Image source: Shutterstock Many are also striking quickly after gaining initial access, a new report shows. Ransomware actors increasingly deployed adversary in the middle (AiTM) tactics to steal credentials and session cookies…
Tag: ransomware
New Vuln Enables Admin Access on Domain-Joined ESXi Hypervisors
Image Source: Shutterstock Ransomware attackers are leveraging CVE-2024-37085 to drop Black Basta, Akira on vulnerable systems, Microsoft says. Ransomware operators are exploiting an authentication bypass vulnerability in ESXi hypervisors to gain full…
CVE-2024-0204 in GoAnywhere MFT is a Ticking Time Bomb
Image source: Shutterstock More than 96% of GoAnywhere MFT assets that security vendor Tenable observed on Jan 23 were vulnerable. Mass attacks could soon begin against a critical authentication bypass flaw in…
LockBit Ransomware Operators Targeting CitrixBleed in Coordinated Attacks
Image source: Shutterstock China’s ICBC, Boeing, Australian logistics giant DP World, major law firm among known victims so far; More than 5,000 organizations worldwide remain unpatched and vulnerable to CVE-2023-4966 Multiple LockBit…
Destructive “CryWiper” disk-wiping malware is on the loose
Tool masquerades as ransomware but overwrites and destroys data making it unrecoverable, Kaspersky warns Security researchers at Kaspersky have spotted a new disk wiping malware tool dubbed CryWiper landing on target systems,…
Australian Federal Police say Russian threat actor behind Medibank breach
“We will be holding talks with Russian law enforcement about these individuals,” AFP Commissioner says [300 words]. What: The Australian Federal Police (AFP) has identified the threat actor behind the catastrophic attack…
Russia’s Iridium group deploying new ransomware payload
Prestige ransomware marks dangerous shift in strategy for threat actor Microsoft says [299 words]. What: Security researchers at Microsoft have spotted Russia-based threat group Iridium dropping a new ransomware payload dubbed “Prestige”…
Black Basta ransomware operators are exploiting “PrintNightMare”, “ZeroLogon” and “NoPac” Flaws
New data that researchers at SentinelOne uncovered show that the notorious, financially-motivated FIN7 threat group may be behind—or has strong ties—to the Black Basta ransomware operation [300 words]. Why that matters: FIN7…
Attackers actively exploiting VMware flaw that CISA deemed as posing “unacceptable risk” in May
Multiple campaigns are using CVE-2022-22954 to drop ransomware, coin miners and Mirai [299 words]. What: Multiple malicious campaigns are actively targeting a previously disclosed and now patched remote code execution vulnerability in…