Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained

Overview For executive leadership, the emergence of Kyber ransomware represents a significant and immediate threat due to its specialized, dual-platform deployment capability targeting mission-critical virtualization infrastructure VMware ESXi and core Windows file systems. This cross-platform...

Claude AI chatbot abused to launch “cybercrime spree”

Anthropic—the company behind the widely renowned coding chatbot, Claude—says it uncovered a large-scale extortion operation in which cybercriminals abused Claude to automate and orchestrate sophisticated attacks. The company issued a Threat Intelligence report in which it describes several...

Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide

An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. Knight aka Cyclops 2.0 ransomware first arrived in May 2023, employing double extortion tactics to...

Bl00dy Ransomware Gang Strikes Education Sector with Critical PaperCut Vulnerability

U.S. cybersecurity and intelligence agencies have warned of attacks carried out by a threat actor known as the Bl00dy Ransomware Gang that attempt to exploit vulnerable PaperCut servers against the education facilities sector in the country. The attacks took place in early May 2023, the Federal...

⚡Top Cybersecurity News Stories This Week — Cybersecurity Newsletter

Hey 👋 there, cyber friends! Welcome to this week's cybersecurity newsletter, where we aim to keep you informed and empowered in the ever-changing world of cyber threats. In today's edition, we will cover some interesting developments in the cybersecurity landscape and share some insightful analys...

ESXiArgs Ransomware Hits Over 500 New Targets in European Countries

More than 500 hosts have been newly compromised en masse by the ESXiArgs ransomware strain, most of which are located in France, Germany, the Netherlands, the U.K., and Ukraine. The findings come from attack surface management firm Censys, which discovered "two hosts with strikingly similar ranso...

Pandora Ransomware Targets Multiple Plants around the Globe

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Pandora ransomware is a new operation that targets business networks and obtains data for double-extortion assaults and active since March 2022. DENSO, a Japanese auto parts manufacturers plant in Germany, and Global Wafers...

Threat spotlight: Phobos ransomware lives up to its name

Ransomware has struck dead on organizations since it became a mainstream tool in cybercriminals' belts years ago. From massive WannaCry outbreaks in 2017 to industry-focused attacks by Ryuk in 2019, ransomware's got its hooks in global businesses and shows no signs of stopping. That includes a...

TAU Threat Intelligence Notification: Shade Ransomware

Summary Recently there is a new wave of malicious spam campaign distributing Shade ransomware via sending malicious JavaScript attachments. The spam campaign was mainly targeting users from Russia, and the ransom note was written in both Russian and English. This variant of Shade ransomware will...

SamSam Ransomware

Summary The Department of Homeland Security DHS National Cybersecurity and Communications Integration Center NCCIC and the Federal Bureau of Investigation FBI are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, th...

The WireX Botnet: An Example of Cross-Organizational Cooperation

On August 17th, 2017, multiple Content Delivery Networks CDNs and content providers were subject to significant attacks from a botnet dubbed WireX. The botnet is named for an anagram for one of the delimiter strings in its command and control protocol. The WireX botnet comprises primarily Android...

Linguistic Analysis Suggests WannaCry Hackers Could be From Southern China

It’s been almost four weeks since the outcry of WannaCry ransomware, but the hackers behind the self-spread ransomware threat have not been identified yet. However, two weeks ago researchers at Google, Kaspersky Lab, Intezer and Symantec linked WannaCry to ‘Lazarus Group,’ a state-sponsored hacki...

MongoDB Attacks Jump From Hundreds to 28,000 In Just Days

Security researchers report a massive uptick in the number of MongoDB databases hijacked and held for ransom. On Monday, researcher Niall Merrigan reported 28,000 misconfigured MongoDB were attacked by more than a dozen hacker groups. That’s sharp increase from last week when 2,000 MongoDB had be...

Insecure Redis Instances at Core of Attacks Against Linux Servers

A recent run of attacks against Linux servers called Fairware has been traced to insecure internet-facing Redis installations that hackers have abused to delete web folders and, in some cases, install malicious code. Redis is an open source tool used by web application developers for the purpose ...