Security News

The Iranian state-supported APT known as 'Lyceum' targeted ISPs and telecommunication service providers in the Middle East and Africa between July and October 2021. Apart from Israel, which is permanently in the crosshairs of Iranian hackers, researchers have spotted Lyceum backdoor malware attacks in Morocco, Tunisia, and Saudi Arabia.

The Clop ransomware gang, also tracked as TA505 and FIN11, is exploiting a SolarWinds Serv-U vulnerability to breach corporate networks and ultimately encrypt its devices. SolarWinds released an emergency security update in July 2021 after discovering a "a single threat actor" exploiting it in attacks.

Medatixx, a German medical software vendor whose products are used in over 21,000 health institutions, urges customers to change their application passwords following a ransomware attack that has severely impaired its entire operations. The firm clarified that the impact has not reached clients and is limited to their internal IT systems and shouldn't affect any of their PVS. However, as it is unknown what data was stolen during the attack, threat actors may have acquired Medatixx customers' passwords.

The U.S. government on Monday charged a Ukrainian suspect, arrested in Poland last month, with deploying REvil ransomware to target multiple businesses and government entities in the country, including perpetrating the attack against software company Kaseya, marking the latest action to crack down on the cybercrime group and curb further attacks. In another major development, the Justice Department disclosed the seizure of $6.1 million in alleged ransomware payments received by Russian national Yevgeniy Polyanin, who is currently at large and has been accused of conducting REvil ransomware attacks against multiple businesses and government entities in Texas dating back to August 16, 2019.

The U.S. government on Monday charged a Ukrainian suspect, arrested in Poland last month, with deploying REvil ransomware to target multiple businesses and government entities in the country, including perpetrating the attack against software company Kaseya, marking the latest action to crack down on the cybercrime group and curb further attacks. In another major development, the Justice Department disclosed the seizure of $6.1 million in alleged ransomware payments received by Russian national Yevgeniy Polyanin, who is currently at large and has been accused of conducting REvil ransomware attacks against multiple businesses and government entities in Texas dating back to August 16, 2019.

"July started off relatively quietly, but towards the middle of the month the average daily count of DDoS attacks exceeded 1,000, with a whopping 8,825 attacks on August 18," the report said. More than 40 percent of DDoS attacks during the third quarter targeted operations in the U.S., followed by Hong Kong and China, the report found.

Electronics retail giant MediaMarkt has suffered a ransomware attack causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany. MediaMarkt is Europe's largest consumer electronics retailer with over 1,000 stores in 13 countries.

Impersonating an Amazon order notification, the attackers end up calling victims to try to obtain their credit card details, says Avanan. A recent campaign spotted by email security provider Avanan spoofs Amazon with both a traditional phishing message and a voice call to try to steal credit card information.

Mystery surrounds the Labour Party ransomware attack, with former party members who left years ago saying their data was caught up in the hack - while official sources refuse to say what really happened. "On 29 October 2021, we were informed of the cyber incident by the third party. The third party told us that the incident had resulted in a significant quantity of Party data being rendered inaccessible on their systems," Labour spokeswoman Sophie Nazemi told The Register.

Attackers are actively exploiting an "Old" vulnerability to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns. The additional bad news is that at least half of the 60,000 internet-facing GitLab installations the company detects are not patched against this issue.