20 matches found
Russian Hackers Exploit Adaptix Pentesting Tool in Ransomware Attacks
Silent Push wars of Russian hackers exploiting Adaptix, a pentesting tool built for Windows, Linux, and macOS, in ransomware campaigns...
When the Call Comes from Inside: The Rising Threat of Insider Recruitment in Ransomware Campaigns
In cybersecurity, we often say that attackers only need to be right once – and defenders need to be right every time. Traditionally, we’ve focused on perimeter breaches, phishing campaigns, and zero-day exploits. But increasingly, attackers are bypassing these hardened defenses and taking a...
EUVD-2023-35425
Malicious code in bioql PyPI...
ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners
A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners. The large-scale...
Ransomware hiding in fake AI, business tools
Artificial intelligence AI and small business tools are being abused as smokescreens to hit unsuspecting victims with ransomware. In the masquerade campaigns discovered by Cisco Talos, cybercriminals hid malware behind software and install packages that mimicked the websites or names of the lead...
Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer
Over the past year, Microsoft observed the persistent growth and operational sophistication of Lumma Stealer, an infostealer malware used by multiple financially motivated threat actors to target various industries. Our investigation into Lumma Stealer’s distribution infrastructure reveals a...
CyberPanel Multi CVE Pre-auth RCE
This module exploits three separate unauthenticated Remote Code Execution vulnerabilities in CyberPanel: - CVE-2024-51567: Command injection vulnerability in the "upgrademysqlstatus" endpoint. - CVE-2024-51568: Command Injection via the "completePath" parameter in the "outputExecutioner" sink. -...
VMware ESXi CVE-2024-37085 Targeted in Ransomware Campaigns
On Monday, July 29, Microsoft published an extensive threat intelligence blog on observed exploitation of CVE-2024-37085, an Active Directory integration authentication bypass vulnerability affecting Broadcom VMware ESXi hypervisors. The vulnerability, according to Redmond, was identified in...
FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT
The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT. "The threat actors used malicious websites to impersonate well-known brands,...
CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware
Today, as part of the Ransomware Vulnerability Warning Pilot RVWP, CISA launched two new resources for combating ransomware campaigns: A “Known to be Used in Ransomware Campaigns” column in the KEV Catalog that identifies KEVs associated with ransomware campaigns. A “Misconfigurations and...
CVE-2023-31096
An issue was discovered in Broadcom LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 aka AGRSM64.sys. There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory IOCTL 0x1b2150. An attacker can exploit this to elevate privileges from a medium-integrity process to...
Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm
The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process. "The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying...
QNAP Systems Photo Station 安全漏洞
QNAP Systems Photo Station is an online photo album from QNAP Systems. It is used to organize multimedia content photos and videos on Qnap Nas. A security vulnerability in QNAP Systems Photo Station can be exploited by an attacker to execute DeadBolt ransomware campaigns affecting the following...
Profiling DEV-0270: PHOSPHORUS’ ransomware operations
Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS. Microsoft assesses with moderate confidence that DEV-0270 conducts malicious network operations,...
REvil Ransomware Gang Adds Auction Feature for Stolen Data
The REvil ransomware gang also known as Sodinokibi has added an auction feature to its underground website that allows anonymous bidding on information stolen in its targeted ransomware campaigns. The auction capability appeared at the beginning of June, according to an analysis from Cyberint. In...
This Week in Security News: Ransomware Campaigns and Cryptocurrency Miners
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about continuing cybersecurity attacks targeting small governments. Also, read how XDR, Trend Micro’s newest solution, is more...
Shade Ransomware Expands to U.S. Targets
Shade, a ransomware known to target Russian victims, has been spotted in several recent campaigns scoping out new locations – including in the U.S. and Japan. The ransomware, first spotted in late 2014 by Kaspersky Lab researchers, has been known for focusing on Russian victims – but more recent...
How to Secure Your Mid-Size Organization From the Next Cyber Attack
If you are responsible for the cybersecurity of a medium-sized company, you may assume your organization is too small to be targeted. Well, think again. While the major headlines tend to focus on large enterprises getting breached – such as Sony, Equifax, or Target the actual reality is that smal...
Following Lull, New Campaigns Pushing Retooled 'Pumpkin' Locky
New and increasingly diverse variants of ransomware are released weekly, but developers behind the Locky strain have managed to keep the malware fresh in the face of changing trends. Researchers with Cisco’s Talos Security Intelligence and Research Group said this week they observed three separat...
Blackhole Exploit Kit Successor Years Away
It should shock no one that a viable successor to the Blackhole exploit kit has yet to emerge in the criminal underground. It’s been less than three months since the arrest of its alleged creator Paunch sent cybercriminals reliant on the toolkit scrambling for a replacement. And like any profitab...