8 matches found
Storm-0978 attacks reveal financial and espionage motives
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before disclosu...
Storm-0978 attacks reveal financial and espionage motives
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before disclosu...
CISA and the FBI issue alert about Cuba ransomware
In the latest StopRansomware effort of publicizing ransomware information for network defenders, the Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have issued a joint Cybersecurity Advisory CSA on the ransomware known as "Cuba." Though named...
Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities
The threat actors behind Cuba aka COLDDRAW ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of...
#StopRansomware: Cuba Ransomware
Today, the Federal Bureau of Investigation FBI and CISA released a joint Cybersecurity Advisory CSA StopRansomware: Cuba Ransomware to provide network defenders tactics, techniques, and procedures TTPs and indicators of compromise IOCs associated with Cuba ransomware. FBI investigations identifie...
Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT
The operators of RomCom RAT malware are continuing to evolve their campaigns by distributing rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro via fake copycat websites. Targets of the operation consist of victims in Ukraine an...
Industrial Spy trades stolen data on dark web Marketplace
Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Since March 2022, Industrial Spy ransomware, a new menace in the threat environment, has been stealing and selling data on the dark web marketplace and conducting double extortion attacks, combining data theft...
Hospitals taken offline after cyberattack
The GHT Coeur Grand Est has become a victim of a cyberattack on the hospital centers of Vitry-le-François and Saint-Dizier. The hospital’s administration has warned French that data have been exfiltrated and might be used for phishing in the future. As a consequence, the GHT Cœur Grand Est has cu...