaurants, demand money to take down bad reviews The FTC will go after companies misusing location, health, and other sensitive data Roblox breached: Internal documents posted online by unknown attackers Warning for WordPress admins: Uninstal...

Vulnerabilities & Threats that Matter 11-17 July 2022

Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 580 37 2 World-wide 11 61 For a detailed threat digest, download the pdf file here Summary The second week of July 2022 witnessed the discovery of 580 vulnerabilities out ...

Roblox breached: Internal documents posted online by unknown attackers

A data compromise situation has impacted Roblox Corporation, the developers of the massive smash-hit video game Roblox. An as-yet unknown attacker has breached an employee account, and is in the process of exposing the data theyve collected. Nobody knows if theyve exhausted their newly-plundered...

Extortionists target restaurants, demand money to take down bad reviews

Restaurants and other eating establishments are being targeted by extortionists who post fake reviews online and then offer to remove them in exchange for a gift card. The possibility has always existed to leave poor reviews on Google Maps and elsewhere. However, seeing fraudsters get organised a...

Emerging H0lyGh0st Ransomware Tied to North Korea

Microsoft researchers have linked an emerging ransomware threat that already has compromised a number of small-to-mid-sized businesses to financially motivated North Korean state-sponsored actors that have been active since last year. The group has successfully compromised small-to-mid-sized...

North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware

An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Thre...