In October 2022, a novel ransomware named Prestige was found targeting logistics and transportation sectors in Ukraine and Poland. According to Microsoft, victims affected by Prestige overlap with previous victims targeted by HermeticWiper, spotted in February 2022. The research also shows that the attackers deployed the ransomware within an hour between all victims, abusing highly privileged domain credentials to deploy the payload.

Meet "Sodinokibi" this month, the threat group behind the eponymous Sodinokibi ransomware, also known as “REvil”, to understand their tactics and how you can better secure your system from this threat

As the attack surface widens and cybercriminals get more sophisticated, organizations are struggling to prepare for and respond to ransomware and other cyber incidents. According to the inaugural State of Data Security report from Rubrik Zero Labs, a staggering 92% of global IT and security leaders are concerned they are unable to maintain business continuity following an attack.

Agent Tesla is a remote access trojan (RAT) written for the.NET framework that has knowingly been in operation since 2014. Threat actors behind this malware have leveraged many different methods to deliver their payload over time including macro enabled Word documents, Microsoft Office vulnerabilities, OLE objects and most recently, compiled HTML help files.

Healthcare organisations in the United States are being warned to be on their guard once again, this time against a family of ransomware known as Venus. An advisory from the United States Department of Health and Human Services (HHS) has warned that the cybercriminals behind the Venus ransomware have targeted at least one healthcare entity in the United States, and are known to be targeting publicly-exposed Remote Desktop Servers.

In this third post in our series on Malicious Software Packages, we’ll focus on the aftermath of a successful attack and how the attacker executes payloads to serve their needs through various real-life scenarios. Before we start, let’s review a few highlights from the second post you might’ve missed: Now, let’s get to blog three in the series.

PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers. Security researchers at ESET discovered flaws in 25 of its laptop models - including IdeaPads, Slims, and ThinkBooks - that could be used to disable the UEFI Secure Boot process.