The latest evolution of the ransomware service model, RansomHub, has only been around since February of this year, but its affiliates are already successfully exfiltrating data. You know you’re a problem when the U.S. government puts out a notice about you. That’s the case for RansomHub — the latest iteration of a ransomware as a service group formerly working under the names Cyclops and Knight.

In today's digital landscape, cyber attacks are an ever-present threat, and they all ultimately target one thing: data. For most organizations, the challenge lies not only in protecting this data but also in understanding the full scope of what they have. Many organizations struggle to identify how much sensitive data they possess, where it resides, and who has access to it.

Emansrepo Stealer spreads via email, Palo Alto sheds light on top-level domains, and Earth Lusca deploys a new multiplatform backdoor.

This is the second in a series of articles about cloud-based attack vectors. Check out our last article about admin takeovers! Inside the Cloud: Attacks & Prevention – Administrative Account Compromise Ransomware has long been associated with takeovers of endpoints. However, attackers are evolving to target cloud environments – and the effects can be devastating.

Crystal Rans0m is a previously undocumented hybrid ransomware family developed in Rust programming language seen for the first time in the wild on September 2nd, 2023. Interestingly, it does not only encrypt victim’s files, demanding a ransom for their release, but also steals sensitive information from the infected systems. This dual-threat approach means that attackers can double their leverage over victims, potentially increasing their chances of monetizing their attacks.

Researchers at Bitdefender warn that law firms are high-value targets for ransomware gangs and other criminal threat actors. Attackers frequently use phishing to gain initial access to an organization’s networks. “Phishing is one of the most common attacks in the legal field,” the researchers write. “Cybercriminals pose as legitimate entities, tricking employees into divulging sensitive information or clicking malicious links.

Advanced Persistent Threat (APT) groups have long been key players in global cyber espionage, and in 2024, a Chinese-linked threat cluster known as "Crimson Palace" continues to demonstrate its effectiveness. This collective of three distinct APT units has managed to breach multiple organizations across Asia, including a prominent government agency in Southeast Asia, proving their ability to evade detection and extract sensitive information.

The World Health Organisation (WHO) recently hosted a webinar to discuss the critical importance of cybersecurity in the healthcare sector, which highlighted the severity of the situation the industry is currently facing. Healthcare organisations are increasingly relying on digital systems to facilitate their daily workflow, but the prevalence of outdated legacy technology in the sector is rendering it vulnerable to cyberattacks with severe consequences.

Threat actors are opting for malicious links over attachments in email-based attacks because it gives them a critical advantage that many solutions can’t address. Given that a malicious email is the very first step (or close to it) in an attack, it’s critically important that the attack maintain its’ stealth; detecting an attack at this point means an early (and well-deserved) death to the attack itself – something threat actors don’t want to see.

Flannel shirts, acid-washed jeans, Polaroid cameras, and vinyl records—these items which were once out of style are now emerging as popular must-haves among the younger generation. In the realm of IT, data backup has always been a necessity. Initially, it represented a compelling concept—storing data in an alternate location to ensure redundancy and failover capabilities in preparation for natural disasters.