REvil Ransomware Operator Behind The Kaseya Supply Chain Hack Sentenced To 13 Years In Prison
Read also: Notorious Finnish hacker receives a 6-year prison sentence for Vastaamo breach, and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
This is SCARLETEEL
In under five minutes, SCARLETEEL exploits an unpatched vulnerability to access credentials, escalate privileges, and move to other accounts, potentially stealing proprietary software. To defend against this threat, sophisticated layers of defense and speed are necessary. The 555 benchmark is one way to keep your team ready to act at the speed of the cloud.
Acid Rain, Pikabot, VenomRAT, Mallox Ransomware, and More: Hacker's Playbook Threat Coverage Round-up: March-April 2024
In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats, including those based on original research conducted by SafeBreach Labs. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.
Credentials And Control Go Bye, Bye, Bye with AsyncRAT: What You Need to Know
Introduced in 2019, AsyncRAT is classified as a remote access trojan (RAT) that primarily functions as a tool for stealing credentials and loading various malware, including ransomware. This RAT boasts botnet capabilities and features a command and control (C2) interface, granting operators the ability to manipulate infected hosts from a remote location.
CTI Roundup: ToddyCat APT, GuptiMiner Malware, APT28 Exploits a Windows Print Spooler Flaw
ToddyCat deploys advanced tools for industrial scale data theft, hackers use eScan updates to spread GuptiMiner malware, and Russia’s APT28 exploits a Windows Print Spooler flaw.
Shamane Tan on cyber resilience - Cyber Security Decoded
Bouncing back from a cyber incident, data breach or #ransomware attack is a great accomplishment…but how can you bounce forward? A complete Cyber Resilience strategy is mission-critical. Security teams should be proactive and have response plans in place for when #CyberAttacks hit, rather than attempting to prevent attacks from occurring. With a #CyberResilience strategy, your team will be equipped with a plan when a cyber incident occurs while also having tools to identify those malicious attacks before they happen.
The 443 Podcast, Ep. 286 - BatBadBut What?
This week on #the443podcast, we cover a research post describing a code injection vulnerability caused by how nearly every high-level programming language runs on Windows. We also discuss a series of vulnerabilities in LG televisions that allow remote attackers to root the device before ending with a chat about new adversarial tactics for delivering malware via GitHub.
CVE-2024-20353 and CVE-2024-20359: Cisco ASA and FTD Vulnerabilities Exploited by State-Sponsored Threat Actor in Espionage Campaign "ArcaneDoor"
On April 24, 2024, Cisco Talos and several government security agencies published details on a sophisticated threat campaign focused on espionage and gaining unauthorized access to sensitive information from targeted government entities and organizations in critical infrastructure. As part of that publication, Cisco disclosed CVE-2024-20353 and CVE-2024-20359, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices, which were actively exploited in the documented campaign.
"Junk gun" ransomware: the cheap new threat to small businesses
A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not make as many headlines as LockBit, Rhysida, and BlackSuit, it still presents a serious threat to organizations.
Trustwave SpiderLabs Reveals the Ransomware Threats Targeting Latin American Financial and Government Sectors
Ransomware-as-a-service (RaaS) threat groups are placing severe and continuous pressure on the financial and government services sectors in Latin America, according to data compiled by the elite Trustwave SpiderLabs team. RaaS is where developers working for threat actors manage and update the malware while affiliates carry out the actual ransomware attacks.