17 matches found
Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088
Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. "Discovered and patched in July 202...
New PEAPOD Cyberattack Campaign Targeting Women Political Leaders
European Union military personnel and political leaders working on gender equality initiatives have emerged as the target of a new campaign that delivers an updated version of RomCom RAT called PEAPOD. Cybersecurity firm Trend Micro attributed the attacks to a threat actor it tracks under the nam...
From Caribbean shores to your devices: analyzing Cuba ransomware
Introduction Knowledge is our best weapon in the fight against cybercrime. An understanding of how various gangs operate and what tools they use helps build competent defenses and investigate incidents. This report takes a close look at the history of the Cuba group, and their attack tactics,...
Attacks, Vulnerabilities and Actors 21 August to 27 August 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of twelve attacks executed, six vulnerabilities, and three different adversaries...
Cuba Ransomware Targets U.S. with Veeam Exploit
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Cuba ransomware has targeted attacks on critical infrastructure organizations in the United States and IT enterprises across Latin America. In order to acquire credentials, it employs a blend of old...
CISA Updates Advisory on #StopRansomware: Cuba Ransomware
The Federal Bureau of Investigation FBI and CISA have updated joint Cybersecurity Advisory AA22-335A: StopRansomware: Cuba Ransomware, originally released on December 01, 2022. The advisory has been updated to include additional indicators of compromise IOCs. CISA encourages organizations to revi...
CISA and the FBI issue alert about Cuba ransomware
In the latest StopRansomware effort of publicizing ransomware information for network defenders, the Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have issued a joint Cybersecurity Advisory CSA on the ransomware known as "Cuba." Though named...
Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities
The threat actors behind Cuba aka COLDDRAW ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of...
#StopRansomware: Cuba Ransomware
Today, the Federal Bureau of Investigation FBI and CISA released a joint Cybersecurity Advisory CSA StopRansomware: Cuba Ransomware to provide network defenders tactics, techniques, and procedures TTPs and indicators of compromise IOCs associated with Cuba ransomware. FBI investigations identifie...
Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT
The operators of RomCom RAT malware are continuing to evolve their campaigns by distributing rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro via fake copycat websites. Targets of the operation consist of victims in Ukraine an...
Montenegro Is the Victim of a Cyberattack
Details are few, but Montenegro has suffered a cyberattack: A combination of ransomware and distributed denial-of-service attacks, the onslaught disrupted government services and prompted the country’s electrical utility to switch to manual control. … But the attack against Montenegro’s...
Vulnerabilities & Threats that Matter 08 – 14th Aug
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 563 14 3 69 08 71 For a detailed threat digest, download the pdf file here Summary The second week of August 2022 witnessed the discovery of 563 vulnerabilities out of whi...
Zero-day vulnerability leveraged to deploy Cuba Ransomware
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The threat actors behind the Cuba ransomware have stepped up their game by using a new Remote Access Trojan called ROMCOM and weaponizing a local privilege escalation vulnerabilityCVE-2022-24521. A wide range o...
Hackers Behind Cuba Ransomware Attacks Using New RAT Malware
Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures TTPs, including a new remote access trojan called ROMCOM RAT on compromised systems. The new findings come from Palo Alto Networks' Unit 42 threat intelligence team,...
Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques
Trend Micro Research observed the resurgence of the Cuba ransomware group that launched a new malware variant using different infection techniques compared to past iterations. We discuss our initial findings in this report...
UNC2596 exploits Microsoft’s ProxyShell and ProxyLogon vulnerabilities to distribute Cuba Ransomware
...
Microsoft Exchange Server Bugs Exploited by ‘Cuba’ Ransomware Gang
The ransomware gang known as “Cuba” is increasingly shifting to exploiting Microsoft Exchange vulnerabilities – including ProxyShell and ProxyLogon – as initial infection vectors, researchers have found. The group has likely been prying open these chinks in victims’ armor as early as last August,...