Security News
A joint cybersecurity advisory from the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Department of Health and Human services and Multi-State Information Sharing and Analysis Center was recently released to provide more information about the Black Basta ransomware. According to cybersecurity company SentinelOne, Black Basta is highly likely tied to FIN7, a threat actor also known as "Carbanak," active since 2012 and affiliated with several ransomware operations.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks. During this voice phishing attack, the attackers trick the victims into granting them access to their Windows devices by launching the Quick Assist built-in remote control and screen-sharing tool.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
The advisory lists indicators of compromise associated with Black Basta ransomware attacks and offers advice for organizations. Rapid7 analysts have also shared the latest social engineering trick by the Black Basta operators: they spam targets' inbox with junk email, then phone them posing as a member of their organization's IT team, and offer assistance.
The Black Basta ransomware-as-a-service (RaaS) operation has targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia since its...
CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024. "Black Basta affiliates have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia," CISA said.
The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability. The company removed all license restrictions last week so customers with expired licenses can secure their servers from ongoing attacks given that these two security bugs impact all ScreenConnect versions.
Willis Lease Finance Corporation admitted that some internal processes have required workarounds to be developed so that it can continue to operate and service customers, without providing any specifics about what those workarounds entail.As is often the case with early-stage ransomware disclosures, the company appears to be reluctant to mention "Ransomware" or even "Attack" in its wording.
Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data."Hyundai Motor Europe is experiencing IT issues, which the company is working to resolve as quickly as possible," Hyundai told BleepingComputer at the time.