Krebs on Security

MAY 9, 2023

First up in May’s zero-day flaws is CVE-2023-29336 , which is an “elevation of privilege” weakness in Windows which has a low attack complexity, requires low privileges, and no user interaction. ” Adam Barnett , lead software engineer at Rapid7 , said CVE-2023-24932 deserves a considerably higher threat score.

Malware 258

Malware Software Internet Internet 258

Krebs on Security

MARCH 5, 2024

healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. BlackCat is known as a “ransomware-as-service” collective, meaning they rely on freelancers or affiliates to infect new networks with their ransomware. There are indications that U.S.

Healthcare 358

Healthcare Ransomware Scams Government 358

Krebs on Security

JUNE 13, 2023

” Top of the list on that front is CVE-2023-29357 , which is a “critical” bug in Microsoft SharePoint Server that can be exploited by an unauthenticated attacker on the same network. This SharePoint flaw earned a CVSS rating of 9.8 is the most dangerous).

Social Engineering 242

Social Engineering System Administration Authentication Internet 242

Krebs on Security

JULY 11, 2023

They include CVE-2023-32049 , which is a hole in Windows SmartScreen that lets malware bypass security warning prompts; and CVE-2023-35311 allows attackers to bypass security features in Microsoft Outlook. CVE-2023-36874 is an elevation of privilege bug in the Windows Error Reporting Service.

Software 220

Software Malware Antivirus Ransomware 220

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. In 2023, OmniVision employed 2,200 people and had an annual revenue of $1.4 In 2023, the imaging sensors manufacturer was the victim of a Cactus ransomware attack. OmniVision Technologies Inc.

Data breaches 140

Data breaches Ransomware Manufacturing Encryption 140

Tech Republic Security

JANUARY 24, 2023

From ransomware to third-party vendor security to software-defined perimeters, these cybersecurity topics should be on IT leaders’ radar. The post 10 cybersecurity predictions for tech leaders in 2023 appeared first on TechRepublic.

Cybersecurity 192

Cybersecurity Ransomware Software 192

Security Affairs

MARCH 13, 2024

Threat actors behind the ransomware attacks that hit Stanford University in 2023 gained access to 27,000 people. Stanford University confirmed that threat actors behind the September 2023 ransomware attack had access to 27,000 people. Akira Ransomware posts Stanford University. 430 gb of internal data.

Ransomware 138

Ransomware Data breaches Passwords Hacking 138

Tech Republic Security

NOVEMBER 14, 2022

The post Top cybersecurity threats for 2023 appeared first on TechRepublic. Next year, cybercriminals will be as busy as ever. Are IT departments ready?

Cybersecurity 218

Cybersecurity Phishing Ransomware Malware 218

Tech Republic Security

JANUARY 23, 2023

A new report from Kaspersky details what their digital forensics and incident response teams predict as the main 2023 threats to corporations and government agencies. The post Kaspersky releases 2023 predictions appeared first on TechRepublic. Learn more about it.

Government 198

Government Phishing Ransomware Malware 198

Krebs on Security

SEPTEMBER 18, 2023

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The 8Base ransomware group’s victim shaming website on the darknet.

Ransomware 281

Ransomware Accountability Encryption Internet 281

The Last Watchdog

DECEMBER 12, 2023

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up , just as they have, year-to-year, for the past 20 years. Eyal Benishti , CEO, IRONSCALES Benishti Generative AI (GenAI) reshaped cybersecurity in 2023. What should I be most concerned about – and focus on – in 2024?

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

Security Affairs

MARCH 7, 2024

The FBI Internet Crime Complaint Center (IC3) 2023 report states that reported cybercrime losses reached $12.5 billion in 2023. The 2023 Internet Crime Report published the FBI’s Internet Crime Complaint Center (IC3) reveals that reported cybercrime losses reached $12.5 billion in 2023. billion in 2023 (+38%).

Cybercrime 143

Cybercrime Internet Internet Scams 143

Lohrman on Security

SEPTEMBER 3, 2023

Reports from cybersecurity companies in 2023 show mixed trends regarding the number of global data breaches, ransomware attacks, records affected and government costs. But one thing is clear: Cyber attack impacts steadily grow.

Data breaches 208

Data breaches Ransomware Cyber Attacks Government 208

SecureList

MAY 14, 2024

Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis. Our annual Incident Response Report presents anonymized statistics on the cyberattacks we investigated in 2023. This attack vector was among the three most frequently seen in 2023.

Ransomware 134

Ransomware Authentication Passwords Government 134

Security Affairs

FEBRUARY 13, 2024

Maintainers behind the Ransomfeed platform have released Q3 Report 2023 including activities of 185 criminal groups operating worldwide. Throughout this period, the platform diligently tracked 185 criminal groups operating worldwide, meticulously tracing 342 servers employed for ransomware activities.

Ransomware 139

Ransomware Data collection Hacking Accountability 139

Security Affairs

DECEMBER 8, 2024

Anna Jaques Hospital revealed thatthe ransomware attack it suffered last year has exposed sensitive health data for over 316,000 patients. On December 25, 2023, a ransomware attack hit the Anna Jaques Hospital. The hospital revealed that the security breach exposed sensitive health data for over 316,000 patients.

Data breaches 125

Data breaches Insurance Healthcare Ransomware 125

The Last Watchdog

SEPTEMBER 21, 2023

Ransomware is a significant threat to businesses worldwide. Related: How Putin has weaponized ransomware In mid-March 2020, representatives from the cybersecurity website BleepingComputer contacted numerous ransomware gangs to ask if they’d continue targeting hospitals during the unprecedented COVID-19 public health threat.

Ransomware 214

Ransomware Backups Cybersecurity Risk 214

Security Affairs

DECEMBER 4, 2024

BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack. British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack. reads the CSA.

Ransomware 133

Ransomware Telecommunications Healthcare Insurance 133

Tech Republic Security

MAY 3, 2024

According to the M-Trends report, the average time it takes for an organisation to detect an attacker in their environment has decreased from 16 days in 2022 to 10 days in 2023.

Ransomware 193

Ransomware Cybersecurity 193

SecureList

FEBRUARY 26, 2024

The data for years preceding 2023 may differ from that published previously, as the calculation methodology was refined, and the data was retrospectively revised in 2023. The year in figures According to Kaspersky Security Network, in 2023: Our solutions blocked almost 33.8 million malware, adware, and riskware attacks.

Mobile 138

Mobile Malware Adware Banking 138

Security Affairs

NOVEMBER 11, 2024

Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks. Amazon disclosed a data breach that exposed employee information after data was allegedly stolen during the May 2023 MOVEit attacks. Amazon was compromised in May, 2023 via a MoveIT 0day exploit.

Data breaches 133

Data breaches Hacking Technology Ransomware 133

Troy Hunt

DECEMBER 30, 2023

This was a very impromptu end of 2023 weekly update as we balanced family time with doing the final video for the year. On the cyber side, the constant them over the last week has been ransomware; big firms, little firms, Aussie firms, American firms - it's just completely indiscriminate.

Ransomware 274

Ransomware Hacking 274

The Last Watchdog

MAY 20, 2023

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Ransomware 203

Ransomware Internet Internet 203

WIRED Threat Level

FEBRUARY 7, 2024

After a slowdown in payments to ransomware gangs in 2022, last year saw total ransom payouts jump to their highest level yet, according to a new report from crypto-tracing firm Chainalysis.

Ransomware 142

Ransomware Hacking 142

The Last Watchdog

APRIL 30, 2023

The theme of RSA Conference 2023 — ‘stronger together’ — was certainly well chosen. Here are four evolving themes reverberating from RSAC 2023 that struck me: Password enabled access will endure for the foreseeable future. Related: Demystifying ‘DSPM’ This was my nineteenth RSAC.

Mobile 238

Mobile Cloud Migration Penetration Testing Authentication 238

SecureList

MAY 8, 2024

Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. As we approach International Anti-Ransomware Day, we have analyzed the major ransomware events and trends. The group itself also has a large affiliate network.

Ransomware 138

Ransomware Encryption Small Business Cybersecurity 138

Security Affairs

JULY 15, 2024

Multiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. The vulnerability CVE-2023-275327 (CVSS score of 7.5) The vulnerability was addressed in March 2023, and shortly after a PoC exploit code for this issue was released publicly.

Backups 143

Backups Ransomware Antivirus DNS 143

The Last Watchdog

DECEMBER 14, 2023

Last Watchdog posed two questions: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization? ai Antani Many speculated that the ransomware attack on a Toyota supply chain player in Kojima, Japan was in retaliation for Japan’s aid to Ukraine. Their guidance: Snehal Antani , CEO, Horizon3.ai

Cybersecurity 234

Cybersecurity Marketing Encryption CISO 234

The Last Watchdog

APRIL 28, 2023

“Stronger together” was the theme of RSA Conference 2023 , which returned to its pre-Covid grandeur under the California sunshine last week at San Francisco’s Moscone Center. Here are three evolving themes reverberating from RSAC 2023 that struck me: Getting a grip on identities Password enabled access will endure for the foreseeable future.

Mobile 211

Mobile Cloud Migration Penetration Testing Authentication 211

Krebs on Security

AUGUST 5, 2024

A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company. ThreatLabz found Dark Angels has conducted some of the largest ransomware attacks to date, and yet little is known about the group.

Ransomware 248

Ransomware Insurance Healthcare Education 248

Schneier on Security

MAY 17, 2024

The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. “From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc co and run by pompompurin) operated a similar hacking forum from March 2022 until March 2023. .” ”

Hacking 285

Hacking Accountability Ransomware Internet 285

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” continues the report.

Government 143

Government Surveillance Cybercrime Ransomware 143

Security Affairs

NOVEMBER 29, 2024

Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. In May 2023, the US Justice Department charged Russian national Mikhail Pavlovich Matveev for his alleged role in multiple ransomware attacks. ” reported RIA Novosti.

Ransomware 126

Ransomware Healthcare Hacking Malware 126

SecureList

MAY 6, 2024

Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million in 2022.

Phishing 138

Phishing Banking Mobile Scams 138

The Hacker News

APRIL 8, 2024

The ransomware industry surged in 2023 as it saw an alarming 55.5% While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023.

Ransomware 135

Ransomware 135

Tech Republic Security

JANUARY 27, 2023

The post Here’s how IT budgets should fill cybersecurity moats in 2023 appeared first on TechRepublic. TechRepublic speaks with Carlos Morales of Neustar Security Services on the best ways for companies to spend on cybersecurity — even if their budgets are tighter.

Cybersecurity 181

Cybersecurity Ransomware 181