14 matches found
CTEM for Financial Services: Protect What Matters Most
Financial institutions process trillions of dollars in transactions every day. One exploited vulnerability can freeze operations, trigger regulatory penalties, and erode customer trust overnight. Traditional vulnerability management, which scans, scores, and queues patches, cannot keep pace with...
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat actor's high operational tempo and...
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
In this article 1. Storm-1175’s rapid attack chain: From initial access to impact 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Indicators of compromise The financially motivated cybercriminal actor tracked by Microsoft Threat Intelligence as Storm-1175 operates...
STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware
Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565. Cybersecurity company Sophos said it investigated almost 40 intrusions linked to the threat actor between February 2024 and August 2025. The campaign is...
PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems
The Cybersecurity and Infrastructure Security Agency CISA is aware of ongoing intrusions by People’s Republic of China PRC state-sponsored cyber actors using BRICKSTORM malware for long-term persistence on victim systems. BRICKSTORM is a sophisticated backdoor for VMware vSphere1,2 and Windows...
Ransomware review: July 2022
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. In July, LockBit maintained...
How to Reduce the Risk of Buy Now, Pay Later Fraud
According to a recent FinTech trends report, 2022 is expected to be a big year for Buy Now, Pay Later BNPL. Apple’s recent announcement of its entry into BNPL with Apple Pay Later represents a seismic boom for a sector which is projected to top $1 trillion in annual gross merchandise volume by...
Tarrask malware uses scheduled tasks for defense evasion
As Microsoft continues to track the high-priority state-sponsored threat actor HAFNIUM, new activity has been uncovered that leverages unpatched zero-day vulnerabilities as initial vectors. The Microsoft Detection and Response Team DART in collaboration with the Microsoft Threat Intelligence Cent...
Organizations Face a ‘Losing Battle’ Against Vulnerabilities
After a banner year for vulnerabilities and cyberattacks in 2021, organizations believe they are fighting a “losing battle” against security vulnerabilities and threats, “despite the billions of dollars spent collectively on cybersecurity technology,” according to an annual security report from...
Iranian targeting of IT sector on the rise
Iranian threat actors are increasing attacks against IT services companies as a way to access their customers’ networks. This activity is notable because targeting third parties has the potential to exploit more sensitive organizations by taking advantage of trust and access in a supply chain...
How to Prevent Account Takeovers in 2021
Data breaches and hacking put internet users at risk of account takeover, if cybercriminals successfully gain access to valid login credentials. There are reckoned to be in excess of 8.4 million discrete passwords currently circulating online, more than 3.5 billion of which are tied to active...
UniCredit Suffers Third Breach Despite Investing Billions in Cybersecurity
Despite investing 2.4 billion euros since 2016 to upgrade its cybersecurity profile, Italian banking institution UniCredit has suffered its third recent data breach, this time impacting 3 million customers. The company said in a short data breach announcement on its website that names, telephone...
DDoS Attack Forces Hong Kong Exchange Site Offline for Second Day
Trading on Hong Kong’s stock market, Hong Kong Exchanges & Clearing, remains suspended today following a “coordinated and sustained” distributed denial of service attack on one of the exchange’s websites Wednesday. Several companies, including HSBC, China Power International and Cathay Pacific...
DHS, NIST, Financial Services Group Form Security Research Partnership
As the finger-pointing and name-calling surrounding the WikiLeaks issue continue in Washington, the White House this week facilitated a cooperative agreement among several key public and private organizations designed to spur joint information security research projects. On Tuesday, the Obama...