A threat actor is using a custom-made backdoor to target organizations operating in South and Southeast Asia. Sectors at immediate risk include government, aviation, education and telecommunications. The Lancefly ATP group uses custom-written malware that Symantec's Threat Hunter Team calls Merdoor.
U.S. authorities revealed the Russian man behind a two-decade span of abetting cybercriminals' theft of credit cards, dismantled his online infrastructure and offered a hefty reward for information leading to his arrest. Prosecutors say the man, Denis Kulkov, ran a service now known as Try2Check.
Apple users: Don't fear newly discovered samples of LockBit ransomware designed to target newer macOS devices. Researchers say the still-in-development code, tied to no known in-the-wild attacks, contains numerous errors, leaving it unable to execute.
Microsoft has issued fixes for 114 vulnerabilities, including patching a zero-day flaw being actively exploited by a ransomware group and updating guidance to block a vulnerability from 2013 that was recently exploited for the software supply chain attack on 3CX users, attributed to North Korea.
A crew of English-speaking European teenagers with a variety of skills and knowledge of Greek and Roman mythology are likely behind an up-and-coming cybercrime group called FusionCore. Group leader "Hydra" in March shared a screenshot of a malware dashboard set to display Sweden time by default.
The FBI and other national police are touting an operation that dismantled Genesis Market, a marketplace used by ransomware hackers and bank thieves to gain ongoing access to victims' computers. Genesis Market since 2018 offered access to more than 1.5 million compromised computers around the world.
Stung by the FBI's infiltration and takedown of the Hive ransomware group, other ransomware operators have been retooling their approaches to make their attacks more effective and operations tougher to disrupt, says Yelisey Bohuslavskiy, chief research officer at threat intelligence firm Red Sense.
So far, the Clop ransomware group campaign using a zero-day vulnerability in Fortra's widely used managed file transfer software, GoAnywhere MFT, has compromised networks used by 130 different organizations. The gang has so far taken responsibility for over 50 hacks.
Europe's cybersecurity agency predicts hackers will take advantage of the growing overlap between information and operational technologies in the transport sector and disrupt OT processes in a targeted attack. Ransomware will become a tool wielded for political and financial motivations, says ENISA.
Threat actors are exploiting the ongoing economic downturn by using job-themed phishing and malware campaigns to target job seekers and employers to steal sensitive information and hack company recruiters. Researchers advise companies to be wary of attachments and URLs.
A Chinese law requiring mandatory disclosure to the government of vulnerability reports appears to be paying dividends for state-connected hacking. "The Chinese government is up-leveling their capabilities," says Adam Meyers, senior vice president of intelligence at CrowdStrike.
In the latest weekly update, ISMG editors discuss the lasting effects of the takedown of the Hive ransomware group, why the U.S. government is warning of a surge in Russian DDoS attacks on hospitals, and why the lack of transparency in U.S. breach notices is creating more risk for consumers.
The total amount of ransom payments being sent by victims to ransomware groups appears to have taken a big dip, declining by 40% from $766 million in 2021 to $457 million in 2022 due to victims simply being unwilling to pay, blockchain intelligence firm Chainalysis reports.
The notorious LockBit 3.0 ransomware group runs just like a business, focusing on recruiting top talent and maintaining an advanced product - which has led to the group's longevity. But the operators' insecurities could be key to the group's undoing, says security researcher Jon DiMaggio.
Trend Micro spotted operators of the Gootkit malware loader targeting the Australian healthcare sector. Trend Micro doesn't assert the Gootkit campaign is behind a ransomware attack against the country's largest private health insurer but says the "recent campaign might remind us of this incident."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.