Victim: www.ravencm.com Country : US Actor: ransomhub Source: http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/b1431501-35f8-4d2c-85c3-da8d90c24a86/ Discovered: 2024-10-05 20:31:45.187393 Published: 2024-10-05 19:24:34.000000 Description : RavenCM is a company that specializes in comprehensive community management solutions. It focuses …
Tag: BACKUP
Meow, a ransomware group that emerged in 2022, has gained attention for its unique operational model and rising victim count. It is often linked to Meow Leaks, which …
Summary: DragonForce ransomware is rapidly expanding its Ransomware-as-a-Service (RaaS) operations, posing a significant global threat to businesses through sophisticated double extortion tactics. Companies are urged to enhance their cybersecurity measures …
Short Summary:
This article discusses the challenges of identifying attack vectors in human-operated ransomware attacks and highlights the potential of using Windows event logs to trace ransomware activities. It details …
Short Summary:
In November 2023, a BlackCat ransomware intrusion was initiated by Nitrogen malware, which was disguised as Advanced IP Scanner. The attack involved deploying Sliver and Cobalt Strike beacons, …
In light of the escalating frequency and complexity of ransomware attacks, are security leaders confident in their organization’s defenses? According to Group-IB’s Hi-Tech Crime Trends 2023/2024 Report, ransomware will have …
DLL Hijacking is a technique that exploits legitimate applications to execute malicious code. This write-up provides an overview of DLL Hijacking, its purpose, and the various documented instances …
The article discusses the discovery of a new strain of the RomCom malware family, named SnipBot, which exhibits advanced techniques for evasion and obfuscation. This malware allows attackers …
Short Summary:
The article discusses the emergence of the Necro Trojan, which has infected various popular applications, including modified versions and those available on Google Play. The Trojan employs advanced …
Summary: Researchers have disclosed a critical authentication bypass vulnerability, CVE-2024-45488, in One Identity’s Safeguard for Privileged Passwords (SPP), potentially allowing attackers full administrative access. The vulnerability arises from a hard-coded …
Summary: German law enforcement has seized 47 cryptocurrency exchange services that facilitated illegal money laundering for cybercriminals, including ransomware gangs, by allowing anonymous transactions. The operation, dubbed “Operation Final Exchange,” …
Summary: Acronis has disclosed a critical security vulnerability (CVE-2024-8767) in its backup plugins for server management platforms, posing significant risks to users due to improper permission settings. Despite issuing patches …
Short Summary:
Medusa is a Ransomware-as-a-Service (RaaS) targeting Windows environments, active since June 2021. It gained attention in early 2023 with the launch of its Dedicated Leak Site. Medusa spreads …
Summary: Snowflake has implemented new security measures, including mandatory multifactor authentication and longer password requirements, following a series of cyberattacks that compromised high-profile customers. These changes aim to enhance security …
Summary: A critical vulnerability (CVE-2024-40711) in Veeam’s Backup & Replication software has been disclosed, allowing unauthenticated remote code execution with a CVSS score of 9.8, posing significant risks to enterprise …
Summary: Users of social media platform X (formerly Twitter) are at risk of account takeovers despite using two-factor authentication methods, as hackers can exploit vulnerabilities in these security measures. Researchers …
Victim: AutoCanada Country : CA Actor: hunters Source: https://hunters55rdxciehoqzwv7vgyv6nt37tbwax2reroyzxhou7my5ejyid.onion/companies/6477110213 Discovered: 2024-09-17 17:03:02.982320 Published: 2024-09-17 13:36:32.000000 Description : Country : Canada – Exfiltraded data : yes – Encrypted data : yes …
Summary: In August 2024, the ransomware group “Inc Ransom” targeted a ReliaQuest customer in the healthcare sector with a double-extortion attack that involved data exfiltration without encryption. The attack utilized …
Short Summary:
GlorySec is a rising hacktivist group known for targeting governments and institutions they view as corrupt, particularly in Russia and Venezuela. They operate primarily through Telegram, sharing details …
Victim: CNPS Cameroun Country : CM Actor: spacebears Source: http://5butbkrljkaorg5maepuca25oma7eiwo6a2rlhvkblb4v6mf3ki2ovid.onion/companies/36/cnps-cameroun Discovered: 2024-09-12 05:11:49.815797 Published: 2024-07-29 00:00:00.000000 Description : The, National Social Security Fund (acronym CNPS) is a Cameroonian public institution …
Summary: The article discusses the increasing vulnerability of IT infrastructures due to a lack of diversity in technology stacks, which can lead to catastrophic failures in the event of cyberattacks. …
Summary: ESET researchers have analyzed the activities of the CosmicBeetle threat actor, focusing on its newly developed ScRansom ransomware and its connections to other ransomware groups, including LockBit and RansomHub. …
ESET researchers have documented the activities of the CosmicBeetle threat actor, focusing on its newly developed ScRansom ransomware. This group has replaced its previous ransomware, Scarab, with ScRansom, …
Summary: The report discusses the growing trend of threat actors exploiting legitimate IT tools for malicious operations, termed CAMO (Commercial Applications, Malicious Operations), which allows them to bypass security measures …
Short Summary:
EclecticIQ analysts have researched ransomware operations, particularly focusing on SCATTERED SPIDER, a group targeting cloud infrastructures in the insurance and financial sectors. They employ social engineering tactics, including …
Summary: A new variant of sextortion email scams is targeting spouses by falsely claiming that their partner is cheating, complete with links to alleged proof. These scams have evolved since …
The report by CYFIRMA details the discovery of a sophisticated dropper binary known as BLX Stealer (or XLABB Stealer), designed to steal sensitive information from compromised systems. This …
Summary: A series of critical vulnerabilities in Veeam Backup & Replication have been identified, exposing organizations to severe risks including unauthorized access and remote code execution. The most critical vulnerability …
Summary: Researchers from QiAnXin have identified an advanced malware campaign named DarkCracks that exploits vulnerabilities in GLPI and WordPress websites to distribute malicious loaders, maintaining covert control over infected systems. …
Summary: The Fog Ransomware group has expanded its targeting from education and recreation sectors to the financial services sector, successfully launching an attack that was mitigated by Adlumin’s advanced security …
Summary: The Indian hacker group CyberVolk has emerged as a significant threat in the cybercrime landscape with its sophisticated ransomware, first detected in July 2024. Known for its advanced features …
Short Summary:
On August 29, 2024, the FBI, CISA, MS-ISAC, and HHS released a Cybersecurity Advisory regarding RansomHub ransomware, detailing its IOCs and TTPs. RansomHub, which operates under a Ransomware-as-a-Service …
Short Summary:
The Fog Ransomware group has shifted its focus from targeting educational and recreational sectors to attacking financial services. Adlumin successfully thwarted a ransomware attack in August 2024, utilizing …
Summary: The second quarter of 2024 saw a surge in ransomware attacks led by new groups, with significant increases in demands and payouts. The evolution of tactics, including double-extortion schemes, …
Short Summary:
Abyss Locker ransomware has emerged as a significant cybersecurity threat in 2023, targeting Windows and Linux systems across various industries. Known for its advanced encryption and multi-extortion tactics, …
Short Summary:
Mallox, also known as TargetCompany, FARGO, and Tohnichi, is a ransomware strain active since June 2021, operating under a Ransomware-as-a-Service (RaaS) model. It primarily targets unsecured MS-SQL servers …
Short Summary:
The FBI, CISA, and DC3 have issued a Cybersecurity Advisory warning about ongoing cyber activities by Iran-based actors targeting U.S. and foreign organizations, particularly in sectors like education, …
Short Summary:
The Mekotio Trojan is a sophisticated malware that utilizes an obfuscated PowerShell dropper to execute its payload. It gathers system information, communicates with a command-and-control (C2) server, and …
Short Summary:
This article discusses the increasing use of Python in malicious activities within the Windows ecosystem. It highlights how attackers exploit Python’s ease of deployment, lack of integration with …
Short Summary:
Trustwave investigated an unauthorized access incident leading to the deployment of Mallox ransomware in a client’s cloud-based environment. The attack exploited a misconfiguration that allowed unauthorized access, resulting …
Threat Actor: Unknown | unknown Victim: SenangPay | SenangPay Price: 2 BTC Exfiltrated Data Type: Personally identifiable information (PII)
Key Points :
The breach involves a prominent Malaysian payment solutions…Short Summary:
The Patchwork group, also known as White Elephant, has been active for over a decade, primarily engaging in cyber espionage against various sectors in Asia. Their latest variant …
Summary: The Everest ransomware group, a Russian-speaking cybercriminal organization, is increasingly targeting the healthcare sector, claiming to have stolen sensitive patient data from multiple medical facilities in the U.S. since …
Threat Actor: Embargo Group | Embargo Group Victim: American Radio Relay League (ARRL) | American Radio Relay League Price: $1 Million Exfiltrated Data Type: Employee Data
Key Points :
The…