Solving one of NOBELIUM’s most novel attacks: Cyberattack Series

Our story begins with eight Microsoft Detection and Response Team DART analysts gathered around a customer’s conference room to solve a cybersecurity mystery. Joined by members of the customer’s cybersecurity team, they were there to figure out how a Russia-based nation-state hacking group known ...

ION starts bringing customers back online after LockBit ransomware attack

ION Group, a financial software firm, is reportedly beginning to bring clients back online after being hit by a ransomware attack late last week. The Russian-linked LockBit ransomware group claimed responsibility for attacking a division of ION Group, which affecting 42 clients in Europe and the...

Florida hospital takes entire IT systems offline after 'ransomware attack'

Tallahassee Memorial Healthcare TMH, a major hospital system in northern Florida, has reportedly been experiencing an "IT security issue" since Thursday evening, which impacted some of its IT systems. When TMH learned of the issue, it took its entire IT systems offline as a precaution and contact...

Cyberattack on Medical and Energy Sector by Lazarus Group

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A cyber-attack conducted by North Korean state-sponsored Lazarus Group targeted public and private sector research organizations, the medical research and energy sector as well as their supply chain for...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly adde...

Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry

A new attack campaign has been targeting the gaming and gambling sectors since at least September 2022, just as the ICE London 2023 gaming industry trade fair event is scheduled to kick off next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice...

A week in security (January 9—15)

Last week on Malwarebytes Labs: Slack private code on GitHub stolen Crypto-inspired Magecart skimmer surfaces via digital crime haven Security vulnerabilities in major car brands revealed Microsoft ends extended support for Windows 7 and Windows Server 2008 today Pokemon NFT card game malware...

Russian Ransomware Gang Attack Destabilizes UK Royal Mail

Plus: Joe Biden’s classified-documents scandal, the end of security support for Windows 7, and more...

Cyberattack halts Royal Mail's overseas post

If youre looking to send letters or parcels outside of the UK using Royal Mail, youll want to hold off for a little while. Royal Mail is suffering from "severe disruption" after an unnamed cyber incident. While no specifics are currently available, Royal Mail has disclosed enough to let us know...

2023 prediction: Security workforce shortage will lead to nationally significant cyberattack

If 2022 was any indication, businesses are about to face an unprecedented volume, frequency, and sophistication of cyberthreats in 2023. Global cyberattacks have increased by 483 percent over the last two years, and at the current rate of growth, damage from such attacks will amount to $10.5...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly adde...

Arresting IT Administrators

This is one way of ensuring that IT keeps up with patches: Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by alleged Iranian hackers. Prosecutors said the five IT officials of the public...

Attackers Keep Targeting the US Electric Grid

Plus: Chinese hackers stealing US Covid relief funds, a cyberattack on the Met Opera website, and more...

A Closer Look at Ransomware Attack Trends in APJ

Read about the surge of ransomware as a service RaaS cyberattack trends in APJ, and the infamous and prolific Conti group’s role in them...

Hive Ransomware is on the rise. How should you deal with it?

Why Now? Hive is not a new problem. It first surfaced in 2021 but it’s becoming a much bigger issue now. This is due to a growing number of affiliates and therefore attacks. 2022 has seen more widespread country and industry target interest too. Ransomware growth in general is becoming a massive...

Complete Guide to Protecting 7 Attack Vectors

The quicker a cyberattack is identified, the less it costs. Jon Clay, VP of Threat Intelligence, reviews 7 key initial attack vendors and provides proactive security tips to help you reduce cyber risk across the attack surface...

Harsher penalties for data breaches in new Australian privacy bill

High-profile breaches mean high-profile action In the aftermath of another crop of high-profile data breaches, the Australian Government also known as the Commonwealth Government has introduced amendments to Australian privacy law which give the regulator new powers and the ability to impose...

The Conviction of Uber’s Chief Security Officer

I have been meaning to write about Joe Sullivan, Ubers former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. Its a complicated case, and Im not convinced that he deserved a guilty ruling or that its a good thing for the industry. I may still...

Incident Response Services & Playbooks Guide

63% of c-level executives in the US don’t have an incident response plan yet 50% of organizations experience a cyberattack. Explore incident response services and playbooks to strengthen your cyber defenses...

Stopping C2 communications in human-operated ransomware through network protection

Command-and-control C2 servers are an essential part of ransomware, commodity, and nation-state attacks. They are used to control infected devices and perform malicious activities like downloading and launching payloads, controlling botnets, or commanding post-exploitation penetration frameworks ...