• Saudi Aramco data breach sees 1 TB stolen data for sale

    July 19, 2021

    Attackers have stolen 1 TB of proprietary data belonging to Saudi Aramco and are offering it for sale on the darknet. The Saudi Arabian Oil Company, better known as Saudi Aramco, is one of the largest public petroleum and natural gas companies in the world. The oil giant employs over 66,000 employees and brings in almost $230 ...

  • Ecuador’s state-run CNT telco hit by RansomEXX ransomware

    July 17, 2021

    Ecuador’s state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal, and customer support. CNT is Ecuador’s state-run telecommunication carrier that offers fixed-line phone service, mobile, satellite TV, and internet connectivity. Read more… Source: Bleeping Computer  

  • Toddler mobile banking malware surges across Europe

    July 16, 2021

    Researchers have provided a deep dive into Toddler, a new Android banking Trojan that is surging across Europe. In a report shared with ZDNet, the PRODAFT Threat Intelligence (PTI) team said that the malware, also known as TeaBot/Anatsa, is part of a rising trend of mobile banking malware attacking countries, including Spain, Germany, Switzerland, and the ...

  • DDoS attack registered on Russian Defense Ministry website

    July 16, 2021

    The official website of the Russian Defense Ministry is down due to a DDoS attack, a source in the law enforcement informed TASS on Friday. “Specialists from the defense ministry are repelling a DDoS attack on the official website of the Defense Ministry,” the source said. Read more… Source: TASS  

  • Cyberattack on Moldova’s Court of Accounts destroyed public audits

    July 16, 2021

    Moldova’s “Court of Accounts” has suffered a cyberattack leading to the agency’s public databases and audits being destroyed. Court of Accounts of Moldova is a government authority that performs audits of public financial resources and government agencies to comply with international standards. Read more… Source: Bleeping Computer  

  • Linux Variant of HelloKitty Ransomware Targets VMware ESXi Servers

    July 16, 2021

    For the first time, researchers have publicly spotted a Linux encryptor used by the HelloKitty ransomware gang: the outfit behind the February attack on videogame developer CD Projekt Red. On Wednesday, MalwareHunterTeam disclosed its discovery of numerous Linux ELF-64 versions of the HelloKitty ransomware targeting VMware ESXi servers and virtual machines (VMs) running on them. Read more… Source: ...

  • Cybercriminals took advantage of WFH to target financial services companies, says Financial Stability Board report

    July 14, 2021

    Criminals targeted security gaps at financial services firms as their staff moved to working from home, according to a report issued by the Financial Stability Board (FSB) on Tuesday. Established after the G20 London summit in April 2009, the FSB makes recommendations about the global financial system and coordinates financial rules for the G20 group of ...

  • Trickbot updates its VNC module for high-value targets

    July 14, 2021

    The Trickbot botnet malware that often distributes various ransomware strains, continues to be the most prevalent threat as its developers update the VNC module used for remote control over infected systems. Its activity has been increasing constantly since the complete disruption of the Emotet botnet in January, which acted as a distributor for both Trickbot and ...

  • SonicWall releases urgent notice about ‘imminent’ ransomware targeting firmware

    July 14, 2021

    Networking device maker SonicWall sent out an urgent notice to its customers about “an imminent ransomware campaign using stolen credentials” that is targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life 8.x firmware. In addition to the notice posted to its website, SonicWall sent an email to anyone ...

  • The Underground Exploit Market and the Importance of Virtual Patching

    July 13, 2021

    Over the past two calendar years, we conducted research on the underground exploit market to learn more about the life cycle of exploits, the kinds of buyers and sellers who transact, and the business models that are in effect in the underground. We detail our findings in our research paper “The Rise and Imminent Fall ...

  • REvil ransomware gang’s web sites mysteriously shut down

    July 13, 2021

    The infrastructure and websites for the REvil ransomware operation have mysteriously gone offline as of last night. The REvil ransomware operation, aka Sodinokibi, operates through numerous clear web and dark web sites used as ransom negotiation sites, ransomware data leak sites, and backend infrastructure. Starting last night, the websites and infrastructure used by the REvil ransomware operation ...

  • INTERPOL – Immediate action required to avoid Ransomware pandemic

    July 12, 2021

    LYON, France – INTERPOL Secretary General Jürgen Stock has called for police agencies worldwide to form a global coalition with industry partners to prevent a potential ransomware pandemic. Speaking at the INTERPOL High-Level Forum on Ransomware (12 July), Secretary General Stock said that while some solutions existed nationally or bi-laterally, effectively preventing and disrupting ransomware meant ...

  • Kaseya claims SaaS restoration going swimmingly

    July 12, 2021

    Beleaguered IT management firm Kaseya says sixty per cent of its SaaS services have been successfully restored. An update to the firm’s advisory regarding the attack on its VSA product, time-stamped 10:00PM Eastern Daylight Time (EDT) on July 11th, states: “The restoration of services is progressing according to plan, with 60% of our SaaS customers live ...

  • Voice cloning of growing interest to actors and cybercriminals

    July 12, 2021

    As voice cloning technology has become ever more effective, it is of increasing interest to actors… and cybercriminals. When Tim Heller first heard his cloned voice he says it was so accurate that “my jaw hit the floor… it was mind-blowing”. Voice cloning is when a computer program is used to generate a synthetic, adaptable copy of ...

  • Insurance giant CNA reports data breach after ransomware attack

    July 9, 2021

    CNA Financial Corporation, a leading US-based insurance company, is notifying customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March. CNA is considered the seventh-largest commercial insurance firm in the US based on stats from the Insurance Information Institute. Read more… Source: Bleeping Computer  

  • Biden tells Putin the U.S. will take ‘any necessary action’ after latest ransomware attack

    July 9, 2021

    President Biden told Russian President Vladimir Putin on Friday that the United States will take “any necessary action” to defend U.S. infrastructure, the White House said, after Russia-based hackers carried out the largest known ransomware attack to date. Biden has been under increasing pressure to counter such costly, brazen assaults — pressure that spiked last weekend ...

  • Morgan Stanley reports data breach after vendor Accellion hack

    July 8, 2021

    Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor. Morgan Stanley is a leading global financial services firm providing investment banking, securities, wealth and investment management services worldwide. Read more… Source: Bleeping Computer  

  • Understanding REvil: The Ransomware Gang Behind the Kaseya Attack

    July 6, 2021

    REvil has emerged as one of the world’s most notorious ransomware operators. In just the past month, it extracted an $11 million payment from the U.S. subsidiary of the world’s largest meatpacking company based in Brazil, demanded $5 million from a Brazilian medical diagnostics company and launched a large-scale attack on dozens, perhaps hundreds, of ...

  • US warns of action against ransomware gangs if Russia refuses

    July 6, 2021

    White House Press Secretary Jen Psaki says that the US will take action against cybercriminal groups from Russia if the Russian government refuses to do so. Psaki added that the recent REvil ransomware attack on Florida-based IT company Kaseya is not yet attributed to anyone, specifically not to the Russian government. Read more… Source: Bleeping Computer  

  • REvil ransomware asks $70 million to decrypt all Kaseya attack victims

    July 5, 2021

    REvil ransomware has set a price for decrypting all systems locked during the Kaseya supply-chain attack. The gang wants $70 million in Bitcoin for the tool that allows all affected businesses to recover their files. The attack on Friday propagated through Kaseya VSA cloud-based solution used by managed service providers (MSPs) to monitor customer systems and ...