Security News

A malicious campaign targeting the Middle East is likely linked to BackdoorDiplomacy, an advanced persistent threat (APT) group with ties to China. The espionage activity, directed against a...

Texas-based cloud computing provider Rackspace has confirmed today that a ransomware attack is behind its ongoing Hosted Exchange outage. "Although Rackspace Technology is in the early stages of assessing this incident, the incident has caused and may continue to cause an interruption in its Hosted Exchange business and may result in a loss of revenue for the Hosted Exchange business, which generates approximately $30 million of annual revenue in the Apps & Cross Platform segment," the company said.

Russia's second-largest financial institution VTB Bank says it is facing the worse cyberattack in its history after its website and mobile apps were taken offline due to an ongoing DDoS...

Russia's second-largest financial institution VTB Bank says it is facing the worse cyberattack in its history after its website and mobile apps were taken offline due to an ongoing DDoS attack. "At present, the VTB technological infrastructure is under unprecedented cyberattack from abroad," stated a VTB spokesperson to TASS. "It is not only the largest cyberattack recorded this year, but in the entire history of the bank."

"The end objective of this campaign appears to be to gain access to mobile carrier networks and, as evidenced in two investigations, perform SIM swapping activity," CrowdStrike researcher Tim Parisi said in an analysis published last week. Initial access to the target environment is said to be undertaken through a variety of methods ranging from social engineering using phone calls and messages sent via Telegram to impersonate IT personnel.

The André-Mignot teaching hospital in the suburbs of Paris had to shut down its phone and computer systems because of a ransomware attack that occurred on Saturday evening. Jean-Noël Barrot, the Minister Delegate in charge of Digital Transition and Telecommunications, said the hospital immediately isolated the infected systems to limit the spread of the malware to additional devices and alerted the French National Authority for Security and Defense of Information Systems.

Multiple functions and teams within an organization can ultimately impact the way an attacker sees the organization's assets, or in other words, the external attack surface. While there are good reasons to expose more assets to the internet, the price is an increased attack surface.

A previously undocumented data wiper named CryWiper is masquerading as ransomware, extorting victims to pay for a decrypter, but in reality, it just destroys data beyond recovery. CryWiper was first discovered by Kaspersky this fall, seen in attacks against organizations in the Russian Federation.

A new Go-based malware threat that researchers call Redigo has been targeting Redis servers vulnerable to CVE-2022-0543 to plant a stealthy backdoor and allow command execution. Today, AquaSec reports that its Redis honeypots vulnerable to CVE-2022-0543 caught a new piece of malware that is not detected as a threat by antivirus engines on Virus Total.

The Keralty multinational healthcare organization suffered a RansomHouse ransomware attack on Sunday, disrupting the websites and operations of the company and its subsidiaries. "The computer servers of the Keralty Group companies have been the object of a cyberattack, which has generated technical failures in our systems," reads a translated statement from Keralty.