5 matches found
New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data
The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascadi...
Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe
Poorly secured Microsoft SQL MS SQL servers are being targeted in the U.S., European Union, and Latin American LATAM regions as part of an ongoing financially motivated campaign to gain initial access. "The analyzed threat campaign appears to end in one of two ways, either the selling of 'access'...
Threat Actors Targeting Microsoft SQL Servers to Deploy FreeWorld Ransomware
Threat actors are exploiting poorly secured Microsoft SQL MS SQL servers to deliver Cobalt Strike and a ransomware strain called FreeWorld. Cybersecurity firm Securonix, which has dubbed the campaign DBJAMMER, said it stands out for the way the toolset and infrastructure is employed. "Some of the...
Actors, Threats and Vulnerabilities 23 January 2023 – 29 January 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Hive Pro discovered four actors that have been active in the past week. The first, APT40 and Tick, are well-known Chinese threat actors known for information theft and...
New Mimic Ransomware Abuses Everything APIs for its Encryption Process
Trend Micro researchers discovered a new ransomware that abuses the APIs of a legitimate tool called Everything, a Windows filename search engine developed by Voidtools that offers quick searching and real-time updates for minimal resource usage...