Security News
Ransomware-as-a-service outfit Hunters International is wielding a new remote access trojan. Angry IP Scanner is an IP address and port scanner, and as such is more likely to be downloaded and used by IT workers.
The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. [...]
Electronic manufacturing services provider Keytronic has revealed that it suffered losses of over $17 million due to a May ransomware attack. [...]
[...]
A ransomware attack against blood-donation nonprofit OneBlood, which services more than 250 American hospitals, has "Significantly reduced" the org's ability to take, test, and distribute blood. "In an effort to further manage the blood supply we have asked the more than 250 hospitals we serve to activate their critical blood shortage protocols and to remain in that status for the time being."
OneBlood, a large not-for-profit blood center that serves hospitals and patients in the United States, is dealing with an IT systems outage caused by a ransomware attack. [...]
A vulnerability in the ESXi hypervisor was patched by VMware last week, but Microsoft has revealed that it has already been exploited by ransomware groups to gain administrative permissions. The vulnerability affects ESXi versions 7.0 and 8.0 and VMware Cloud Foundation versions 4.x and 5.x., but patches were only rolled out for ESXi 8.0 and VMware Cloud Foundation 5.x. It has a relatively low CVSS severity score of 6.8.
A Fortune 50 company paid a record-breaking $75 million ransom payment to the Dark Angels ransomware gang, according to a report by Zscaler ThreatLabz. "In early 2024, ThreatLabz uncovered a victim who paid Dark Angels $75 million, higher than any publicly known amount- an achievement that's bound to attract the interest of other attackers looking to replicate such success by adopting their key tactics," reads the 2024 Zscaler Ransomware Report.
CISA has ordered U.S. Federal Civilian Executive Branch agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks. Broadcom subsidiary VMware fixed this flaw discovered by Microsoft security researchers on June 25 with the release of ESXi 8.0 U3. CVE-2024-37085 allows attackers to add a new user to the 'ESX Admins' group-not present by default but can be added after gaining high privileges on the ESXi hypervisor-which will automatically be assigned full administrative privileges.
The Black Basta ransomware gang has shown resilience and an ability to adapt to a constantly shifting space, using new custom tools and tactics to evade detection and spread throughout a network. Black Basta is a ransomware operator who has been active since April 2022 and is responsible for over 500 successful attacks on companies worldwide.