Security News
Officials have until March 2 to cough up or stolen data gets leaked LockBit claims it's back in action just days after an international law enforcement effort seized the ransomware gang's servers...
LockBitSupp, the individual running the LockBit ransomware-as-a-service operation, has made good on one promise: the LockBit leak site is back online on backup domains, with lists of victims expected to be unveiled in the coming days. Last week, Operation Cronos hit LockBit hard by taking over their leak site and affiliate panel, disrupting part of their infrastructure, and arresting some suspected affiliates.
The analysis showed addresses held around £100 million, £90 million of which was unspent, comprised largely of the payments made to LockBit by affiliates who were paid by victims. Although the cut taken by LockBit typically varies, around 20 percent of the total ransom fee is paid to the LockBit organization, while the affiliate who actually carried out the attack keeps the remainder.
A cache of stolen document posted to GitHub appears to reveal how a Chinese infosec vendor named I-Soon offers rent-a-hacker services for Beijing. Analysis of the docs by infosec vendor SentinelOne characterizes I-Soon as "a company who competes for low-value hacking contracts from many government agencies."
The latest revelation from law enforcement authorities in relation to this week's LockBit leaks is that the ransomware group had registered nearly 200 "Affiliates" over the past two years. List of LockBit 3.0 affiliates published by the NCA. The FBI first started investigating LockBit in 2020, and the group has since developed new variants of its ransomware, the latest of which was released in mid-2022, so the data shared today likely shows all the affiliates that have ever deployed the most recent version of LockBit.
The alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation. Knight ransomware launched at the end of July 2023 as a re-brand of the Cyclops operation, targeting Windows, macOS, and Linux/ESXi systems.
Indian tech services giant Infosys has been named as the source of a data leak suffered by the Bank of America. Infosys disclosed the breach in a November 3, 2023, filing [PDF] that revealed its US subsidiary Infosys McCamish Systems LLC "Has become aware of a cyber security incident resulting in non-availability of certain applications and systems in IMS.".
A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file. The issue, tracked...
A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. [...]
The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data...