Lucene search
K

17 matches found

The Hacker News
The Hacker News
added 2026/01/28 9:46 a.m.11 views

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. "Discovered and patched in July 202...

8.8CVSS7.7AI score0.86192EPSS
Exploits43
The Hacker News
The Hacker News
added 2023/10/13 2:31 p.m.60 views

New PEAPOD Cyberattack Campaign Targeting Women Political Leaders

European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD. Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the nam...

7.5CVSS8.2AI score0.99083EPSS
Exploits3
Securelist
Securelist
added 2023/09/11 10:0 a.m.324 views

From Caribbean shores to your devices: analyzing Cuba ransomware

Introduction Knowledge is our best weapon in the fight against cybercrime. An understanding of how various gangs operate and what tools they use helps build competent defenses and investigate incidents. This report takes a close look at the history of the Cuba group, and their attack tactics,...

10CVSS10.5AI score0.99999EPSS
Exploits174
hivepro
hivepro
added 2023/08/29 9:21 a.m.10 views

Attacks, Vulnerabilities and Actors 21 August to 27 August 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of twelve attacks executed, six vulnerabilities, and three different adversaries...

6.8AI score
Exploits0
hivepro
hivepro
added 2023/08/22 1:26 a.m.39 views

Cuba Ransomware Targets U.S. with Veeam Exploit

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Cuba ransomware has targeted attacks on critical infrastructure organizations in the United States and IT enterprises across Latin America. In order to acquire credentials, it employs a blend of old...

5CVSS6.9AI score0.7761EPSS
Exploits4
CISA
CISA
added 2022/12/13 12:0 a.m.10 views

CISA Updates Advisory on #StopRansomware: Cuba Ransomware

The Federal Bureau of Investigation FBI and CISA have updated joint Cybersecurity Advisory AA22-335A: StopRansomware: Cuba Ransomware, originally released on December 01, 2022. The advisory has been updated to include additional indicators of compromise IOCs. CISA encourages organizations to revi...

2.8AI score
Exploits0References2
Malwarebytes
Malwarebytes
added 2022/12/02 7:0 a.m.25 views

CISA and the FBI issue alert about Cuba ransomware

In the latest StopRansomware effort of publicizing ransomware information for network defenders, the Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have issued a joint Cybersecurity Advisory CSA on the ransomware known as "Cuba." Though named...

1.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/12/02 6:4 a.m.73 views

Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities

The threat actors behind Cuba aka COLDDRAW ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of...

10CVSS1.1AI score0.99512EPSS
Exploits77
CISA
CISA
added 2022/12/01 12:0 a.m.15 views

#StopRansomware: Cuba Ransomware 

Today, the Federal Bureau of Investigation FBI and CISA released a joint Cybersecurity Advisory CSA StopRansomware: Cuba Ransomware to provide network defenders tactics, techniques, and procedures TTPs and indicators of compromise IOCs associated with Cuba ransomware. FBI investigations identifie...

2.2AI score
Exploits0References3
The Hacker News
The Hacker News
added 2022/11/03 9:20 a.m.93 views

Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT

The operators of RomCom RAT malware are continuing to evolve their campaigns by distributing rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro via fake copycat websites. Targets of the operation consist of victims in Ukraine an...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/09/02 1:18 p.m.16 views

Montenegro Is the Victim of a Cyberattack

Details are few, but Montenegro has suffered a cyberattack: A combination of ransomware and distributed denial-of-service attacks, the onslaught disrupted government services and prompted the country’s electrical utility to switch to manual control. … But the attack against Montenegro’s...

2.9AI score
Exploits0
hivepro
hivepro
added 2022/08/16 5:0 a.m.138 views

Vulnerabilities & Threats that Matter 08 – 14th Aug

Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 563 14 3 69 08 71 For a detailed threat digest, download the pdf file here Summary The second week of August 2022 witnessed the discovery of 563 vulnerabilities out of whi...

9.3CVSS1AI score0.9981EPSS
Exploits220
hivepro
hivepro
added 2022/08/11 12:34 p.m.101 views

Zero-day vulnerability leveraged to deploy Cuba Ransomware

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The threat actors behind the Cuba ransomware have stepped up their game by using a new Remote Access Trojan called ROMCOM and weaponizing a local privilege escalation vulnerabilityCVE-2022-24521. A wide range o...

4.6CVSS2.2AI score0.07304EPSS
Exploits2
The Hacker News
The Hacker News
added 2022/08/11 10:21 a.m.466 views

Hackers Behind Cuba Ransomware Attacks Using New RAT Malware

Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures TTPs, including a new remote access trojan called ROMCOM RAT on compromised systems. The new findings come from Palo Alto Networks' Unit 42 threat intelligence team,...

10CVSS0.7AI score0.99512EPSS
Exploits77
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/06/08 12:0 a.m.18 views

Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques

Trend Micro Research observed the resurgence of the Cuba ransomware group that launched a new malware variant using different infection techniques compared to past iterations. We discuss our initial findings in this report...

1.8AI score
Exploits0
hivepro
hivepro
added 2022/03/01 6:6 a.m.16 views

UNC2596 exploits Microsoft’s ProxyShell and ProxyLogon vulnerabilities to distribute Cuba Ransomware

...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2022/02/25 7:46 p.m.742 views

Microsoft Exchange Server Bugs Exploited by ‘Cuba’ Ransomware Gang

The ransomware gang known as “Cuba” is increasingly shifting to exploiting Microsoft Exchange vulnerabilities – including ProxyShell and ProxyLogon – as initial infection vectors, researchers have found. The group has likely been prying open these chinks in victims’ armor as early as last August,...

7.8AI score
Exploits0References11
Rows per page
Query Builder