Security News

Ransomware groups are continuously weaponizing vulnerabilities and adding them to their arsenal to mount crippling and disruptive attacks on their victims. In Q1 2023, researchers identified 12 vulnerabilities newly associated with ransomware.

The Philadelphia Inquirer has punched back at the Cuba ransomware gang after the criminals leaked what they said were files stolen from the newspaper. While The Inquirer confirmed Cuba had claimed responsibility for the break-in, it insisted that any documents posted by the gang on the dark web were not swiped from the newspaper.

The UK law enforcement office SEROCU, short for South East Regional Organised Crime Unit, this week reported the peculiar tale of one Ashley Liles, the literal Man in the Middle whom we referred to in the headline. These days, we usually expand the jargon term MitM to mean Manipulator in the Middle, not merely to avoid the gendered term "Man", but also because many, if not most, MitM attacks these days are performed by machines.

A suspected Iranian state-supported threat actor known as 'Agrius' is now deploying a new ransomware strain named 'Moneybird' against Israeli organizations. Check Point's researchers who discovered the new ransomware strain believe that Agrius developed it to help expand their operations, while the use of 'Moneybird' is yet another one of the threat group's attempts to cover their tracks.

German automotive and arms manufacturer Rheinmetall AG confirms that it suffered a BlackBasta ransomware attack that impacted its civilian business. On Saturday, May 20th, 2023, BlackBasta posted Rheinmetall on its extortion site along with samples of the data the hackers claimed to have stolen from the German company.

A press release published yesterday by the South East Regional Organised Crime Unit explains that in February 2018, the convicted man, Ashley Liles, worked as an IT Security Analyst at an Oxford-based company that suffered a ransomware attack. Like many ransomware attacks, the threat actors contacted the company's executives, demanding a ransom payment.

The Cuba ransomware gang has claimed responsibility for this month's cyberattack on The Philadelphia Inquirer, which temporarily disrupted the newspaper's distribution and disrupted some business operations. The Philadelphia Inquirer is Philadelphia's largest newspaper.

The ALPHV ransomware group was observed employing signed malicious Windows kernel drivers to evade detection by security software during attacks. The POORTRY malware is a Windows kernel driver signed using stolen keys belonging to legitimate accounts in Microsoft's Windows Hardware Developer Program.

To address this issue and provide practical prevention solutions, Criminal IP, a CTI search engine developed by AI SPERA, launched a comprehensive Chrome extension named "Criminal IP Phishing scams link checker" on May 22, 2023. A web browsing guard against Phishing, Malware, and Ransomware based on AI. This Criminal IP's Chrome extension offers real-time scanning of websites worldwide, using AI-based detection to identify recently created phishing sites.

The notorious cybercrime group known as FIN7 has been observed deploying Cl0p ransomware, marking the threat actor's first ransomware campaign since late 2021. "They then use OpenSSH and Impacket to move laterally and deploy Clop ransomware."