Microsoft Exchange ProxyShell flaws exploited in new crypto-mining attack

A new malware dubbed ‘ProxyShellMiner’ exploits the Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers. ProxyShell is the name of three Exchange vulnerabilities discovered and fixed by Microsoft in 2021. Read More …

Mirai Variant V3G4 Targets IoT Devices

From July to December 2022, Unit 42 researchers observed a Mirai variant called V3G4, which was leveraging several vulnerabilities to spread itself. The vulnerabilities exploited include the following: CVE-2012-4869: FreePBX Elastix Remote Command Execution Vulnerability Gitorious Remote Command Execution Vulnerability Read More …

Scandinavian Airlines hit by cyber attack

Scandinavian airline SAS said it was hit by a cyber attack Tuesday evening and urged customers to refrain from using its app but later said it had fixed the problem. News reports said the hack paralyzed the carrier’s website and Read More …

Pepsi Bottling Ventures says info-stealing malware swiped sensitive data

Crooks have breached Pepsi Bottling Ventures’ network and, after deploying info-stealing malware, made off with sensitive personal and financial information according to a notification sent to consumers. The breach happened on or around December 23, 2022. However, Pepsi Bottling Ventures Read More …

New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign

Since December 2022, Cisco Talos has been observing an unidentified actor deploying two relatively new threats, the recently discovered MortalKombat ransomware and a GO variant of the Laplas Clipper malware, to steal cryptocurrency from victims. Talos observed the actor scanning Read More …

Cloudflare blocks record-breaking 71 million RPS DDoS attack

This weekend, Cloudflare blocked what it describes as the largest volumetric distributed denial-of-service (DDoS) attack to date. The attacks were launched using over 30,000 IP addresses from multiple cloud providers against various targets, including gaming providers, cloud computing platforms, cryptocurrency Read More …

Play Ransomware lists A10 Networks on its leak site

The Play ransomware group listed networking firm A10 Networks in its leak site, after briefly gaining access to its IT infrastructure, according to data breach notifications firm BetterCyber. BetterCyber notes that the leak site claims the group has “private and Read More …

Ransomware crooks steal 3m+ patients’ medical records, personal info

Several California medical groups have sent security breach notification letters to more than three million patients alerting them that crooks may have stolen a ton of their sensitive health and personal information during a ransomware infection in December. According to Read More …

#StopRansomware – Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities

CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and Republic of Korea’s Defense Security Agency and National Intelligence Service have released a joint Cybersecurity Advisory (CSA), Ransomware Attacks Read More …