Security News

12 vulnerabilities newly associated with ransomware
2023-05-25 03:00

Ransomware groups are continuously weaponizing vulnerabilities and adding them to their arsenal to mount crippling and disruptive attacks on their victims. In Q1 2023, researchers identified 12 vulnerabilities newly associated with ransomware.

Philly Inquirer says Cuba ransomware gang's data leak claims are fake news
2023-05-24 20:26

The Philadelphia Inquirer has punched back at the Cuba ransomware gang after the criminals leaked what they said were files stolen from the newspaper. While The Inquirer confirmed Cuba had claimed responsibility for the break-in, it insisted that any documents posted by the gang on the dark web were not swiped from the newspaper.

Ransomware tales: The MitM attack that really had a Man in the Middle
2023-05-24 19:59

The UK law enforcement office SEROCU, short for South East Regional Organised Crime Unit, this week reported the peculiar tale of one Ashley Liles, the literal Man in the Middle whom we referred to in the headline. These days, we usually expand the jargon term MitM to mean Manipulator in the Middle, not merely to avoid the gendered term "Man", but also because many, if not most, MitM attacks these days are performed by machines.

Iranian hackers use new Moneybird ransomware to attack Israeli orgs
2023-05-24 16:28

A suspected Iranian state-supported threat actor known as 'Agrius' is now deploying a new ransomware strain named 'Moneybird' against Israeli organizations. Check Point's researchers who discovered the new ransomware strain believe that Agrius developed it to help expand their operations, while the use of 'Moneybird' is yet another one of the threat group's attempts to cover their tracks.

Arms maker Rheinmetall confirms BlackBasta ransomware attack
2023-05-23 16:02

German automotive and arms manufacturer Rheinmetall AG confirms that it suffered a BlackBasta ransomware attack that impacted its civilian business. On Saturday, May 20th, 2023, BlackBasta posted Rheinmetall on its extortion site along with samples of the data the hackers claimed to have stolen from the German company.

IT employee impersonates ransomware gang to extort employer
2023-05-23 15:22

A press release published yesterday by the South East Regional Organised Crime Unit explains that in February 2018, the convicted man, Ashley Liles, worked as an IT Security Analyst at an Oxford-based company that suffered a ransomware attack. Like many ransomware attacks, the threat actors contacted the company's executives, demanding a ransom payment.

Cuba ransomware claims cyberattack on Philadelphia Inquirer
2023-05-23 13:54

The Cuba ransomware gang has claimed responsibility for this month's cyberattack on The Philadelphia Inquirer, which temporarily disrupted the newspaper's distribution and disrupted some business operations. The Philadelphia Inquirer is Philadelphia's largest newspaper.

Malicious Windows kernel drivers used in BlackCat ransomware attacks
2023-05-22 18:23

The ALPHV ransomware group was observed employing signed malicious Windows kernel drivers to evade detection by security software during attacks. The POORTRY malware is a Windows kernel driver signed using stolen keys belonging to legitimate accounts in Microsoft's Windows Hardware Developer Program.

An AI-based Chrome Extension Against Phishing, Malware, and Ransomware
2023-05-22 14:02

To address this issue and provide practical prevention solutions, Criminal IP, a CTI search engine developed by AI SPERA, launched a comprehensive Chrome extension named "Criminal IP Phishing scams link checker" on May 22, 2023. A web browsing guard against Phishing, Malware, and Ransomware based on AI. This Criminal IP's Chrome extension offers real-time scanning of websites worldwide, using AI-based detection to identify recently created phishing sites.

Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks
2023-05-20 06:49

The notorious cybercrime group known as FIN7 has been observed deploying Cl0p ransomware, marking the threat actor's first ransomware campaign since late 2021. "They then use OpenSSH and Impacket to move laterally and deploy Clop ransomware."