14 matches found
CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17
The U.S. Cybersecurity and Infrastructure Security Agency CISA has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday added five...
CISA Releases Update to Royal Ransomware Advisory
Today, the Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA released an update to joint Cybersecurity Advisory CSA StopRansomware: Royal Ransomware. The updated advisory provides network defenders with additional information on tactics, techniques,...
From Malvertising to Ransomware: A ThreatDown webinar recap
Our recent webinar From Malvertising to Ransomware highlight the clear connection between malvertising--the practice of embedding malicious code within legitimate online advertisements--and the epidemic of ransomware attacks affecting businesses globally. Presented by Mark Stockley, security...
A week in security (June 19 - 25)
Last week on Malwarebytes Labs: Microsoft Azure AD flaw can lead to account takeover 5 facts to know about the Royal ransomware gang Malwarebytes only vendor to win every MRG Effitas award in 2022 & 2023 UPS warns customers of phishing attempts after data accessed 6 tips for a cybersecure honeymo...
5 facts to know about the Royal ransomware gang
When we first introduced the Royal ransomware gang in our November 2022 review, little did we know they'd rapidly evolve into one of the most potent threats in our ongoing monthly threat intelligence briefings. In fact, the Malwarebytes Threat Intelligence team has tracked down a staggering 195...
New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal
An analysis of the Linux variant of a new ransomware strain called BlackSuit has covered significant similarities with another ransomware family called Royal. Trend Micro, which examined an x64 VMware ESXi version targeting Linux machines, said it identified an "extremely high degree of similarit...
A week in security (March 6 - 12)
Last week on Malwarebytes Labs: 8 cybersecurity tips to keep you safe when travelling National Cybersecurity Strategy Document: What you need to know Intel CPU vulnerabilities fixed. But should you update? Warning issued over Royal ransomware Play ransomware gang leaks City of Oakland data...
Warning issued over Royal ransomware
As part of its StopRansomware effort, the Cybersecurity and Infrastructure Security Agency CISA has published a Cybersecurity Advisory CSA about Royal ransomware. Royal ransomware is a Ransomware-as-a-service Raas that first made an appearance in January 2022. In September of that year, it began...
U.S. Cybersecurity Agency Raises Alarm Over Royal Ransomware's Deadly Capabilities
The U.S. Cybersecurity and Infrastructure Security Agency CISA has released a new advisory about Royal ransomware, which emerged in the threat landscape last year. "After gaining access to victims' networks, Royal actors disable antivirus software and exfiltrate large amounts of data before...
Quarterly Report: Incident Response Trends in Q4 2022
Syncro, a remote management and monitoring tool, emerges as an increasingly common tool for adversaries. By Caitlin Huey. Ransomware continued to be a top threat Cisco Talos Incident Response Talos IR responded to this quarter, with appearances from both previously seen and newly observed...
Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks
From September to December, we detected multiple attacks from the Royal ransomware group. In this blog entry, we discuss findings from our investigation of this ransomware and the tools that Royal ransomware actors used to carry out their attacks...
Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware
A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group...
DEV-0569 finds new ways to deliver Royal ransomware, various payloads
Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed DEV-0569 attacks show a pattern of...
DEV-0569 finds new ways to deliver Royal ransomware, various payloads
Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed DEV-0569 attacks show a pattern of...