Security Affairs

JUNE 30, 2024

Russia-linked APT group, reportedly APT29, is suspected to be behind a hack of TeamViewer ‘s corporate network. “A comprehensive taskforce consisting of TeamViewer’s security team together with globally leading cyber security experts has worked 24/7 on investigating the incident with all means available.

Access 353

Access Security IT Information Security 353

Security Affairs

FEBRUARY 20, 2025

Citrix released security updates to address a high-severity security vulnerability, tracked as CVE-2024-12284 (CVSS score of 8.8) Cloud Software Group recommends configuring external authentication for NetScaler Console as a best practice.” impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent.

Authentication 297

Authentication Cloud Access Security 297

Security Affairs

JULY 18, 2024

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. SentinelOne researchers warn that the financially motivated group FIN7 is using multiple pseudonyms to advertise a security evasion tool in several criminal underground forums.

Ransomware 353

Ransomware Cybersecurity Sales Security 353

Security Affairs

AUGUST 18, 2024

New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to conceal data exfiltrating. The Sophos X-Ops Incident Response team warned that a new ransomware group called Mad Liberator is exploiting the remote-access application Anydesk for their attacks. ” concludes the report.

Ransomware 362

Ransomware Access Encryption IT 362

Security Affairs

OCTOBER 6, 2024

China-linked APT group Salt Typhoon breached U.S. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor ) breached U.S. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor ) breached U.S. This group was publicly called out by the U.S.

Government 362

Government Access Risk Security 362

Security Affairs

OCTOBER 11, 2024

One of these groups is CyberAv3ngers , which is a threat actor linked to the Iranian Iranian Islamic Revolutionary Guard Corps (IRGC). In the past, the group targeted industrial control systems at water utilities in Ireland and the U.S. The company uncovered the activities of three threat actors abusing ChatGPT to launch cyberattacks.

Phishing 342

Phishing Passwords Security IT 342

The Last Watchdog

DECEMBER 16, 2024

Williams Brandon Williams , CTO, Conversant Group Predictions for 2025 point to attack speeds increasing by up to 100X, necessitating faster detection and response times. Raising security baselines across industries is essential, with risk mitigationnot acceptancebecoming the standard. Attackers arent hacking in theyre logging in.

Security 264

Security Phishing IoT Risk 264

Security Affairs

SEPTEMBER 22, 2024

Hacktivist group Twelve is back and targets Russian entities to destroy critical assets and disrupt their operations. The hacktivist group Twelve has been active since at least April 2023, it was formed in the wake of the conflict between Russia and Ukraine. However, the motivation behind Twelve’s operations is the hacktivism.

Encryption 329

Encryption Personal data Ransomware Access 329

Security Affairs

JANUARY 15, 2025

The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets. The ransomware group Codefinger utilizes an AES-256 encryption key they generate and store locally.

Encryption 294

Encryption Ransomware Authentication Cloud 294

Krebs on Security

JUNE 15, 2024

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. man arrested was a SIM-swapper who went by the alias “ Tyler.”

Phishing 332

Phishing Passwords Authentication Encryption 332

Security Affairs

NOVEMBER 18, 2024

In September, the Wall Street Journal reported that China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor ) breached U.S. The security breach poses a major national security risk. The WSJ states that the compromise remained undisclosed due to possible impact on national security.

Data breaches 284

Data breaches Communications Artificial Intelligence Government 284

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. And the biggest surprise: All this sensitive and crucial data is absolutely FREE, offered to you as a gift from the Belsen Group.” ” reported Heise Security.

Passwords 326

Passwords Security IT Data breaches 326

Security Affairs

OCTOBER 31, 2024

kzoldyck, the Threat Actor behind the alleged Interbank breach/leak posted the following on BreachForums [link] pic.twitter.com/A8SYASxmsT — Dark Web Informer (@DarkWebInformer) October 30, 2024 “We have identified that some data of a group of clients has been exposed by a third party without our authorization.

Data breaches 321

Data breaches Financial Services Passwords Security 321

Security Affairs

AUGUST 19, 2024

Team Cymru, Silent Push and Stark Industries Solutions researchers uncovered a new infrastructure linked to the cybercrime group FIN7. Researchers from Team Cymru identified two clusters potentially linked to the cybercrime group FIN7. ” concludes the report.

Communications 336

Communications Cloud Cybersecurity Security 336

Security Affairs

AUGUST 7, 2024

The Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware and offers alleged stolen data for 25 BTC. The Rhysida Ransomware group claims to have breached Bayhealth Hospital and added the hospital to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023.

Ransomware 342

Ransomware Manufacturing Libraries Education 342

Security Affairs

MARCH 16, 2024

North Korea-linked Lazarus APT group allegedly using again the mixer platform Tornado Cash to launder $23 million. North Korea-linked Lazarus APT group allegedly has reportedly resumed using the mixer platform Tornado Cash to launder $23 million. million from exchange HTX , which took place in November 2023, to the North Korea’s group.

Blockchain 360

Blockchain Cybersecurity IT Information Security 360

Security Affairs

FEBRUARY 16, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Security 166

Security Data breaches Encryption Ransomware 166

Security Affairs

APRIL 16, 2024

The Dark Angels (Dunghill) ransomware group claims the hack of the chipmaker Nexperia and the theft of 1 TB of data from the company. The Dark Angels (Dunghill) ransomware group claims responsibility for hacking chipmaker Nexperia and stealing 1 TB of the company’s data. The chipmaker has 14,000 employees as of 2024.

Ransomware 351

Ransomware Manufacturing Insurance Cybersecurity 351

Security Affairs

APRIL 15, 2024

The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. The Blackjack group is believed to be affiliated with Ukrainian intelligence services that carried out other attacks against Russian targets, including an internet provider and a military infrastructure.

IoT 359

IoT Access Communications Military 359

Security Affairs

AUGUST 29, 2024

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. Google TAG (Threat Analysis Group) researchers observed the Russia-linked group APT29 (aka SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ).

Government 340

Government Encryption Authentication Risk 340

Krebs on Security

SEPTEMBER 18, 2024

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. One of the many scam funeral group pages on Facebook. One of many look-alike landing pages for video streaming services linked to scam Facebook funeral groups. For example, there is watchliveon24[.]com.playehq4ks[.]com

Passwords 64

Passwords Mining IT Marketing 64

Security Affairs

AUGUST 28, 2024

Cisco Talos observed the BlackByte ransomware group exploiting the recently patched security flaw CVE-2024-37085 in VMware ESXi hypervisors in recent attacks. Recent investigations by Talos IR have revealed that the BlackByte ransomware group is using a victim’s existing remote access rather than tools like AnyDesk.

Ransomware 318

Ransomware Authentication Encryption Access 318

Security Affairs

JULY 24, 2024

China-linked APT group Daggerfly (aka Evasive Panda, Bronze Highland) Evasive Panda has been spotted using an updated version of the macOS backdoor Macma. NGO based in China, which indicates the group also engages in internal espionage. This highlights the group’s ongoing evolution in cyber espionage tactics.

Libraries 334

Libraries IT Information Security Security 334

Security Affairs

AUGUST 8, 2024

FBI and CISA published a joint advisory on the BlackSuit Ransomware group, the document provides TTPs and IOCs as recently as July 2024. CISA, in collaboration with the FBI, has published a joint advisory on the BlackSuit Ransomware group. The group uses SharpShares and SoftPerfect NetWorx to map out victim networks.

Ransomware 329

Ransomware Communications Manufacturing Phishing 329

Security Affairs

MARCH 5, 2025

Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 The Hunters International ransomware group claimed to have breached the Indian multinational technology company Tata Technologies, a Tata Motors subsidiary. The group claims the theft of 1.4 TB of stolen data.

Ransomware 270

Ransomware Manufacturing IT Security 270

Security Affairs

NOVEMBER 21, 2024

It appears to be a supply chain attack, the hacker breach compromised the MediBoard platform provided by Softway Medical Group, which offers Electronic Patient Record (EPR) solutions to European healthcare organizations. We wish to clarify that the health data concerned was not hosted by the Softway Medical Group.

Computer and Electronics 194

Computer and Electronics Data breaches Access Sales 194

Data Breach Today

NOVEMBER 25, 2024

Social Engineering Moves Mirror Nation-State Groups' Tactics, Researchers Say The Black Basta ransomware group has been refining its social engineering tactics to amass more victims despite escalating law enforcement disruptions, together with a shift to more "strategic, long-term planning" that security experts said suggests Russian state ties.

Ransomware 279

Ransomware Security IT 279

Security Affairs

JULY 19, 2024

Two Russian nationals pleaded guilty to participating in the LockBit ransomware group and carrying out attacks against victims worldwide. The LockBit ransomware operation has been active since January 2020, the group hit over 2,500 victims across 120 countries, including 1,800 in the U.S.

Ransomware 355

Ransomware Encryption Government Access 355

Security Affairs

SEPTEMBER 26, 2024

The Wall Street Journal reported that experts are investigating into the security breached to determine if the attackers gained access to Cisco Systems routers, which are core network components of the ISP infrastructures. This group was publicly called out by the U.S. ” Wall Street Journal reported.

IoT 324

IoT Cybersecurity Government IT 324

Security Affairs

AUGUST 23, 2024

“Among other things, the Russian cybercrime group steals victim data and threatens to release it unless the victim pays ransom in cryptocurrency. The group maintains a leaks and auction website that lists victim companies and offers stolen data for download.” ” reads the press release published by DoJ. cloud storage.

Communications 308

Communications Cloud Access IT 308

Security Affairs

OCTOBER 17, 2024

The group’s victims include ChatGPT , Telegram , Microsoft , X , the Department of Justice, the Department of Defense, the FBI, the State Department, Cedars-Sinai Medical Center in Los Angeles, and government websites for the state of Alabama.

Government 309

Government Cloud Cybersecurity IT 309

Security Affairs

OCTOBER 25, 2024

UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals. A month later, a second ransomware gang, the RansomHub group, also attempted to extort the healthcare company. According to the Associated Press, UnitedHealth booked $1.1

Data breaches 323

Data breaches Ransomware Insurance Cybersecurity 323

Security Affairs

OCTOBER 25, 2024

OPPC reported to the US Department of Health and Human Services that the security incident impacted 795916 individuals. The company started its incident response procedure to contain the incident with the help of a forensic security firm. ” reads the notice of Data Security Incident published by the company on its website.

Data breaches 324

Data breaches Ransomware Security IT 324

Security Affairs

AUGUST 21, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) warned of new phishing attacks, carried out by the Vermin group, distributing a malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign conducted by the Vermin group that distributed malware.

Phishing 321

Phishing Archiving IT Information Security 321

Security Affairs

FEBRUARY 27, 2025

Belgian authorities are investigating Chinese hackers for breaching its State Security Service (VSSE), stealing 10% of emails from 2021 to May 2023. The Belgian federal prosecutor’s office is probing a possible security breach on its State Security Service (VSSE) by China-linked threat actors. ” reported Reuters.

Security 179

Security Access Government Cybersecurity 179

Security Affairs

AUGUST 28, 2024

Iran-linked group APT33 used new Tickler malware in attacks against organizations in the government, defense, satellite, oil and gas sectors. The APT group conducted a cyber espionage campaign between April and July 2024 and used Microsoft’s Azure infrastructure for C2 infrastructure.

IT 323

IT Education File names Passwords 323