News – February 2024

  • ALPHV ransomware says it was behind attacks on loanDepot, Prudential Financial

    February 19, 2024

    The infamous ALPHV ransomware operator (also known as BlackCat) has added two companies to its data leak site – Prudential Financial, and loanDepot, in a seeming admission it was behind the attacks on both companies. So far, the group has only added the names to its site, with the actual data not yet available. Apparently, the ...

  • UK: Water group made loss in wake of cyber attack

    February 19, 2024

    The Walsall-headquartered integrated serviced group, which operates South Staffordshire Water and Cambridge Water, posted a pre-tax loss of £23.1 million for the year to the end of March from a £7.6m profit a year earlier. The losses was put down to the impact of rising costs including on energy and chemicals, higher than expected water production ...

  • Why are ransomware gangs making so much money?

    February 17, 2024

    For many organizations and startups, 2023 was a rough year financially, with companies struggling to raise money and others making cuts to survive. Ransomware and extortion gangs, on the other hand, had a record-breaking year in earnings, if recent reports are anything to go by. It’s hardly surprising when you look at the state of the ...

  • Alpha Ransomware Emerges From NetWalker Ashes

    February 16, 2024

    Alpha, a new ransomware that first appeared in February 2023 and stepped up its operations in recent weeks, has strong similarities to the long-defunct NetWalker ransomware, which disappeared in January 2021 following an international law enforcement operation. The NetWalker Connection Analysis of Alpha reveals significant similarities with the old NetWalker ransomware. Both threats use a similar ...

  • Microsoft Exchange vulnerability actively exploited

    February 16, 2024

    As it turns out, there was another actively exploited vulnerability included in Microsoft’s patch Tuesday updates for February. When Microsoft said in its update guide for CVE-2024-21410 that the vulnerability was likely to be exploited by attackers, they weren’t kidding. Soon after they changed the status to “Exploitation Detected”. The Exchange vulnerability is listed in the ...

  • China: Foreign cyber spies attack information systems of key departments, enterprises, stealing sensitive data

    February 16, 2024

    China’s Ministry of State Security warned on Friday that in recent years, national security agencies have discovered that foreign cyber spies have continuously attacked the information systems of key departments and enterprises within China, resulting in the theft of important sensitive data and posing a threat to China’s data security and cybersecurity. The ministry released an ...

  • Dead Man’s Fingers maker cuts over 500 jobs and enters the red after cyber attack hits sales

    February 16, 2024

    The maker of Crabbie’s Ginger Beer and Dead Man’s Fingers spiced rum shed more than 500 jobs and entered the red after its sales were hit by a cyber attack, it has been revealed. Halewood Artisanal Spirts, whose brands also include Whitley Neill Gin, Liverpool Gin and Samuel Gelton’s Irish whiskey, has posted a turnover of ...

  • U.S. conducted cyberattack on suspected Iranian spy ship

    February 16, 2024

    The United States recently conducted a cyberattack against an Iranian military ship that had been collecting intelligence on cargo vessels in the Red Sea and the Gulf of Aden, according to three U.S. officials. The operation was intended to inhibit the Iranian ship’s ability to share intelligence with Houthi rebels in Yemen who have been firing ...

  • Android/SpyNote Moves to Crypto Currencies

    February 15, 2024

    Like much Android malware today, this malware abuses the Accessibility API. This API is used to automatically perform UI actions. For example, the malicious sample uses the Accessibility API to record device unlocking gestures. Newer, this SpyNote sample uses the Accessibility API to target famous crypto wallets. Read more… Source: Fortinet  

  • Spyware startup Variston is losing staff – some say it’s closing

    February 15, 2024

    In July 2022, someone sent Google a batch of malicious code that could be used to hack Chrome, Firefox, and PCs running Microsoft Defender. That code was part of an exploitation framework called Heliconia. And at the time, the exploits used to target those applications were zero-days, meaning the software makers were unaware of the bugs, ...