July 2024

What You Need to Know About the DORA Regulation #dora #securityawareness #eudataregulation #shorts

Jul 31, 2024 By Rubrik In Rubrik

Richard Cassidy, EMEA Field CISO at Rubrik, shares how DORA ensures that financial institutions and their service providers can withstand and quickly recover from technology disruptions, maintaining a stable and secure financial environment in the EU.

View Video

Rubrik

Read more about What You Need to Know About the DORA Regulation #dora #securityawareness #eudataregulation #shorts

Are Ransomware Attacks Still a Growing Threat in 2024?

Jul 31, 2024 By Farwa Sajjad In LevelBlue

Ransomware attacks continue to pose a growing threat to organizations as it has emerged as the number one threat, affecting 66% of organizations in 2023 and pulling over $1 billion from the victims. These attacks have increased in frequency and sophistication, resulting in significant financial loss, operation disruption, theft of sensitive data, and reduced productivity rates. Also, it damages the organization's reputation and results in the loss of customer trust and compliance violations.

Read Post

LevelBlue

Read more about Are Ransomware Attacks Still a Growing Threat in 2024?

Rubrik Adopts CISA's Secure by Design Pledge, Reinforcing Our Commitment to Software Security

Jul 31, 2024 By Anneka Gupta In Rubrik

At Rubrik, we take software security extremely seriously. That's why we're proud to announce that Rubrik has adopted the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design Pledge. This voluntary pledge focuses on enterprise software products and services, and by taking it, we're committing to make a good-faith effort to work towards seven key goals over the next year to further enhance the security of our offerings.

Read Post

Rubrik

Read more about Rubrik Adopts CISA's Secure by Design Pledge, Reinforcing Our Commitment to Software Security

SYS01 Infostealer and Rilide Malware Likely Developed by the Same Threat Actor

Jul 31, 2024 By Trustwave In Trustwave

Drawing on extensive proprietary research, Trustwave SpiderLabs believes the threat actors behind the Facebook malvertising infostealer SYS01 are the same group that developed the previously reported Rilide malware. Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01 – Part 2 lays out evidence tying the latest Rilide (V4) version to SYS01. The report noted the code from the two malware types overlaps in too many areas to be a simple coincidence.

Read Post

Trustwave

Read more about SYS01 Infostealer and Rilide Malware Likely Developed by the Same Threat Actor

The Current State of Ransomware Risk

Jul 31, 2024 By Daniel dos Santos In Forescout

Ransomware risk is top of mind for citizens and CISOs alike. From the board room to the room known as the ‘SOC’, everyone is feeling the pain of disruption. Being locked out of a system and forced back to pen and paper is shocking to our working lives. Too often, it is delaying a much-needed surgery or forcing manual intervention where a digital avenue was easy and efficient. But the effects of ransomware don’t appear to be going anywhere soon.

Read Post

Forescout

Read more about The Current State of Ransomware Risk

CTI Roundup: Evasive Panda Deploys New Malware, Macma Backdoor and Nightdoor

Jul 31, 2024 By Tanium In Tanium

Evasive Panda deploys new versions of Macma backdoor and Nightdoor, cybercriminals work independently after RaaS takedowns, and a new Linux Play variant targets VMware ESXi systems.

Read Post

Tanium

Read more about CTI Roundup: Evasive Panda Deploys New Malware, Macma Backdoor and Nightdoor

Re-Extortion: How Ransomware Gangs Re-Victimize Victims

Jul 30, 2024 By Kirsten Doyle In Tripwire

Ransomware has evolved significantly since its inception. Initially, these attacks were relatively simple: malware would encrypt a victim's files, and the attacker would demand a ransom for the decryption key. However, as cybersecurity measures improved, so did ransomware gangs' tactics. Modern ransomware attacks often involve sophisticated techniques such as data exfiltration, where attackers steal sensitive information before encrypting it.

Read Post

Tripwire

Read more about Re-Extortion: How Ransomware Gangs Re-Victimize Victims

Dark Angels Ransomware Group Scores Record-Breaking $75 Million Payday

Jul 30, 2024 By Stu Sjouwerman In KnowBe4

In the ever-evolving world of cybercrime, ransomware attacks continue to be a lucrative business for cybercriminals. The latest development comes from the Dark Angels ransomware group, who have reportedly secured a staggering $75 million ransom payment from an undisclosed victim. This eye-watering sum shatters the previous record of $40 million paid by insurance giant CNA Financial in 2021, setting a new and alarming benchmark in the ransomware landscape.

Read Post

KnowBe4

Read more about Dark Angels Ransomware Group Scores Record-Breaking $75 Million Payday

Poseidon Infostealer, DoNex Ransomware, ElDorado Ransomware, and More: Hacker's Playbook Threat Coverage Round-up: July 2024

Jul 30, 2024 By Kaustubh Jagtap In SafeBreach

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats by the SafeBreach Labs team. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.

Read Post

SafeBreach

Read more about Poseidon Infostealer, DoNex Ransomware, ElDorado Ransomware, and More: Hacker's Playbook Threat Coverage Round-up: July 2024

DORA and NIS2: How to Ensure Compliance and Enhance Cyber Resilience

Jul 30, 2024 By Rubrik In Rubrik

In this episode of CISO Conversations: EU Data Regulations, Richard Cassidy, EMEA Field CISO at Rubrik is joined by Jack Poller to discuss the key differences between DORA and NIS2, how they can help enhance resilience against cyber threat, and what steps organizations need to take to ensure compliance.

View Video

Rubrik

Read more about DORA and NIS2: How to Ensure Compliance and Enhance Cyber Resilience

Is Ransomware Malware?

Jul 30, 2024 By Arctic Wolf In Arctic Wolf

Over the past few years, ransomware attack rates and ransom amounts have climbed so significantly that the cyber attack has broken out of the IT and security community to capture headlines around the world. In early May 2021, a suspected Russian hacking group took Colonial Pipeline — which provides 45% of the East Coast’s supply of gasoline, diesel fuel, and jet fuel — offline for more than three days in an attack that made ransomware a household word.

Read Post

Arctic Wolf

Read more about Is Ransomware Malware?

Nearly All Ransomware Attacks Now Include Exfiltration of Data...But Not All Are Notified

Jul 29, 2024 By Stu Sjouwerman In KnowBe4

Organizations are falling victim to ransomware attacks where data is stolen, but the victim isn’t being told about it. I have a theory as to why this is happening. Many assume data is being exfiltrated as part of a ransomware attack and it’s going to be used as part of the extortion component of the attack. But according to Arctic Wolf’s The State of Cybersecurity: 2024 Trends Report, that doesn’t seem to be the case.

Read Post

KnowBe4

Read more about Nearly All Ransomware Attacks Now Include Exfiltration of Data...But Not All Are Notified

Stargazer Goblin's Fake GitHub Accounts and Malware Distribution Tactics

Jul 29, 2024 By Foresiet In Foresiet

In a significant development in cybersecurity, the threat actor known as Stargazer Goblin has established a complex network of fake GitHub accounts to facilitate a Distribution-as-a-Service (DaaS) operation. This network, comprising over 3,000 inauthentic accounts, has been actively spreading various information-stealing malware and generating $100,000 in illicit profits over the past year.

Read Post

Foresiet

Read more about Stargazer Goblin's Fake GitHub Accounts and Malware Distribution Tactics

Latest APT41 Campaign: Detection Opportunities | ThreatSnapShot

Jul 28, 2024 By SnapAttack In SnapAttack

Have you ever read a threat report and thought, “These tools could definitely be superhero names”? Well, you’re not alone! In this video, we dive into the recent APT41 campaign and explore the detection opportunities that arise from it. From tools like BlueBeam, AntSword, DustPan, and PineGrove, we break down how these were used in APT41’s latest operations and how you can detect them in your environment.

View Video

SnapAttack

Read more about Latest APT41 Campaign: Detection Opportunities | ThreatSnapShot

UK Disrupts Major Booter Service Responsible For Thousands Of DDoS Attacks

Jul 25, 2024 By Key Dutch In ImmuniWeb

Read also: A Scattered Spider member arrested in the UK, LockBit affiliates plead guilty, and more.

Read Post

ImmuniWeb

Read more about UK Disrupts Major Booter Service Responsible For Thousands Of DDoS Attacks

SEXi / APT Inc Ransomware - What You Need To Know

Jul 25, 2024 By Graham Cluley In Tripwire

Don't worry, I'm not trying to conjure images in your mind of Rod Stewart in his iconic leopard print trousers. Instead, I want to warn you about a cybercrime group that has gained notoriety for attacking VMware ESXi servers since February 2024.

Read Post

Tripwire

Read more about SEXi / APT Inc Ransomware - What You Need To Know

CVE discovery, PoC Development, IAB Listings, to Ransomware Attacks: How Cybercriminal Forums Facilitate the Lifecycle

Jul 25, 2024 By Cymon In CYJAX

By Olivia Betts and Adam Price In July 2024, CloudFlare identified that it can take cybercriminals as little as 22 minutes to weaponise a publicly available Proof-of-Concept (PoC) exploit following its release. The IT services management company noted an increase in scanning for disclosed Common and in attempts to weaponise available PoCs across 2023 and 2024.

Read Post

CYJAX

Read more about CVE discovery, PoC Development, IAB Listings, to Ransomware Attacks: How Cybercriminal Forums Facilitate the Lifecycle

CTI Roundup: MuddyWater Deploys BugSleep Malware, New Attack From Void Banshee

Jul 24, 2024 By Tanium In Tanium

MuddyWater deploys BugSleep malware, researchers discover malicious files on the npm registry, and Void Banshee exploits a Microsoft MHTML flaw.

Read Post

Tanium

Read more about CTI Roundup: MuddyWater Deploys BugSleep Malware, New Attack From Void Banshee

Lumma Stealer Packed with CypherIt Distributed Using Falcon Sensor Update Phishing Lure

Jul 24, 2024 By Counter Adversary Operations In CrowdStrike

On July 23, 2024, CrowdStrike Intelligence identified the phishing domain crowdstrike-office365com, which impersonates CrowdStrike and delivers malicious ZIP and RAR files containing a Microsoft Installer (MSI) loader. The loader ultimately executes Lumma Stealer packed with CypherIt.

Read Post

CrowdStrike

Read more about Lumma Stealer Packed with CypherIt Distributed Using Falcon Sensor Update Phishing Lure

Sue Bergamo on Data Security Decoded - On Diversity

Jul 24, 2024 By Rubrik In Rubrik

Dive deep into the world of #CyberSecurity leadership in this episode of Data Security Decoded, featuring Sue Bergamo, CISO and CIO at BTE Partners. Sue brings to the table an incredible perspective on the importance of diversity and the strength of unique perspectives. Sue advocates for empowering individuals to stand up for their ideas, especially when navigating through incidents, ensuring a resilient and innovative response to any crisis.

View Video

Rubrik

Read more about Sue Bergamo on Data Security Decoded - On Diversity

Daggerfly Enhances Malware Toolkit to Target All Major Operating Systems

Jul 24, 2024 By Foresiet In Foresiet

The Chinese espionage group Daggerfly, also known as Evasive Panda or Bronze Highland, has significantly upgraded its malware arsenal, allowing it to target a wide range of operating systems including Windows, Linux, macOS, and Android. This development marks a notable escalation in the group's cyber capabilities, as detailed in a recent analysis by Symantec.

Read Post

Foresiet

Read more about Daggerfly Enhances Malware Toolkit to Target All Major Operating Systems

Ransomware: Attackers resort to old-school techniques and minimal investment

Jul 23, 2024 By Sam Manjarres In WatchGuard

The modus operandi of cybercriminals is constantly changing. It comes as no surprise that, every so often, hackers switch up their methods to become more evasive. However, contrary to what we might imagine, these changes don’t always have to be innovative, or involve new attack strategies. Cybercriminals are increasingly opting to employ old-school techniques, and couple this with minimal investment.

Read Post

WatchGuard

Read more about Ransomware: Attackers resort to old-school techniques and minimal investment

Abusing BOINC: FakeUpdates Campaign Bundling Malware with Legitimate Software

Jul 23, 2024 By Arctic Wolf In Arctic Wolf

Beginning in early July 2024, Arctic Wolf responded to multiple SocGholish/FakeUpdate intrusions that resulted in a seemingly benign payload being delivered as a second-stage download. The zip file payload contained software from the Berkeley Open Infrastructure for Network Computing (BOINC) project, open-source software that allows users to contribute computing power to scientific research projects focused on solving complex calculations.

Read Post

Arctic Wolf

Read more about Abusing BOINC: FakeUpdates Campaign Bundling Malware with Legitimate Software

Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure

Jul 23, 2024 By Counter Adversary Operations In CrowdStrike

On July 23, 2024, CrowdStrike Intelligence identified a malicious ZIP file containing a Python-based information stealer now tracked as Connecio. A threat actor distributed this file days after the July 19, 2024, single content update for CrowdStrike’s Falcon sensor — which impacted Windows operating systems — was identified and a fix was deployed. The ZIP file uses the filename CrowdStrike Falcon.zip in an attempt to masquerade as a Falcon update.

Read Post

CrowdStrike

Read more about Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure

Cyber Threats in TON: How to Identify and Mitigate Risks

Jul 23, 2024 By SecuritySenses In SecuritySenses

The Open Network (TON) is an innovative blockchain platform designed to enable a new era of decentralized applications and services. With its growing popularity, TON has attracted not only developers and users but also cybercriminals seeking to exploit its vulnerabilities. Understanding the potential cyber threats within the TON ecosystem is crucial for users and developers alike to safeguard their assets and data. In this blog post, we will delve into the various cyber threats facing TON, explore how to identify these risks, and provide strategies to mitigate them effectively.

Read Post

SecuritySenses

Read more about Cyber Threats in TON: How to Identify and Mitigate Risks

The Road to Resilience: Establishing a Minimum Viable Business through Rubrik Security Cloud

Jul 22, 2024 By Mike Preston In Rubrik

In the fast-paced and interconnected world of business, the continuity of operations after a cyber attack is paramount. Many companies today are embracing the concepts of Minimum Viable Business/Company (MVB/C) as a key strategy in ensuring that their core business applications and processes are able to survive in the face of adversity.

Read Post

Rubrik

Read more about The Road to Resilience: Establishing a Minimum Viable Business through Rubrik Security Cloud

SocGholish Malware Exploits BOINC Project for Covert Cyberattacks

Jul 22, 2024 By Foresiet In Foresiet

The SocGholish malware, also known as FakeUpdates, has resurfaced with new tactics that leverage the BOINC (Berkeley Open Infrastructure Network Computing Client) platform for nefarious purposes. This sophisticated JavaScript downloader malware is now delivering a remote access trojan, AsyncRAT, and utilizing BOINC in a covert cyberattack campaign. This blog will delve into the specifics of this exploit, the implications for cybersecurity, and measures to mitigate the risks.

Read Post

Foresiet

Read more about SocGholish Malware Exploits BOINC Project for Covert Cyberattacks

New Linux Variant of Play Ransomware Targeting VMware ESXi Systems

Jul 22, 2024 By Foresiet In Foresiet

In a recent development, cybersecurity researchers have identified a new Linux variant of the notorious Play ransomware, also known as Balloonfly and PlayCrypt. This variant specifically targets VMware ESXi environments, signaling a strategic expansion by the threat actors behind it. Trend Micro's report published on Friday highlights the potential for a broader victim pool and more effective ransom negotiations as a result of this evolution.

Read Post

Foresiet

Read more about New Linux Variant of Play Ransomware Targeting VMware ESXi Systems

Fighting Advanced Malware Threats: Kimsuky and the ScreenConnect Vulnerability

Jul 22, 2024 By Kroll In Kroll

Hear from Kroll’s Head of Threat Intelligence in EMEA, George Glass, on how Kimsuky weaponized the ScreenConnect vulnerability using new malware strain TODDLERSHARK.

View Video

Kroll

Read more about Fighting Advanced Malware Threats: Kimsuky and the ScreenConnect Vulnerability

Threat Actor Uses Fake CrowdStrike Recovery Manual to Deliver Unidentified Stealer

Jul 22, 2024 By Counter Adversary Operations In CrowdStrike

On July 22, 2024, CrowdStrike Intelligence identified a Word document containing macros that download an unidentified stealer now tracked as Daolpu. The document impersonates a Microsoft recovery manual.1 Initial analysis suggests the activity is likely criminal.

Read Post

CrowdStrike

Read more about Threat Actor Uses Fake CrowdStrike Recovery Manual to Deliver Unidentified Stealer

Protiviti and BlueVoyant Forge Strategic Partnership to Reinforce Cybersecurity Service Offerings Powered by the Microsoft Security Platform

Jul 22, 2024 By BlueVoyant and Protiviti In BlueVoyant

We're excited to announce that Protiviti, a global leader in consulting services and recognized authority in Microsoft compliance and identity, has formed a strategic partnership with BlueVoyant, an industry-leading MXDR Sentinel services provider, that additionally offers an AI-driven cyber defense platform.

Read Post

BlueVoyant

Read more about Protiviti and BlueVoyant Forge Strategic Partnership to Reinforce Cybersecurity Service Offerings Powered by the Microsoft Security Platform

Likely eCrime Actor Uses Filenames Capitalizing on July 19, 2024, Falcon Sensor Content Issues in Operation Targeting LATAM-Based CrowdStrike Customers

Jul 20, 2024 By Counter Adversary Operations In CrowdStrike

On July 19, 2024, an issue present in a single content update for the CrowdStrike Falcon sensor impacting Windows operating systems was identified, and a fix was deployed.1 CrowdStrike Intelligence has since observed threat actors leveraging the event to distribute a malicious ZIP archive named crowdstrike-hotfix.zip. The ZIP archive contains a HijackLoader payload that, when executed, loads RemCos.

Read Post

CrowdStrike

Read more about Likely eCrime Actor Uses Filenames Capitalizing on July 19, 2024, Falcon Sensor Content Issues in Operation Targeting LATAM-Based CrowdStrike Customers

Top 5 Stealer Logs Currently Affecting Users in 2024

Jul 19, 2024 By Foresiet In Foresiet

In today's digital landscape, stealer logs have become a significant threat, targeting sensitive information and compromising security. At Foresiet Threat Intelligence Team, we continuously monitor and analyze these threats to help protect individuals and organizations. Here are the top 5 stealer logs currently affecting users.

Read Post

Foresiet

Read more about Top 5 Stealer Logs Currently Affecting Users in 2024

CrowdStrike & Rubrik Customer Content Update Recovery For Windows Hosts

Jul 19, 2024 By Joshua Stenhouse In Rubrik

Joint customers utilizing Rubrik for immutable backup are recommended to utilize Rubrik in-place recoveries for impacted Windows VMware Virtual Machines (VMs), standard VM restores for Azure VMs, AWS EC2 instances, and live mounts for Hyper-V and AHV VMs. For VMware VMs this significantly reduces the recovery time by only recovering the changed blocks required to revert the VM to a snapshot before the 04:09 UTC CrowdStrike host update.

Read Post

Rubrik

Read more about CrowdStrike & Rubrik Customer Content Update Recovery For Windows Hosts

78% of Organizations Are Targets of Ransomware Attacks Two or More Times in Twelve Months

Jul 19, 2024 By Stu Sjouwerman In KnowBe4

New data puts the spotlight on the frequency and impact of modern ransomware attacks, highlighting the overconfidence organizations are showing in their ability to defend and respond to attacks. If you’re like one of the organizations surveyed in Halcyon’s latest Ransomware CISO Survey report, the findings were quite eye opening.

Read Post

KnowBe4

Read more about 78% of Organizations Are Targets of Ransomware Attacks Two or More Times in Twelve Months

Mastermind Behind Zeus And IcedID Malware Sentenced To 9 Years In Prison

Jul 18, 2024 By Key Dutch In ImmuniWeb

Read also: Global law enforcement op strikes West African cybercrime, the Astrostress operator gets a prison sentence, and more.

Read Post

ImmuniWeb

Read more about Mastermind Behind Zeus And IcedID Malware Sentenced To 9 Years In Prison

Change Healthcare Ransomware Attack May Cost Nearly $2.5 Billion

Jul 18, 2024 By Stu Sjouwerman In KnowBe4

The ransomware attack against UnitedHealth Group’s Change Healthcare platform is expected to cost the company up to $2.45 billion, more than a billion dollars more than was previously estimated, Cybersecurity Dive reports. The incident has already cost the firm nearly $2 billion.

Read Post

KnowBe4

Read more about Change Healthcare Ransomware Attack May Cost Nearly $2.5 Billion

Analyzing ViperSoftX: The Use of CLR and AutoIt for Stealthy Malware Operations

Jul 17, 2024 By Foresiet In Foresiet

The ViperSoftX info-stealing malware has evolved, now utilizing the common language runtime (CLR) to covertly execute PowerShell commands within AutoIt scripts. This sophisticated approach allows ViperSoftX to bypass traditional security measures and remain undetected, posing a significant threat to cybersecurity. Leveraging CLR and AutoIt for Stealth Operations CLR, a core component of Microsoft’s.NET Framework, functions as the execution engine for.NET applications.

Read Post

Foresiet

Read more about Analyzing ViperSoftX: The Use of CLR and AutoIt for Stealthy Malware Operations

Rapid Data Heist: Akira Ransomware Group's Two-Hour Attack on Veeam Servers

Jul 17, 2024 By Foresiet In Foresiet

In a startling development, the Akira ransomware gang has demonstrated a dramatic reduction in the time it takes to exfiltrate data from compromised servers. According to the BlackBerry Threat Research and Intelligence Team, this cybercriminal group managed to steal data from a Veeam server in just over two hours during a June attack on a Latin American airline.

Read Post

Foresiet

Read more about Rapid Data Heist: Akira Ransomware Group's Two-Hour Attack on Veeam Servers

What To Know About the CDK Global Ransomware Attack

Jul 17, 2024 By Ashley D'Andrea In Keeper

The CDK Global ransomware attack was first reported in June 2024. Ransomware infected CDK Global, a software vendor that serves thousands of North American car dealerships. This ransomware attack affected over 10,000 U.S. car dealerships, their employees and their customers.

Read Post

Keeper

Read more about What To Know About the CDK Global Ransomware Attack

CTI Roundup: Threat Actor Updates. APT40, CloudSorcerer, Eldorado

Jul 17, 2024 By Tanium In Tanium

APT40 rapidly exploits network vulnerabilities, CloudSorcerer APT targets Russian organizations, and Eldorado threatens Windows and Linux systems.

Read Post

Tanium

Read more about CTI Roundup: Threat Actor Updates. APT40, CloudSorcerer, Eldorado

HardBit Ransomware - What You Need to Know

Jul 17, 2024 By Graham Cluley In Tripwire

A new strain of the HardBit ransomware has emerged in the wild. It contains a protection mechanism in an attempt to prevent analysis from security researchers.

Read Post

Tripwire

Read more about HardBit Ransomware - What You Need to Know

New Ransomware Threat Group Calls Attack Victims to Ensure Payments

Jul 17, 2024 By Stu Sjouwerman In KnowBe4

Analysis of new ransomware group Volcano Demon provides a detailed look into how and why calling victims ups the chances of ransomware payment. Security researchers at Halcyon have uncovered a new ransomware threat group that initially follows traditional methods – harvesting admin credentials, data exfiltrated to a C2 server, logs cleared and data was encrypted using LukaLocker. However, Volcano Demon attacks take a different direction in the extortion phase.

Read Post

KnowBe4

Read more about New Ransomware Threat Group Calls Attack Victims to Ensure Payments

From Ransomware to Resilience: Securing Government Agencies Worldwide

Jul 16, 2024 By Celine Gajnik In ThreatQuotient

Government agencies worldwide are entrusted with safeguarding sensitive data and facilitating seamless operations across various critical infrastructure sectors. However, this pivotal role puts them in threat actors’ sights – from cybercriminals to politically motivated entities to state-sponsored actors from other parts of the world.

Read Post

ThreatQuotient

Read more about From Ransomware to Resilience: Securing Government Agencies Worldwide

SEC Fines Publicly Traded Company $2.125 Million For Negligence Before, During, and After a Ransomware Attack

Jul 16, 2024 By Stu Sjouwerman In KnowBe4

According to the filing, the organization in question failed to devise controls to adequately detect, respond to, and disclose an attack that included data exfiltration and service disruption. Back in 2021, R.R. Donnelley & Sons Co.

Read Post

KnowBe4

Read more about SEC Fines Publicly Traded Company $2.125 Million For Negligence Before, During, and After a Ransomware Attack

Espionage-Intent Threat Groups Are Now Using Ransomware as a Diversion Tactic in Cyberattacks

Jul 16, 2024 By Stu Sjouwerman In KnowBe4

A new report focused on cyber espionage actors targeting government and critical infrastructure sectors highlights the strategic use of ransomware for distraction or misattribution. It was inevitable: a threat group using a secondary attack type to cover their tracks – whether those “tracks” are the groups true intent, who’s responsible – or to simply make some additional money after they’re done with the initial attack.

Read Post

KnowBe4

Read more about Espionage-Intent Threat Groups Are Now Using Ransomware as a Diversion Tactic in Cyberattacks

Protect Users From Phishing and Malicious Content with Lookout

Jul 16, 2024 By Lookout In Lookout

See how Lookout's phishing and content protection engine enhances security by blocking access to suspicious sites. Discover how remote browser isolation technology safeguards against zero-day phishing sites, preventing credential theft and malicious code execution on endpoint devices.

View Video

Lookout

Read more about Protect Users From Phishing and Malicious Content with Lookout

Signs of Malware Infection and How To Remove It

Jul 16, 2024 By Ashley D'Andrea In Keeper

Malware is malicious software that can infect your device in many ways, like when you download a free game or movie. Some signs that your device is infected with malware include random pop-ups, freezing or slowing down, suddenly limited storage space and apps you don’t remember installing. Continue reading to learn the 10 most common signs that your device has a malware infection, how to remove malware from your device and how to protect your devices from becoming infected.

Read Post

Keeper

Read more about Signs of Malware Infection and How To Remove It

The most common entry points for ransomware attacks

Jul 16, 2024 By Parablu In Parablu

In this insightful discussion, Anand Prahlad, CEO and President of Parablu, poses a crucial question about ransomware threats: "What do you think are some of the most common entry points for ransomware into organizations? And do you think organizations are doing enough to defend themselves in these vulnerable areas?" Ashok Kumar Ratnagiri, Associate VP of Information Security at EdgeVerve and Co-Founder of Security BSides Bangalore Community, shares his expert insights on this pressing issue.

View Video

Parablu

Read more about The most common entry points for ransomware attacks

Phishing Continues to Be the Primary Entry to Ransomware Attacks

Jul 15, 2024 By Stu Sjouwerman In KnowBe4

Phishing remains a top initial access vector for ransomware actors, according to researchers at Cisco Talos. The threat actors often use phishing to steal legitimate credentials so they can use employee accounts without raising suspicion.

Read Post

KnowBe4

Read more about Phishing Continues to Be the Primary Entry to Ransomware Attacks

SenseOn achieves 98.7% detection rate in Malware Protection Test and 0 false positives in AV-Comparatives Business Security Report

Jul 15, 2024 By Isabel Carter In SenseOn

SenseOn is delighted to have achieved over 98.7% detection rate in the Malware Protection Test and 0 false positive alerts in the Real-World Protection Test, reveals the latest AV-Comparatives Business Security Report. Such a high protection rate can help provide security professionals with reassurance and peace of mind in their endpoint protection capabilities, and help to reduce their organisation’s risk exposure, optimise their internal resources and enhance their incident response playbooks.

Read Post

SenseOn

Read more about SenseOn achieves 98.7% detection rate in Malware Protection Test and 0 false positives in AV-Comparatives Business Security Report

Bolstering Azure Blob Storage and Data Lake Gen 2 Security with Rubrik's Cyber Resilience Solution

Jul 15, 2024 By Mike Preston In Rubrik

Enterprises today generate and store colossal volumes of data in Azure Blob Storage and Data Lake Gen 2, leveraging these services for cloud-native workloads, archives, and artificial intelligence (AI) training models. However, with the deluge of information comes the amplified risk of exposure to security blind spots and the potential compromise of sensitive, mission-critical data.

Read Post

Rubrik

Read more about Bolstering Azure Blob Storage and Data Lake Gen 2 Security with Rubrik's Cyber Resilience Solution

Facebook Malvertising Epidemic - Unraveling a Persistent Threat: SYS01

Jul 15, 2024 By Trustwave In Trustwave

The Trustwave SpiderLabs Threat Intelligence team's ongoing study into how threat actors use Facebook for malicious activity has uncovered a new version of the SYS01 stealer. This stealer is designed to take over Facebook accounts, steal credential information from affected users' browsers, and then leverage legitimate accounts to further the spread of the malware.

Read Post

Trustwave

Read more about Facebook Malvertising Epidemic - Unraveling a Persistent Threat: SYS01

RansomHub Ransomware - What You Need To Know

Jul 12, 2024 By Graham Cluley In Tripwire

Despite first appearing earlier this year, RansomHub is already considered one of the most prolific ransomware groups in existence. It operates a ransomware-as-a-service (RaaS) operation, meaning that a central core of the group creates and maintains the ransomware code and infrastructure, and rents it out to other cybercriminals who act as affiliates.

Read Post

Tripwire

Read more about RansomHub Ransomware - What You Need To Know

Ransomware Attacks on Healthcare Is Costing Lives

Jul 11, 2024 By Roger Grimes In KnowBe4

Ransomware is more prolific and expensive than ever. Depending on the source you read, the average or median ransomware payment was at least several hundred thousand dollars to well over several million in 2023. Marsh, a leader in cybersecurity insurance, wrote that its customers paid an average of $6.5 million in ransom in 2023 (after just paying an average of $1.4 million in 2023).

Read Post

KnowBe4

Read more about Ransomware Attacks on Healthcare Is Costing Lives

CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Tools

Jul 11, 2024 By Miguel Hernández In Sysdig

The Sysdig Threat Research Team (TRT) continued observation of the SSH-Snake threat actor we first identified in February 2024. New discoveries showed that the threat actor behind the initial attack expanded its operations greatly, justifying an identifier to further track and report on the actor and campaigns: CRYSTALRAY. This actor previously leveraged the SSH-Snake open source software (OSS) penetration testing tool during a campaign exploiting Confluence vulnerabilities.

Read Post

Sysdig

Read more about CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Tools

AI-Powered Tool Meliorator Fuels Russian Disinformation Campaigns on Social Media

Jul 11, 2024 By Foresiet In Foresiet

Russian state-sponsored media organization RT has been using AI-powered software to generate realistic social media personas and spread disinformation for the past two years. This sophisticated tool, known as Meliorator, has been employed to target multiple countries, including the US, Poland, Germany, the Netherlands, Spain, Ukraine, and Israel. Meliorator's Capabilities.

Read Post

Foresiet

Read more about AI-Powered Tool Meliorator Fuels Russian Disinformation Campaigns on Social Media

Woken by Ransomware, Are We Hypnotized by Tunnel Vision?

Jul 11, 2024 By Ronald Beiboer In Splunk

Over the last five to ten years cybersecurity has become a boardroom subject in the majority of enterprises. This would have never happened without ransomware. Ransomware has been the best board-level awareness tool ever.

Read Post

Splunk

Read more about Woken by Ransomware, Are We Hypnotized by Tunnel Vision?

Ransomware Attacks: Held Hostage by Code

Jul 10, 2024 By Devo In Devo

Data is among the most valuable assets for companies, making it a prime target for malicious actors. Ransomware attacks that seize data and demand a price for its return have become a significant concern for businesses and individuals. According to the Verizon 2024 Data Breach Investigations Report, about one-third of all breaches involved ransomware or another extortion technique. Here’s everything you need to know about ransomware and how to prevent a successful attack.

Read Post

Devo

Read more about Ransomware Attacks: Held Hostage by Code

Understanding Prince Ransomware: A Comprehensive Overview

Jul 10, 2024 By Foresiet In Foresiet

In the ever-evolving landscape of cybersecurity threats, ransomware remains a formidable adversary. Among the recent additions to this domain is Prince Ransomware, a sophisticated piece of malware written from scratch in Go. This blog will provide an in-depth look at Prince Ransomware, its unique encryption mechanisms, the process of building and deploying it, and the ethical considerations surrounding its release as an open-source project. What is Prince Ransomware?

Read Post

Foresiet

Read more about Understanding Prince Ransomware: A Comprehensive Overview

How Rubrik Supports Least Privileged Access in Microsoft Azure Cloud

Jul 10, 2024 By Anuwat Sisaleumsak and In Rubrik

The digital landscape is wild--and getting wilder. Research from Rubrik Zero Labs shows that cyber attacks are on the rise, with 94% of organizations reporting a significant attack in the last year. And the attacks are effectively disrupting business, with 62% of those reporting an attack revealing that their systems were compromised. So security teams need to use all of the tools in their toolkits to protect the enterprise.

Read Post

Rubrik

Read more about How Rubrik Supports Least Privileged Access in Microsoft Azure Cloud

New RedTail Malware Exploited Via PHP Security Vulnerability

Jul 10, 2024 By Prashant Tilekar In Forescout

RedTail is a sophisticated malware designed for unauthorized cryptocurrency mining with a focus on Monero. It was first identified in January 2024, but it has been circulating since at least December 2023. Its latest iterations show improvements in evasion and persistence mechanisms, underscoring the significant expertise and resources driving its development.

Read Post

Forescout

Read more about New RedTail Malware Exploited Via PHP Security Vulnerability

The Importance of Security Culture: When Telecom Giants Resort to Malware

Jul 9, 2024 By Javvad Malik In KnowBe4

I recently read a story about a South Korean telecom company that pushed out malware to over 600,000 of its customers who were using torrents to share files, in a bid to limit their file-sharing capabilities. Users reported that their files went missing, random folders appeared, and in some cases, their PCs were disabled.

Read Post

KnowBe4

Read more about The Importance of Security Culture: When Telecom Giants Resort to Malware

How to Create a Ransomware Recovery Plan & Prevent Attacks

Jul 8, 2024 By David Safaii In Trilio

Ransomware isn’t just a threat—it’s a harsh reality facing IT professionals in many industries. And while Kubernetes and OpenShift are powerful platforms for modern infrastructure, they introduce unique complexities that cybercriminals can exploit. The fallout from a successful attack is well documented: significant financial loss, operational downtime, and potential damage to your organization’s reputation.

Read Post

Trilio

Read more about How to Create a Ransomware Recovery Plan & Prevent Attacks

Understanding an 0ktapus Phishing Campaign

Jul 8, 2024 By Fireblocks In Fireblocks

The recent surge in phishing attacks capable of bypassing multi-factor authentication (MFA) has raised significant concerns in the cybersecurity landscape. These attacks highlight the fact that even systems protected by MFA have vulnerabilities, making it imperative for organizations to stay vigilant and not rely on a single control as a silver bullet. One such campaign, known as 0ktapus, provides a crucial case study in understanding the methods and impacts of these phishing attacks.

Read Post

Fireblocks

Read more about Understanding an 0ktapus Phishing Campaign

UX Design and Research for AI-Driven Products with Rubrik User Researcher Tianmi Fang

Jul 8, 2024 By Rubrik In Rubrik

In this video, we delve into the design process of Rubrik Ruby, your generative AI-powered cyber recovery companion, and how it addresses real user problems for security and IT teams. We took a different approach by focusing on understanding user pain points and leveraging the power of AI to provide solutions. One of Ruby's key benefits is its ability to automate repetitive tasks, freeing up your time and energy. Ruby utilizes AI and automation to prioritize overwhelming information, ensuring that you get what you need when you need it.

View Video

Rubrik

Read more about UX Design and Research for AI-Driven Products with Rubrik User Researcher Tianmi Fang

State of Ransomware

Jul 8, 2024 By Fidelis Security In Fidelis Security

In this video we discuss the state of ransomware and the latest threat intelligence.

View Video

Fidelis Security

Read more about State of Ransomware

Volcano Demon Ransomware Group Uses Phone Calls for Direct Extortion

Jul 5, 2024 By Foresiet In Foresiet

A newly identified ransomware group, "Volcano Demon," has emerged, targeting executives directly with threatening phone calls instead of the typical data leak sites. Over the past two weeks, this group has carried out several attacks, deploying a unique ransomware variant known as “LukaLocker,” according to a report from Halcyon. LukaLocker Ransomware Attack Overview Volcano Demon’s ransomware, LukaLocker, encrypts files with a.nba extension.

Read Post

Foresiet

Read more about Volcano Demon Ransomware Group Uses Phone Calls for Direct Extortion

CLEARFAKE Update Tricks Victim into Executing Malicious PowerShell Code

Jul 5, 2024 By Kroll In Kroll

CLEARFAKE is the term used to describe the malicious in-browser JavaScript framework deployed on compromised webpages as part of drive-by compromise campaigns to deliver information stealers. It has the potential to impact all sectors. Although the CLEARFAKE fake browser update campaign (which was initially identified in Q2 2023) originally targeted Windows users, it expanded to macOS users in Q4 2023.

Read Post

Kroll

Read more about CLEARFAKE Update Tricks Victim into Executing Malicious PowerShell Code

New "Paste and Run" Phishing Technique Makes CTRL-V A Cyber Attack Accomplice

Jul 5, 2024 By Stu Sjouwerman In KnowBe4

A new phishing campaign tries to trick email recipients into pasting and executing malicious commands on their system that installs DarkGate malware. Security researchers at Ahnlab have discovered a new phishing campaign that leverages a unique user interaction. Normally, phishing campaigns simply need users to open an HTML attachment.

Read Post

KnowBe4

Read more about New "Paste and Run" Phishing Technique Makes CTRL-V A Cyber Attack Accomplice

Volcano Demon Ransomware Group Rings Its Victims To Extort Money

Jul 4, 2024 By Graham Cluley In Tripwire

Security researchers have warned that a new ransomware group has taken an unusual twist on the traditional method of extorting money from its corporate victims.

Read Post

Tripwire

Read more about Volcano Demon Ransomware Group Rings Its Victims To Extort Money

New Exploit in Microsoft MSHTML Delivers MerkSpy Spyware Tool

Jul 3, 2024 By Foresiet In Foresiet

A newly discovered spyware tool named MerkSpy is targeting users in Canada, India, Poland, and the U.S., exploiting a patched security flaw in Microsoft MSHTML. This campaign, identified by Foresiet researchers, highlights the critical need for vigilant cybersecurity practices, including stolen credentials detection, darknet monitoring services, and digital footprint analysis. Attack Overview The attack begins with a Microsoft Word document disguised as a job description for a software engineer.

Read Post

Foresiet

Read more about New Exploit in Microsoft MSHTML Delivers MerkSpy Spyware Tool

Massive Supply-Chain Ransomware Attack Cripples Thousands of Car Dealerships

Jul 3, 2024 By Foresiet In Foresiet

A widespread ransomware attack has brought thousands of car dealerships across the United States to a halt. The incident, attributed to the BlackSuit ransomware gang, targeted CDK Global, a software provider essential to the operations of numerous car dealerships. This breach underscores the critical need for robust cybersecurity measures such as stolen credentials detection, darknet monitoring services, and digital footprint analysis.

Read Post

Foresiet

Read more about Massive Supply-Chain Ransomware Attack Cripples Thousands of Car Dealerships

Securing Hypervisor Environments: Rubrik Intends to Extend Support for OpenShift Virtualization and Proxmox VE

Jul 2, 2024 By Justin Ruiz In Rubrik

In today's digital landscape, where data is the lifeblood of any business, securing and protecting hypervisor environments is paramount. Hypervisors, such as OpenShift Virtualization and Proxmox VE, play a critical role in virtualized environments. The threat landscape constantly evolves, with cyberattacks becoming more sophisticated and data breaches rising.

Read Post

Rubrik

Read more about Securing Hypervisor Environments: Rubrik Intends to Extend Support for OpenShift Virtualization and Proxmox VE

Data Security Posture Management Demystified

Jul 2, 2024 By Seema Kathuria In Rubrik

Human illness is inevitable. So are data breaches. In 2023 alone, there were 10,626 confirmed data breaches, doubling that in 2022 (5,199 breaches). You cannot protect yourself 100% from getting ill. But you can proactively adopt a healthy lifestyle and habits to help reduce the risk and the impact of an illness and recover quickly. Similarly, your organization cannot protect itself 100% from the outcome of a data breach.

Read Post

Rubrik

Read more about Data Security Posture Management Demystified

Infosys McCamish Systems Ransomware Attack: Over Six Million Customers' Data Compromised

Jul 2, 2024 By Foresiet In Foresiet

A significant ransomware attack on Infosys McCamish Systems, an outsourcing service provider for financial and insurance companies, has impacted over six million customers. The breach, which took place in late 2023, was only recently disclosed in a filing with the Maine Office of the Attorney General (OAG). This incident underscores the importance of robust cybersecurity measures such as stolen credentials detection, darknet monitoring services, and digital footprint analysis.

Read Post

Foresiet

Read more about Infosys McCamish Systems Ransomware Attack: Over Six Million Customers' Data Compromised

Ransomware Attack on U.K. Health Service Laboratory Disrupts Major London Hospital Services

Jul 2, 2024 By Stu Sjouwerman In KnowBe4

What likely started as a quick ransomware “smash and grab” has turned into a headline case resulting in responses from both U.K. and U.S. law enforcement. Earlier this month, several larger London hospitals suddenly had no access to lab results. It turned out to be the result of a ransomware attack on laboratory partner Synnovis that crippled hospitals and health services that rely on Synnovis.

Read Post

KnowBe4

Read more about Ransomware Attack on U.K. Health Service Laboratory Disrupts Major London Hospital Services

Detecting The Agent Tesla Malware Family

Jul 2, 2024 By Keith J. Jones In Corelight

Welcome to the latest from Corelight Labs! This blog continues our tradition of picking a popular malware family from Any.Run and writing a detector for it! Trending consistently at #1 on Any.Run’s malware trends list, Agent Tesla uses multiple protocols to communicate with its C2 infrastructure, making it more difficult to detect robustly than a malware sample utilizing only one network protocol for its C2.

Read Post

Corelight

Read more about Detecting The Agent Tesla Malware Family

Common Types of Cyberattacks: What Is Malware?

Jul 1, 2024 By SecuritySenses In SecuritySenses

With the advent of several sophisticated technologies, such as artificial intelligence, robotics, deep learning, and machine learning, the rate at which cyberattacks occur is unsurprisingly common. But what is a cyberattack?

Read Post

SecuritySenses

Read more about Common Types of Cyberattacks: What Is Malware?

New Malware Campaign Impersonates AI Tools To Trick Users

Jul 1, 2024 By Stu Sjouwerman In KnowBe4

Researchers at ESET warn that malvertising campaigns are impersonating AI tools to trick users into installing malware. The Rilide infostealer, for example, is being distributed via a malicious browser extension posing as Sora or Gemini. “In the case of the malicious browser extension, it is delivered to victims who have been duped into clicking on malicious ads, typically on Facebook, that promise the services of a generative AI model,” the researchers write.

Read Post

KnowBe4

Read more about New Malware Campaign Impersonates AI Tools To Trick Users

Rubrik and Nutanix Extend Partnership to Enhance Security for Nutanix Cloud Clusters (NC2) on AWS and Azure

Jul 1, 2024 By Srujana Puttagunta In Rubrik

Cyber threats pose a significant risk to virtualized infrastructure. According to the latest Rubrik Zero Labs report, 83% of encrypted data across all industries is within a virtualized architecture. Virtualized architectures typically have less security coverage than traditional endpoints. This creates security dead spots and consequently allows attackers unfettered access.

Read Post

Rubrik

Read more about Rubrik and Nutanix Extend Partnership to Enhance Security for Nutanix Cloud Clusters (NC2) on AWS and Azure

The Top 10 Ransomware TTPs

Jul 1, 2024 By Arctic Wolf In Arctic Wolf

In Arctic Wolf’s The State of Cybersecurity: 2024 Trends Report, we asked organizations what their primary area of concern was regarding cybersecurity, and for the third year running the answer was crystal clear: Ransomware.

Read Post

Arctic Wolf

Read more about The Top 10 Ransomware TTPs

Regulatory Compliance and Ransomware Preparedness

Jul 1, 2024 By Josh Breaker-Rolfe In LevelBlue

Ransomware attacks are a huge problem: in the past five years alone, they have brought about a state of emergency across vast swathes of the United States, threatened to topple the Costa Rican government, and brought Portugal's largest media conglomerate to its knees. And ransomware attackers show no signs of slowing down: last year, roughly one-third of all data breaches involved ransomware or some other extortion technique.

Read Post

LevelBlue

Read more about Regulatory Compliance and Ransomware Preparedness

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2024