Information Security, Ransomware and Security Intelligence

Microsoft warns about ongoing PonyFinal ransomware attacks

Security Affairs

MAY 27, 2020

Microsoft is warning organizations to deploy protections against a new strain of PonyFinal ransomware that has been in the wild over the past two months. PonyFinal is Java-based ransomware that is manually distributed by threat actors. PonyFinal is Java-based ransomware that is manually distributed by threat actors.

Ransomware

Ransomware Security Intelligence Encryption Advertising

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. The latest version of the Java-based STRRAT malware (1.5) Pierluigi Paganini.

Ransomware

Ransomware Malware Encryption Security Intelligence

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

JANUARY 11, 2022

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems.

Ransomware

Ransomware Hacking Internet Internet

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Security Affairs

OCTOBER 16, 2022

Microsoft warns that new Prestige ransomware is targeting transportation and logistics organizations in Ukraine and Poland. Microsoft reported that new Prestige ransomware is being used in attacks aimed at transportation and logistics organizations in Ukraine and Poland. ” continues the report.

Ransomware

Ransomware Encryption Backups Security Intelligence

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

MAY 20, 2023

Cybercriminal gang FIN7 returned with a new wave of attacks aimed at deploying the Clop ransomware on victims’ networks. The group was spotted deploying the Clop ransomware in opportunistic attacks in April 2023. Then they use OpenSSH and Impacket to move laterally and deploy the Clop ransomware payload.

Cybercrime

Cybercrime Ransomware Security Intelligence Hacking

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Security Affairs

NOVEMBER 11, 2022

Microsoft linked Prestige ransomware attacks against organizations in Ukraine and Poland to Russia-linked threat actors. Microsoft has identified a new ransomware strain "Prestige" in limited targeted attacks in Ukraine and Poland. The campaign shares victimology with recent operations conducted by Russia-linked threat actors.

Ransomware

Ransomware Telecommunications DNS Hacking

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Daniel Miessler

NOVEMBER 6, 2020

I think there are four main trends that will play out in the field of information security in the next 20 years. The best example of the need for this is national level security intelligence, reconnaisance, and vulnerability assessment. Image from information-age.com. ESG and ISSA. Cyberinsurance Will Ascend.

InfoSec

InfoSec Insurance Artificial Intelligence Cybersecurity

The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO

Security Affairs

AUGUST 7, 2023

Senior official reports a quadruple increase in ransomware attacks against Finland since it started the process to join NATO. The number of ransomware attacks targeting Finland has increased fourfold since the country began the process of joining NATO in 2023. So I don’t believe there’s a single silver bullet.”

Ransomware

Ransomware Government Cyber threats Security Intelligence

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

The TA505 group was involved in campaigns aimed at distributing the Dridex banking Trojan, along with Locky , BitPaymer , Philadelphia , GlobeImposter , and Jaff ransomware families. Security experts from cyber-security firm Prevailion reported that TA505 has compromised more than 1,000 organizations. states Microsoft.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

SolarWinds Serv-U bug exploited for Log4j attacks

Security Affairs

JANUARY 19, 2022

We reported our discovery to SolarWinds, and security updates have been released. More info: [link] — Microsoft Security Intelligence (@MsftSecIntel) January 19, 2022. In the past, other threat actors exploited Serv-U vulnerabilities to carry out malicious activities.

Authentication

Authentication Hacking Ransomware Security Intelligence

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

Learn more from this blog summarizing these trends, as presented at #CyberWarCon : [link] — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2021. The analysis focuses on six Iranian hacking groups that are increasingly utilizing ransomware to either fundraise or disrupt the computer networks of the targets.

VPN

VPN Accountability Social Engineering Media

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. The TA505 group was involved in campaigns aimed at distributing the Dridex banking Trojan, along with Locky , BitPaymer , Philadelphia , GlobeImposter , and Jaff ransomware families. based electrical company, a U.S.

Malware

Malware Security Intelligence Banking Phishing

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020. Emotet malware is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot). Additional malware is downloaded and installed when running these macros.

Malware

Malware Passwords Advertising Ransomware

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

Microsoft researchers also spotted a ransomware gangs that is exploiting ProxyLogon flaws to spread a piece of malware tracked as DearCry. We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. and also as DearCry. and also as DearCry.

Cyber Attacks

Cyber Attacks Cybercrime Authentication Hacking

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020.

Government

Government Banking Advertising Malware

IT giants warn of ongoing Chromeloader malware campaigns

Security Affairs

SEPTEMBER 20, 2022

This week, VMware and Microsoft warned of an ongoing, widespread Chromeloader malware campaign that is dropping malicious browser extensions, node-WebKit malware, and ransomware. pic.twitter.com/v6sexKgDSg — Microsoft Security Intelligence (@MsftSecIntel) September 16, 2022.

Malware

Malware Adware Ransomware Security Intelligence

VMware urges customers to patch VMware Horizon servers against Log4j attacks

Security Affairs

JANUARY 26, 2022

VMware urges customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks. This month, the Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems.

Internet

Internet Internet Ransomware Hacking

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

link] — Microsoft Security Intelligence (@MsftSecIntel) October 12, 2020. The Trickbot infrastructure was used by crooks to compromise systems and carry out human-operated campaigns, notably its use for the deployment of the Ryuk ransomware. ” reads the post published by Microsoft.

Malware

Malware Banking Advertising Financial Services

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

Security Affairs

NOVEMBER 11, 2019

Read our latest blog w/ assist from @GossiTheDog & @MalwareTechBlog [link] — Microsoft Security Intelligence (@MsftSecIntel) November 7, 2019. While we currently see only coin miners being dropped, we agree w/ the research community that CVE-2019-0708 (BlueKeep) exploitation can be big. ” Noble added.

Small Business

Small Business Malware Cryptocurrency Advertising

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

Security Affairs

NOVEMBER 8, 2019

” A new wave of attacks could exploit the vulnerability to spread more dangerous and destructive malware, like ransomware or spyware. Read our latest blog w/ assist from @GossiTheDog & @MalwareTechBlog [link] — Microsoft Security Intelligence (@MsftSecIntel) November 7, 2019.

Malware

Malware Penetration Testing Advertising Spyware

Hackers Also Have Financial Reporting And Quotas :)

Security Boulevard

JUNE 18, 2022

The spending on cybersecurity tools, security staff, upgrade of the security operations center, and security awareness training is an aggregation of efforts to reduce the organization’s overall risk posture. Security breaches cause foreseeable financial damage to the organization.

Hacking

Hacking CISO Cybersecurity Banking

Cyber Security Awareness and Risk Management

Spinone

DECEMBER 26, 2018

Cyber threat management , being an advanced discipline, craves analytical attention and a commander’s strategic skills of information security executives to confront and overcome the multi-dimensional cyber threats. One example is our phenomenal Ransomware Protection and G Suite security feature.

Security Awareness

Security Awareness Risk Cyber threats Cyber Risk

Emotet operators are running Halloween-themed campaigns

Security Affairs

OCTOBER 31, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. Researchers from Microsoft Security Intelligence are also warning of the ongoing Halloween-themed Emotet campaign.

Banking

Banking Malware Security Intelligence Advertising

Cyber Security Informer

Microsoft warns about ongoing PonyFinal ransomware attacks

STRRAT RAT spreads masquerading as ransomware

Trending Sources

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

SolarWinds Serv-U bug exploited for Log4j attacks

Iran-linked APT groups continue to evolve

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Researchers warn of a surge in cyber attacks against Microsoft Exchange

CISA alert warns of Emotet attacks on US govt entities

IT giants warn of ongoing Chromeloader malware campaigns

VMware urges customers to patch VMware Horizon servers against Log4j attacks

Microsoft partnered with other security firms to takedown TrickBot botnet

Australian Govt agency ACSC warns of Emotet and BlueKeep attacks

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

Hackers Also Have Financial Reporting And Quotas :)

Cyber Security Awareness and Risk Management

Emotet operators are running Halloween-themed campaigns

Stay Connected