ransomware

High contrast image of a time bomb on a wooden background
Breaches Emerging Threats Enterprise Vulnerabilities

CVE-2024-0204 in GoAnywhere MFT is a Ticking Time Bomb

Image source: Shutterstock More than 96% of GoAnywhere MFT assets that security vendor Tenable observed on Jan 23 were vulnerable. Mass attacks could soon begin against a critical authentication bypass flaw in Fortra’s GoAnywhere Managed File Transfer (MFT) technology following the release of a proof-of-concept exploit for it this week. Fortra informed customers privately about […]

Read More
Emerging Threats Enterprise Vulnerabilities

LockBit Ransomware Operators Targeting CitrixBleed in Coordinated Attacks

Image source: Shutterstock China’s ICBC, Boeing, Australian logistics giant DP World, major law firm among known victims so far; More than 5,000 organizations worldwide remain unpatched and vulnerable to CVE-2023-4966 Multiple LockBit ransomware operators are apparently working in a coordinated manner to break into major organizations via “CitrixBleed” (CVE-2023-4966) a critical vulnerability in several versions […]

Read More
Malware

Destructive “CryWiper” disk-wiping malware is on the loose

Tool masquerades as ransomware but overwrites and destroys data making it unrecoverable, Kaspersky warns Security researchers at Kaspersky have spotted a new disk wiping malware tool dubbed CryWiper landing on target systems, disguised as ransomware. So far, researchers at the security vendor have only observed the operator of the malware deploy CryWiper in “pinpoint attacks” […]

Read More
Breaches Emerging Threats Malware

Australian Federal Police say Russian threat actor behind Medibank breach

“We will be holding talks with Russian law enforcement about these individuals,” AFP Commissioner says [300 words]. What: The Australian Federal Police (AFP) has identified the threat actor behind the catastrophic attack on health-insurer Medibank as being a Russia-based group. In a statement Friday, AFP Commissioner Reece Kershaw said that investigators had managed to trace […]

Read More
Breaches Enterprise Malware

Russia’s Iridium group deploying new ransomware payload

Prestige ransomware marks dangerous shift in strategy for threat actor Microsoft says [299 words]. What: Security researchers at Microsoft have spotted Russia-based threat group Iridium dropping a new ransomware payload dubbed “Prestige” on systems belonging to organizations in Ukraine and Poland. The Prestige campaign marks a broadening of focus for Iridium from its usual destructive […]

Read More
Breaches Malware

Black Basta ransomware operators are exploiting “PrintNightMare”, “ZeroLogon” and “NoPac” Flaws

New data that researchers at SentinelOne uncovered show that the notorious, financially-motivated FIN7 threat group may be behind—or has strong ties—to the Black Basta ransomware operation [300 words]. Why that matters: FIN7 has a record going back to at least 2012. The threat actor has looted more than $1.2 billion from victims around the world […]

Read More
Breaches Enterprise Vulnerabilities

Attackers actively exploiting VMware flaw that CISA deemed as posing “unacceptable risk” in May

Multiple campaigns are using CVE-2022-22954 to drop ransomware, coin miners and Mirai [299 words]. What: Multiple malicious campaigns are actively targeting a previously disclosed and now patched remote code execution vulnerability in VMware Workspace ONE Access and Identity Manager (CVE-2022-22954). Researchers from Fortinet’s FortiGuard Labs on Thursday said they had observed threat actors exploiting the […]

Read More