Lucene search
K

23 matches found

The Hacker News
The Hacker News
added 2024/04/09 11:24 a.m.72 views

CL0P's Ransomware Rampage - Security Measures for 2024

2023 CL0P Growth Emerging in early 2019, CL0P was first introduced as a more advanced version of its predecessor the 'CryptoMix' ransomware, brought about by its owner CL0P ransomware, a cybercrime organisation. Over the years the group remained active with significant campaigns throughout 2020 t...

9.8CVSS7.4AI score0.99999EPSS
Exploits36
hivepro
hivepro
added 2023/06/13 6:58 a.m.53 views

Actors, Threats and Vulnerabilities 5 June to 11 June 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of seven attacks executed, taking advantage of five different vulnerabilities in...

9.3CVSS6.9AI score0.99934EPSS
Exploits77
The Hacker News
The Hacker News
added 2023/05/02 7:9 a.m.44 views

LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads

In yet another instance of how threat actors are abusing Google Ads to serve malware, a threat actor has been observed leveraging the technique to deliver a new Windows-based financial trojan and information stealer called LOBSHOT. "LOBSHOT continues to collect victims while staying under the...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/27 8:20 a.m.83 views

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the...

9.8CVSS8.9AI score0.99999EPSS
Exploits35
Malwarebytes
Malwarebytes
added 2022/12/13 1:0 p.m.59 views

Silence is golden partner for Truebot and Clop ransomware

A recent rise in the number of Truebot infections has been attributed to a threat actor known as the Silence Group. The Silence Group is an initial access broker IAB that frequently changes tools and tactics to stay on top of the game. An IAB's primary task is to find a weakness or vulnerability,...

9.3AI score0.36152EPSS
Exploits1
hivepro
hivepro
added 2022/12/12 2:10 p.m.8 views

Truebot exploits vulnerability in Netwrix to deploy Clop Ransomware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In 2017, Truebot was discovered to be linked to the Silence group and has affected more than 1,500 systems worldwide with shellcode, Cobalt Strike beacons, Grace malware, the Teleport tool, and Clop...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/12/09 5:16 p.m.60 views

New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patche...

9.8CVSS1AI score0.36152EPSS
Exploits1
Talos Blog
Talos Blog
added 2022/12/08 7:38 p.m.41 views

Breaking the silence - Recent Truebot activity

Since August 2022, we have seen an increase in infections of Truebot aka Silence.Downloader malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks on financial institutions in several...

9.8AI score0.36152EPSS
Exploits1
The Hacker News
The Hacker News
added 2022/10/28 10:18 a.m.26 views

Raspberry Robin Operators Selling Cybercriminals Access to Thousands of Endpoints

The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot aka Silence, and Clop ransomware. It is "part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/06 9:57 a.m.64 views

TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks

Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. "The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT...

1.4AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/11/12 11:14 p.m.31 views

A multi-stage PowerShell based attack targets Kazakhstan

This blog post was authored by Hossein Jazi. On November 10 we identified a multi-stage PowerShell attack using a document lure impersonating the Kazakh Ministry of Health Care, leading us to believe it targets Kazakhstan. A threat actor under the user name of DangerSklif perhaps in reference to...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/19 12:3 p.m.20 views

A New Variant of FlawedGrace Spreading Through Mass Email Campaigns

Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria. Enterprise security firm Proofpoint tied the malware...

0.6AI score
Exploits0
ThreatPost
ThreatPost
added 2021/10/19 9:0 a.m.83 views

TA505 Gang Is Back With Newly Polished FlawedGrace RAT

The TA505 cybercrime group is whirring its financial rip-off machinery back up, pelting malware at a range of industries in what was initially low-volume waves that researchers saw spiral up late last month. They do bad things, but they’re so tricky that tracking them is a ton of fun, said Sherro...

7.1AI score
Exploits0References11
Talos Blog
Talos Blog
added 2021/08/12 11:0 a.m.33 views

Threat Source newsletter (Aug. 12, 2021)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. No, that's not Ratatouille. It's ServHelper, who is much more dangerous albeit just as cute as the cartoon chef. We have a new blog post out today detailing this RAT, run by the threat actor Group TA505, that is... This is only the...

2.4AI score
Exploits0
Talos Blog
Talos Blog
added 2021/08/12 5:1 a.m.47 views

Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT

By Vanja Svajcer. News summaryGroup TA505 has been active for at least seven years, making wide-ranging connections with other threat actors involved in ransomware, stealing credit card numbers and exfiltrating data. One of the common tools in TA505's arsenal is ServHelper. In mid-June, Cisco...

3AI score
Exploits0
ThreatPost
ThreatPost
added 2020/10/14 3:46 p.m.32 views

FIN11 Cybercrime Gang Shifts Tactics to Double-Extortion Ransomware

The FIN11 financial crime gang is shifting its tactics from phishing and credential-theft to ransomware, researchers said. According to FireEye Mandiant researchers, FIN11 is notable for its “sheer volume of activity,” known to run up to five disparate wide-scale email phishing campaigns per week...

0.8AI score
Exploits0References20
FireEye
FireEye
added 2020/10/14 12:0 a.m.48 views

FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft

Mandiant Threat Intelligence recently promoted a threat cluster to a named FIN or financially motivated threat group for the first time since 2017. We have detailed FIN11's various tactics, techniques and procedures in a report that is available now by signing up for Mandiant Advantage Free. In...

1.3AI score
Exploits0References4
ThreatPost
ThreatPost
added 2020/04/14 5:55 p.m.44 views

TA505 Crime Gang Deploys SDBbot for Corporate Network Takeover

The TA505 cybercrime group has ramped up its attacks lately, with a set of campaigns bent on spreading the persistent SDBbot remote-access trojan RAT laterally throughout an entire corporate environment, researchers said. SDBbot RAT is a custom job that has been observed in TA505 attacks since at...

0.1AI score
Exploits0References12
Malwarebytes
Malwarebytes
added 2020/02/03 7:0 p.m.36 views

A week in security (January 27 – February 2)

Last week on Malwarebytes Labs, we looked at the strengths and weaknesses of the Zero Trust model, gave you the low-down on spear phishing, and took a delve into the world of securing the managed service provider MSP. Other cybersecurity news UN compromised via Sharepoint hack: An extraordinary...

0.6AI score
Exploits0
ThreatPost
ThreatPost
added 2019/01/11 5:49 p.m.25 views

TA505 Crime Gang Debuts Brand-New ServHelper Backdoor

A new backdoor named ServHelper has been spotted in the wild, acting as both a remote desktop agent as well as a downloader for a RAT called FlawedGrace. According to Proofpoint, the prolific cybercriminal gang known as TA505 developed ServHelper, which has two variants: one focused on remote...

2.5AI score
Exploits0References6
Rows per page
Query Builder