Ransomware and Security Intelligence - Cyber Security Informer

Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604)

Penetration Testing

DECEMBER 8, 2024

The AhnLab Security Intelligence Response Center (ASEC) has revealed that threat actors exploiting a critical vulnerability in Apache ActiveMQ, identified as CVE-2023-46604, have begun deploying Mauri ransomware in their attacks....

Ransomware

Ransomware Security Intelligence Cybersecurity Malware

Microsoft warns about ongoing PonyFinal ransomware attacks

Security Affairs

MAY 27, 2020

Microsoft is warning organizations to deploy protections against a new strain of PonyFinal ransomware that has been in the wild over the past two months. PonyFinal is Java-based ransomware that is manually distributed by threat actors. PonyFinal is Java-based ransomware that is manually distributed by threat actors.

Ransomware

Ransomware Security Intelligence Encryption Advertising

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. Microsoft Security Intelligence researchers uncovered a malware campaign that is spreading a remote access trojan (RAT) tracked as STRRAT. The latest version of the Java-based STRRAT malware (1.5) Pierluigi Paganini.

Ransomware

Ransomware Malware Encryption Security Intelligence

Ransomware Series: Video 2

Webroot

OCTOBER 13, 2021

The Rise of Ransomware. Ransomware attacks dominate news coverage of the cybersecurity industry. And it’s no wonder – with million-dollar payouts, infrastructure attacks and international manhunts, ransomware makes for exciting headlines. The New Standard of Ransomware. Evolving Threats. Fighting Back.

Ransomware

Ransomware Security Intelligence Cybersecurity

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

JANUARY 11, 2022

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems.

Ransomware

Ransomware Hacking Internet Internet

New’ DearCry’ Ransomware Targets Unpatched Exchange Clients as Microsoft Takes Down ‘ProxyLogon’ PoC

Hot for Security

MARCH 12, 2021

Ransomware operators are actively targeting unpatched Exchange instances in wake of the recently disclosed ProxyLogon Exchange Server flaws, according to reports. Phillip Misner, a Security Program Manager with Microsoft, tweeted earlier today that a new ransomware family is leveraging the latest-disclosed Exchange vulnerabilities.

Ransomware

Ransomware Education Security Intelligence Accountability

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

The Hacker News

MAY 21, 2021

Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection.

Ransomware

Ransomware Malware Security Intelligence Encryption

LockBit Ransomware: The Hidden Threat in Resume Word Files

Penetration Testing

JANUARY 18, 2024

The AhnLab Security Intelligence Center has uncovered that the LockBit ransomware is being spread through malicious Word files disguised as resumes.

Ransomware

Ransomware Penetration Testing Security Intelligence Malware

New STRRAT RAT Malware Convinces Believe They’ve Fallen Victim to Ransomware, Researchers Find

Hot for Security

MAY 21, 2021

Security researchers have discovered a new massive spam email campaign designed to push the latest version of STRRAT malware, according to data shared by Microsoft. Ransomware attacks are among the most dangerous for people and companies alike. Attackers used compromised email accounts to launch the email campaign.

Ransomware

Ransomware Malware Security Intelligence Encryption

New Trigona Ransomware Threat Actor Uses Mimic Ransomware and BCP Utility in Attacks

Penetration Testing

JANUARY 29, 2024

AhnLab Security Intelligence Center (ASEC) has recently uncovered a concerning development in ransomware attacks. A new threat actor, previously known as Trigona ransomware, has been identified as installing Mimic ransomware.

Ransomware

Ransomware Penetration Testing Security Intelligence Malware

TargetCompany Ransomware Group Escalates Attacks: New Tools and Persistent Targeting of MS-SQL Servers

Penetration Testing

MAY 1, 2024

The world of cybersecurity is witnessing an alarming trend as ransomware groups intensify their attacks on Microsoft SQL (MS-SQL) servers, exploiting weak management practices to deploy devastating malware.

Penetration Testing

Penetration Testing Ransomware Security Intelligence Malware

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Security Affairs

OCTOBER 16, 2022

Microsoft warns that new Prestige ransomware is targeting transportation and logistics organizations in Ukraine and Poland. Microsoft reported that new Prestige ransomware is being used in attacks aimed at transportation and logistics organizations in Ukraine and Poland. ” continues the report.

Ransomware

Ransomware Encryption Backups Security Intelligence

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

MAY 20, 2023

Cybercriminal gang FIN7 returned with a new wave of attacks aimed at deploying the Clop ransomware on victims’ networks. The group was spotted deploying the Clop ransomware in opportunistic attacks in April 2023. Then they use OpenSSH and Impacket to move laterally and deploy the Clop ransomware payload.

Cybercrime

Cybercrime Ransomware Security Intelligence Hacking

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Security Affairs

NOVEMBER 11, 2022

Microsoft linked Prestige ransomware attacks against organizations in Ukraine and Poland to Russia-linked threat actors. Microsoft has identified a new ransomware strain "Prestige" in limited targeted attacks in Ukraine and Poland. The campaign shares victimology with recent operations conducted by Russia-linked threat actors.

Ransomware

Ransomware Telecommunications DNS Hacking

Ransomware may be targeting Microsoft’s Hafnium Exchange Server vulnerabilities

SC Magazine

MARCH 12, 2021

The company confirmed a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft confirmed “a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers,” via its Security Intelligence Twitter account.

Ransomware

Ransomware Security Intelligence Media Accountability

The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO

Security Affairs

AUGUST 7, 2023

Senior official reports a quadruple increase in ransomware attacks against Finland since it started the process to join NATO. The number of ransomware attacks targeting Finland has increased fourfold since the country began the process of joining NATO in 2023. So I don’t believe there’s a single silver bullet.”

Ransomware

Ransomware Government Cyber threats Security Intelligence

Cybercriminal on Cybercriminal Crime: Ransomware Hijacks CoinMiner

Penetration Testing

JUNE 5, 2024

In an unexpected twist of cybercrime, security researchers at AhnLab Security Intelligence Center (ASEC) have revealed a bizarre case of one criminal gang inadvertently aiding another.

Ransomware

Ransomware Cybercrime Security Intelligence Malware

Artificial Intelligence meets real talk at IRISSCON 2024

BH Consulting

NOVEMBER 14, 2024

That’s because criminals are “slow to change” and they have little incentive to invest in alternatives as long as easy exploits like ransomware continues to make money. Another recurring theme was ransomware. Criminals aren’t investing anywhere near the amount of money in AI as legitimate companies, McArdle added. Drowning in data?

Artificial Intelligence

Artificial Intelligence Ransomware Social Engineering Cybersecurity

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 10, 2020

The TA505 group was involved in campaigns aimed at distributing the Dridex banking Trojan, along with Locky , BitPaymer , Philadelphia , GlobeImposter , and Jaff ransomware families. Security experts from cyber-security firm Prevailion reported that TA505 has compromised more than 1,000 organizations. states Microsoft.

Cybercrime

Cybercrime Security Intelligence Authentication Banking

Ransom hits main street

Webroot

NOVEMBER 5, 2021

But despite the headlines, most ransomware targets families as well as small and medium sized businesses. Targeted by ransomware. Ransomware uses modern technology and cutting-edge tools to do something that feels decidedly old fashioned – steal from you. Ransomware tactics. Their goal is disruption.

Ransomware

Ransomware Backups Technology Banking

A week in security (August 9 – August 15)

Malwarebytes

AUGUST 16, 2021

Last week on Malwarebytes Labs: Home routers are being hijacked using a vulnerability disclosed just 2 before Ransomware turncoat leaks Conti data, lifts the lid on the ransomware business Check your passwords! Stay safe, everyone!

Social Engineering

Social Engineering Scams VPN Phishing

SolarWinds Serv-U bug exploited for Log4j attacks

Security Affairs

JANUARY 19, 2022

We reported our discovery to SolarWinds, and security updates have been released. More info: [link] — Microsoft Security Intelligence (@MsftSecIntel) January 19, 2022. In the past, other threat actors exploited Serv-U vulnerabilities to carry out malicious activities.

Authentication

Authentication Hacking Ransomware Security Intelligence

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Security Affairs

FEBRUARY 2, 2020

pic.twitter.com/mcRyEBUmQH — Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020. The TA505 group was involved in campaigns aimed at distributing the Dridex banking Trojan, along with Locky , BitPaymer , Philadelphia , GlobeImposter , and Jaff ransomware families. based electrical company, a U.S.

Malware

Malware Security Intelligence Banking Phishing

Iran-linked APT groups continue to evolve

Security Affairs

NOVEMBER 17, 2021

Learn more from this blog summarizing these trends, as presented at #CyberWarCon : [link] — Microsoft Security Intelligence (@MsftSecIntel) November 16, 2021. The analysis focuses on six Iranian hacking groups that are increasingly utilizing ransomware to either fundraise or disrupt the computer networks of the targets.

VPN

VPN Accountability Social Engineering Media

More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard

eSecurity Planet

OCTOBER 4, 2021

percent of all malware detected on networks of WatchGuard Technologies customers in the second quarter came over encrypted connections, raising the security risk for the 80 percent of such organizations that lack processes for decrypting and scanning HTTPS traffic for threats. PowerShell, Ransomware Threats Grow. A surprising 91.5

Encryption

Encryption Malware Ransomware Firewall

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

Security Affairs

SEPTEMBER 24, 2020

pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020. Emotet malware is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot). Additional malware is downloaded and installed when running these macros.

Malware

Malware Passwords Advertising Ransomware

A week in security (June 28 – June 4)

Malwarebytes

JULY 5, 2021

Other cybersecurity news. Stay safe, everyone!

Cyber Insurance

Cyber Insurance Social Engineering Scams Insurance

Malware authors join forces and target organisations with Domino Backdoor

Malwarebytes

APRIL 18, 2023

There’s a new ransomware gang in town, stitched together from members of well known threat creators to push a new kind of malware focused on punishing unwary organisations. The malware family, called “Domino”, is the brainchild of FIN7 and ex-Conti ransomware members. This current campaign is, sadly, no different.

Malware

Malware Banking Ransomware Passwords

Customized threat intelligence can track down ransomware gangs

SC Magazine

JULY 2, 2021

Today’s columnist, Troy Wachter of Cyberint, says defeating ransomware groups like the one that hit Colonial Pipeline will take teamwork across departments and threat intelligence tools that show how and where specific threats have originated and how they are evolving. OrbitalJoe CreativeCommons CC BY-NC-ND 2.0.

Ransomware

Ransomware Engineering Encryption Insurance

2022: The threat landscape is paved with faster and more complex attacks with no signs of stopping

Webroot

JANUARY 7, 2022

“In 2022, the widespread growth of mobile access will increase the prevalence of mobile malware, given all of the behavior tracking capabilities,” says Grayson Milbourne, security intelligence director, Carbonite + Webroot, OpenText companies. Ransomware. Earlier in 2021, we detailed the hidden costs of ransomware in our eBook.

Cybercrime

Cybercrime Ransomware Phishing Cryptocurrency

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

MARCH 12, 2021

Microsoft researchers also spotted a ransomware gangs that is exploiting ProxyLogon flaws to spread a piece of malware tracked as DearCry. We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. and also as DearCry. and also as DearCry.

Cyber Attacks

Cyber Attacks Cybercrime Authentication Hacking

Webroot managed detection and response (MDR) purpose-built for MSPs

Webroot

JUNE 2, 2022

According to the latest 2022 BrightCloud® Threat Report , small to medium-sized businesses (SMBs) are particularly vulnerable to becoming a victim of a ransomware attack. Without human security experts and solutions at their disposable, these businesses remain susceptible to attacks.

Threat Detection

Threat Detection Cyber Insurance Small Business Insurance

Trickbot is the most prolific malware operation using COVID-19 themed lures

Security Affairs

APRIL 18, 2020

pic.twitter.com/V2JcZg2kjt — Microsoft Security Intelligence (@MsftSecIntel) April 17, 2020. Then the attackers attempt to monetize their efforts by deploying other payloads, like the Ryuk Ransomware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Malware

Malware Advertising Security Intelligence Phishing

Thales Named Overall Leader in KuppingerCole’s Leadership Compass Data Security Platforms

Thales Cloud Protection & Licensing

MARCH 25, 2025

This results in fewer resources dedicated to security operations, ubiquitous compliance controls, and significantly reduced risk across complex IT environments To learn more about the strengths of Thaless leading data security platform, read the full KuppingerCole report here.

Unstructured Data

Unstructured Data Marketing Threat Detection Encryption

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

The infamous banking trojan is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot). pic.twitter.com/POppQ51uMX — Microsoft Security Intelligence (@MsftSecIntel) September 22, 2020.

Government

Government Banking Advertising Malware

Thales Named Overall Leader in KuppingerCole’s Leadership Compass Data Security Platforms

Security Boulevard

MARCH 25, 2025

This results in fewer resources dedicated to security operations, ubiquitous compliance controls, and significantly reduced risk across complex IT environments To learn more about the strengths of Thaless leading data security platform, read the full KuppingerCole report here.

Unstructured Data

Unstructured Data Marketing Threat Detection Encryption

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

The Last Watchdog

MAY 1, 2019

Lucy’s’s software allows companies to easily set-up customizable mock attacks to test employees’ readiness to avoid phishing, ransomware and other attacks with a social engineering component. This is stunning: phishing attacks soared in 2018, rising 250% between January and December, according to Microsoft’s Security Intelligence Report.

Social Engineering

Social Engineering Engineering Phishing Banking

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Daniel Miessler

NOVEMBER 6, 2020

This gap between need and skilled people is even more acute due to the rise of the ransomware threat , and the world is going to have to respond with more people who can at least do the basics, even if that’s through short certification programs. ESG and ISSA. I think we need a national program to address this.

InfoSec

InfoSec Insurance Artificial Intelligence Cybersecurity

“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft

Malwarebytes

JUNE 14, 2022

We urge customers to upgrade to the latest version or apply recommended mitigations: [link] — Microsoft Security Intelligence (@MsftSecIntel) June 11, 2022. AvosLocker Ransomware and Linux botnets are getting in on the action. A mixed bag of attacks. Has Windows & Linux versions.

Ransomware

Ransomware Scams Security Intelligence Encryption

IT giants warn of ongoing Chromeloader malware campaigns

Security Affairs

SEPTEMBER 20, 2022

This week, VMware and Microsoft warned of an ongoing, widespread Chromeloader malware campaign that is dropping malicious browser extensions, node-WebKit malware, and ransomware. pic.twitter.com/v6sexKgDSg — Microsoft Security Intelligence (@MsftSecIntel) September 16, 2022.

Malware

Malware Adware Ransomware Security Intelligence

VMware urges customers to patch VMware Horizon servers against Log4j attacks

Security Affairs

JANUARY 26, 2022

VMware urges customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks. This month, the Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems.

Internet

Internet Internet Ransomware Hacking

Six Effective Ransomware Risk Reduction Strategies

NopSec

SEPTEMBER 12, 2016

Businesses, governments, and consumers alike need to be aware of ransomware – a type of malware that can inflict serious damage on your finances and productivity in a very short span of time. In earlier days, ransomware programs would simply lock a computer’s screen and prevent programs and files from being opened.

Ransomware

Ransomware Risk Social Engineering Penetration Testing

GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

The Last Watchdog

MAY 20, 2022

By utilizing a structured mix of network and endpoint monitoring, behavioral analysis, Machine Learning tools, and threat intelligence, Heimdal’s XDR/SOC acts as a central hub for security intelligence, gathering and dynamically comparing input from multiple sources (endpoints, networks, cloud workloads) to detect threats faster and ramp up response (..)

Marketing

Marketing Digital transformation Technology Cybersecurity

NEW TECH: Exabeam retools SIEMs; applies credit card fraud detection tactics to network logs

The Last Watchdog

MARCH 19, 2019

Security information and event management, or SIEM, could yet turn out to be the cornerstone technology for securing enterprise networks as digital transformation unfolds. Related: How NSA cyber weapon could be used for a $200 billion ransomware caper. Exabeam is a bold upstart in the SIEM space.

Big data

Big data Internet Internet IoT

Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604)

Microsoft warns about ongoing PonyFinal ransomware attacks

Trending Sources

STRRAT RAT spreads masquerading as ransomware

Ransomware Series: Video 2

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

New’ DearCry’ Ransomware Targets Unpatched Exchange Clients as Microsoft Takes Down ‘ProxyLogon’ PoC

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

LockBit Ransomware: The Hidden Threat in Resume Word Files

New STRRAT RAT Malware Convinces Believe They’ve Fallen Victim to Ransomware, Researchers Find

New Trigona Ransomware Threat Actor Uses Mimic Ransomware and BCP Utility in Attacks

TargetCompany Ransomware Group Escalates Attacks: New Tools and Persistent Targeting of MS-SQL Servers

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Ransomware may be targeting Microsoft’s Hafnium Exchange Server vulnerabilities

The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO

Cybercriminal on Cybercriminal Crime: Ransomware Hijacks CoinMiner

Artificial Intelligence meets real talk at IRISSCON 2024

Russian Cybercrime group is exploiting Zerologon flaw, Microsoft warns

Ransom hits main street

A week in security (August 9 – August 15)

SolarWinds Serv-U bug exploited for Log4j attacks

Microsoft warns TA505 changed tactic in an ongoing malware campaign

Iran-linked APT groups continue to evolve

More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard

Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns

A week in security (June 28 – June 4)

Malware authors join forces and target organisations with Domino Backdoor

Customized threat intelligence can track down ransomware gangs

2022: The threat landscape is paved with faster and more complex attacks with no signs of stopping

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Webroot managed detection and response (MDR) purpose-built for MSPs

Trickbot is the most prolific malware operation using COVID-19 themed lures

Thales Named Overall Leader in KuppingerCole’s Leadership Compass Data Security Platforms

CISA alert warns of Emotet attacks on US govt entities

Thales Named Overall Leader in KuppingerCole’s Leadership Compass Data Security Platforms

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft

IT giants warn of ongoing Chromeloader malware campaigns

VMware urges customers to patch VMware Horizon servers against Log4j attacks

Six Effective Ransomware Risk Reduction Strategies

GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

NEW TECH: Exabeam retools SIEMs; applies credit card fraud detection tactics to network logs

Stay Connected