Security Affairs

MARCH 10, 2025

Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. In 2023, Loretto Hospital experienced another data security incident. On January 19, 2023, a former employee misappropriated security camera footage of a limited number of patients and posted it on Facebook.

Hacking 116

Hacking Healthcare Backups Ransomware 116

Krebs on Security

JUNE 8, 2023

But experts say that is exactly what transpired this week with Barracuda Networks , as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes. Campbell, Calif. They don’t need it.

Firmware 345

Firmware Malware Software Ransomware 345

Security Affairs

FEBRUARY 11, 2025

“They allegedly used the Phobos malware to encrypt information on the networks, blocking the companies from accessing the data unless a ransom was paid and a decryption key was provided by the gang. In November 2023, Cisco Talos researchers observed 8Base ransomware operators using a new variant of the Phobos ransomware.

Ransomware 71

Ransomware Encryption Backups Malware 71

Security Affairs

NOVEMBER 24, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Android Malware Detection Based on Behavioral-Level Features with Graph Convolutional Networks.

Malware 62

Malware Spyware Antivirus VPN 62

Security Affairs

MARCH 12, 2025

Cato CTRL researchers observed a new botnet, called Ballista botnet, which is exploiting a remote code execution (RCE) vulnerability, tracked as CVE-2023-1389 (CVSS score 8.8), in TP-Link Archer routers. Since early 2025, Cato CTRL has tracked the Ballista botnet targeting TP-Link Archer routers via CVE-2023-1389.

IoT 72

IoT Malware Encryption DDOS 72

Security Affairs

NOVEMBER 13, 2024

In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. In December 2023, the Black Lotus Labs team at Lumen Technologies linked a small office/home office (SOHO) router botnet, tracked as KV-Botnet to the operations of China-linked threat actor Volt Typhoon.

VPN 122

VPN Government Malware Manufacturing 122

Security Affairs

DECEMBER 26, 2024

The experts pointed out that this Mirai variant has been modified to use improved encryption algorithms. The new Mirai malware variant also targetsthe TP-Link flaw CVE-2023-1389 and the vulnerability CVE-2018-17532 affecting Teltonika RUT9XX routers. TheMiraivariant incorporates ChaCha20 and XOR decryption algorithms.

Manufacturing 88

Manufacturing Malware Firmware IoT 88

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. In 2023, OmniVision employed 2,200 people and had an annual revenue of $1.4 In 2023, the imaging sensors manufacturer was the victim of a Cactus ransomware attack. OmniVision Technologies Inc.

Data breaches 133

Data breaches Ransomware Manufacturing Encryption 133

Security Affairs

OCTOBER 20, 2024

CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE zero-day in a recent attack Omni Family Health data breach impacts 468,344 individuals Iran-linked actors target critical infrastructure organizations macOS HM Surf flaw in TCC allows bypass Safari privacy settings Two Sudanese (..)

Data breaches 117

Data breaches Cybercrime Cyber Insurance Marketing 117

SecureList

DECEMBER 1, 2023

Analysis of samples exploiting CVE-2023-23397 vulnerability On March 14, Microsoft reported a critical Elevation of Privilege (EoP) vulnerability (CVE-2023-23397) in the Outlook client. This feature bypass vulnerability (CVE-2023-29324) was itself patched in May.

Malware 138

Malware Ransomware Encryption Energy and Utilities 138

Security Affairs

JANUARY 1, 2024

In October 2023, a developer known as PRISMA first uncovered an exploit that allows the generation of persistent Google cookies through token manipulation. Subsequently, other malware integrated the exploit, including Rhadamanthys, Risepro, Meduza , Stealc Stealer and recently the White Snake.

Malware 145

Malware Penetration Testing Passwords Encryption 145

SecureList

MAY 11, 2023

Although early 2023 saw a slight decline in the number of ransomware attacks, they were more sophisticated and better targeted. We created a private report about this after an article claimed that the malware was used in the geopolitical conflict. Meanwhile, the malware itself evolved, adding an LDAP-based self-spreading mechanism.

Ransomware 140

Ransomware Malware Architecture Telecommunications 140

SecureList

MARCH 20, 2024

Introduction Malware for mobile devices is something we come across very often. In 2023 , our technologies blocked 33.8 million malware, adware, and riskware attacks on mobile devices. One of 2023’s most resonant attacks was Operation Triangulation , targeting iOS, but that was rather a unique case.

Malware 129

Malware Mobile Firmware Spyware 129

Malwarebytes

DECEMBER 2, 2024

In 2023, ThreatDown discovered that, unlike other ransomware gangs that demanded up to $1 million or more from each victim , Phobos operators demanded an average of $1,719 from victims, with a median demand of just $300. Prevent intrusions and stop malicious encryption. Create offsite, offline backups. Don’t get attacked twice.

Ransomware 123

Ransomware Backups Small Business Malware 123

Security Affairs

MARCH 17, 2025

The tool doesn’t work like traditional decryptors but instead brute-forces encryption keys using timestamp-based methods. The company was infected with a variant that has been active from late 2023 to the present. Nugroho’s decryptor brute-forces encryption keys by exploiting Akira ransomwares use of timestamp-based seeds.

Ransomware 67

Ransomware Encryption Malware Hacking 67

Malwarebytes

FEBRUARY 6, 2024

Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Big game attacks extort vast ransoms from organizations by holding their data hostage—either with encryption, the threat of damaging data leaks, or both. READ THE REPORT

Ransomware 124

Ransomware Cybercrime Malware Social Engineering 124

SecureList

APRIL 27, 2023

This is our latest installment, focusing on activities that we observed during Q1 2023. Further analysis revealed that the malware is signed with valid certificates and appears to have a connection to the threat actor Winnti, a connection established through several overlaps such as shared infrastructure, code signing and victimology.

Energy and Utilities 145

Energy and Utilities Malware Government Manufacturing 145

Malwarebytes

JANUARY 2, 2024

The decryptor works for victims whose files were encrypted between November 2022 and December 2023. The decryptor, called Black Basta Buster, exploits a flaw in the encryption algorithm used in older versions of the Black Basta group’s ransomware. Stop malicious encryption. Detect intrusions.

Encryption 120

Encryption Ransomware Backups Malware 120

Malwarebytes

OCTOBER 11, 2023

In other news, both LockBit and the Akira ransomware gang, the latter of which has tallied 125 victims since we first began tracking them in April 2023, were confirmed last month to be exploiting a specific zero-day flaw ( CVE-2023-20269 ) in Cisco VPN appliances. Stop malicious encryption. Detect intrusions.

Ransomware 136

Ransomware Social Engineering Backups Engineering 136

SecureList

NOVEMBER 28, 2024

Later, in 2023, Elastic Lab published a report about an OceanLotus APT (aka APT32) attack that leveraged a new set of malicious tools called Spectral Viper. However, P8 contains many built-in functions and redesigns of the communication protocol and encryption algorithm, making it a well-designed and powerful espionage platform.

Malware 117

Malware Government Software Spyware 117

SecureList

SEPTEMBER 21, 2023

The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. Tested, tried.

IoT 134

IoT DDOS Passwords Malware 134

The Hacker News

JANUARY 11, 2024

Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities. "It

Encryption 107

Encryption Malware Cybersecurity 107

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Image: Mandiant.

Malware 334

Malware Software Technology Accountability 334

SecureList

NOVEMBER 6, 2024

It also uses stealer malware to extract the victim’s credit card data as well as details about the infected device. Technical Details Background In August 2024, we stumbled upon a massive infection caused by an unknown bundle consisting of miner and stealer malware.

Software 123

Software Cryptocurrency Malware DNS 123

SecureList

NOVEMBER 29, 2024

This type of cyberextortion predated Trojans, which encrypt the victim’s files. In 2020 — 2023, one of them was an active cyberextortionist who attacked organizations in several countries, causing a total of at least $1.9 Kaspersky solutions worldwide detected this type of malware on 297,485 unique user devices.

Mobile 106

Mobile Adware Ransomware Malware 106

Security Affairs

MARCH 11, 2024

The financially motivated hacking group Magnet Goblin uses various 1-day flaws to deploy custom malware on Windows and Linux systems. These include: Magento – CVE-2022-24086 Qlik Sense – CVE-2023-41265, CVE-2023-41266 , and CVE-2023-48365 Ivanti Connect Secure – CVE-2023-46805 and CVE-2024-21887 , CVE-2024-21888 and CVE-2024-21893.

Malware 132

Malware VPN Encryption Hacking 132

Security Affairs

APRIL 17, 2024

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server.

Ransomware 144

Ransomware Encryption Malware Accountability 144

SecureList

JANUARY 18, 2023

The threat landscape is constantly updated through new malware and spyware, advanced phishing methods, and new social engineering techniques. Last year, the cybersecurity of corporations and government agencies was more significant than ever before, and will become even more so in 2023. These add up to 144 million annually.

Media 140

Media Social Engineering Ransomware Hacking 140

Security Affairs

SEPTEMBER 5, 2024

The Earth Lusca group has been active since at least the first half of 2023, it primarily targeted organizations in Southeast Asia, Central Asia, and the Balkans. The malware is highly obfuscated and disguises itself as system utilities, allowing attackers to perform tasks like file manipulation, command execution, and remote port scanning.

Malware 119

Malware Telecommunications Encryption Hacking 119

Security Affairs

NOVEMBER 2, 2023

Rapid7 researchers warn of the suspected exploitation of a recently disclosed critical security flaw (CVE-2023-46604) in the Apache ActiveMQ. Cybersecurity researchers at Rapid7 are warning of the suspected exploitation of the recently disclosed critical vulnerability CVE-2023-46604 in the Apache ActiveMQ. before 5.18.3 before 5.17.6

Ransomware 132

Ransomware Cybercrime Software Encryption 132

Malwarebytes

SEPTEMBER 12, 2023

Before this sudden increase in attacks, we had been observing an average decrease of 20 attacks a month from the group since April 2023. From April 2023 to July 2023, their median number of attacks was actually slightly higher than this at 69 attacks a month, making the decline seem less substantial. Stop malicious encryption.

Ransomware 117

Ransomware Backups Data breaches Malware 117

Malwarebytes

NOVEMBER 15, 2023

Formed around 2016 to defend Ukraine’s cyberspace against Russian interference, the UCA used a public exploit for CVE-2023-22515 to gain access to Trigona infrastructure. Use endpoint security software that can prevent exploits and malware used to deliver ransomware. Stop malicious encryption. Detect intrusions.

Ransomware 116

Ransomware Education Backups Cyber Insurance 116

SecureList

JANUARY 23, 2023

The first part of this report is devoted to the most current threats any SOC is likely to face in 2023. They are closely intertwined with the threats looming over corporations in 2023, as only an effectively organized team can safeguard business against rapidly evolving malware and attack methods.

Government 124

Government Media Social Engineering Ransomware 124

Security Affairs

MARCH 24, 2025

The Cloak ransowmare group has been active since at least 2023 and breached more than one hundred organizations across the years. ” The group uses an ARCrypter ransomware variant, derived from Babuks leaked code , to encrypt files after infiltrating a network. . ” reads a report published by Halcyon.

Ransomware 101

Ransomware Hacking Social Engineering VPN 101

The Hacker News

DECEMBER 22, 2023

Indian government entities and the defense sector have been targeted by a phishing campaign that's engineered to drop Rust-based malware for intelligence gathering. The activity, first detected in October 2023, has been codenamed Operation RusticWeb by enterprise security firm SEQRITE.

Government 106

Government Malware Engineering Encryption 106

Security Affairs

MARCH 7, 2025

Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024. The Symantec Threat Hunter Team reported that the Medusa ransomware operators have claimed nearly 400 victims since January 2023. Experts tracked the Medusa ransomware activity as Spearwing.

Ransomware 62

Ransomware Antivirus Healthcare Encryption 62

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 140

Ransomware Encryption Antivirus VPN 140