SolarWinds: The Untold Story of the Boldest Supply-Chain Hack

The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation...

Healthy security habits to fight credential breaches: Cyberattack Series

Fifty percent of Microsoft cybersecurity recovery engagements relate to ransomware,1 and 61 percent of all breaches involve credentials.2 In this second report in our ongoing Cyberattack Series, we look at the steps taken to discover, understand, and respond to a push-bombing request that targete...

Healthy security habits to fight credential breaches: Cyberattack Series

Fifty percent of Microsoft cybersecurity recovery engagements relate to ransomware,1 and 61 percent of all breaches involve credentials.2 In this second report in our ongoing Cyberattack Series, we look at the steps taken to discover, understand, and respond to a push-bombing request that targete...

Black Basta ransomware attacks Yellow Pages Canada

The Canadian Yellow Pages Group has confirmed it recently became victim of a cyberattack. The Black Basta ransomware group has claimed responsibility for this attack by posting about Yellow Pages on the "Basta News" leak site. When such a post shows up, it usually means that negotiations with the...

Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites

Threat actors have been observed leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an ongoing campaign, Sucuri revealed in a report published last week. The plugin in question is Eval PHP, released by a developer named flashpixx. It allows users...

Daggerfly Cyberattack Campaign Hits African Telecom Services Providers

Telecommunication services providers in Africa are the target of a new campaign orchestrated by a China-linked threat actor at least since November 2022. The intrusions have been pinned on a hacking crew tracked by Symantec as Daggerfly, and which is also monitored by the broader cybersecurity...

DFIR via XDR: How to expedite your investigations with a DFIRent approach

Rapid technological evolution requires security that is resilient, up to date and adaptable. In this article, we will cover the transformation in the field of DFIR digital forensics and incident response in the last couple years, focusing on the digital forensics' aspect and how XDR fits into the...

80K QNAP Devices Vulnerable to Cyberattack

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Multiple QNAP operating systems have been impacted by two vulnerabilities that could potentially allow remote authenticated users to access secret values. To receive real-time threat advisories,...

UK Criminal Records Office Crippled by Potential Ransomware Attack

By Waqas The Criminal Records Office ACRO of the United Kingdom has acknowledged the cyberattack but did not confirm whether it was a ransomware attack. This is a post from HackRead.com Read the original post: UK Criminal Records Office Crippled by Potential Ransomware Attack...

Western Digital Security Breach – Hackers infiltrate Internal Systems

By Waqas The cyberattack has forced the technology giant to shut down and take some of its operations offline. This is a post from HackRead.com Read the original post: Western Digital Security Breach - Hackers infiltrate Internal Systems...

Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity

The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's wide...

Suprbay.org, The Pirate Bay Web Forum Down amid Cyberattack

By Deeba Ahmed The SuprBay forum has been inaccessible for a few days. This is a post from HackRead.com Read the original post: Suprbay.org, The Pirate Bay Web Forum Down amid Cyberattack...

LockBit ransomware demands $2 million for Pierce Transit data

The Pierce County Public Transportation Benefit Area Corporation Pierce Transit has fallen victim to a cyberattack using LockBit ransomware. Pierce Transit is a public transit operator in Washington state. The attack began on February 14, 2023, and required Pierce Transit to implement temporary...

SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics

The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features...

A week in security (February 20 - 26)

Last week on Malwarebytes Labs: GoAnywhere zero-day opened door to Clop ransomware Chip company loses $250m after ransomware hits supply chain GoDaddy says it's a victim of multi-year cyberattack campaign Twitter and two-factor authentication: What's changing? How to set up two-factor...

Malwarebytes wins 2023 CRN 'Coolest Endpoint And Managed Security Companies' award

CRN, a trusted source for IT channel news and analysis, has named Malwarebytes one of the "Coolest Endpoint And Managed Security Companies" on the 2023 CRN Security 100 list. The CRN Security 100 highlights channel-friendly cybersecurity vendors across a number of market segments including Endpoi...

K42406850: F5 SIRT response to the Ukraine crisis

Security Advisory Description Over the past few weeks, the world has watched as tensions have risen between Russia and Ukraine, and most recently, those tensions have escalated into a military conflict. F5 is deeply concerned for the safety of those in harm's way and the impact to everyone affect...

GoDaddy says it's a victim of multi-year cyberattack campaign

Hosting and domain name company GoDaddy says it believes a "sophisticated threat actor group" has been subjecting the company to a multi-year attack campaign, the most recent of which occurred in December 2022. In December, it received complaints about customer websites being periodically...

Global ESXiArgs ransomware attack on the back of a two-year-old vulnerability

Global ESXiArgs Ransomware Attack on the Back of a Two-Year-Old Vulnerability By John Fokker, Alfred Alvarado, Tim Hux, Jeffrey Sman, Joao Marques · February 09, 2023 Figure 1: Global Telemetry from Trellix ATLAS for Ips connecting to port 427 Introduction: Early this week, VMware issued a...

Solving one of NOBELIUM’s most novel attacks: Cyberattack Series

Our story begins with eight Microsoft Detection and Response Team DART analysts gathered around a customer’s conference room to solve a cybersecurity mystery. Joined by members of the customer’s cybersecurity team, they were there to figure out how a Russia-based nation-state hacking group known ...