An unsealed criminal complaint says U.S. investigators used public evidence from various online platforms to identify a Russian national as the alleged creator of the Redline malware.
The Record from Recorded Future News – Read More
A collaboration with the FBI and law-enforcement agencies in Europe, the UK, and Australia, Operation Magnus has seized servers and source code related to the two malware families, which have stolen data from millions of victims worldwide.
darkreading – Read More
Authorities announce server shutdowns, domain seizures, and arrests in RedLine and Meta infostealers takedown operation.
The post RedLine and Meta Infostealers Disrupted by Law Enforcement appeared first on SecurityWeek.
SecurityWeek – Read More
Great CISOs are in short supply, so choose wisely. Here are five ways to make sure you’ve made the right pick.
darkreading – Read More
According to the agency’s press service, the 61-year-old suspect used Ukraine-made software to carry out the DDoS attacks on Russia’s critical information infrastructure. His activity coincided with the regional parliamentary and municipal elections.
The Record from Recorded Future News – Read More
The Ransomware Vulnerability Matrix, a vital repository on GitHub, represents a new step forward in understanding ransomware vulnerabilities. This invaluable repository catalogs known Common Vulnerabilities and Exposures (CVEs) that ransomware groups exploit, providing insights into ransomware types, vulnerable technologies, and the threat actors involved, including ransomware gangs, affiliates, and state-backed actors.
The Ransomware Vulnerability Matrix serves as a critical resource for cybersecurity professionals tasked with prioritizing threats and assessing exposure to ransomware vulnerabilities. Each entry within the matrix details the specific ransomware gang that exploited a particular CVE, links to verification sources, and includes crucial data about the affected technologies. By compiling this information, the matrix aids teams in tracking and mitigating ransomware vulnerabilities effectively.
By providing detailed insights into ransomware vulnerabilities, the matrix highlights the methods and tools employed by ransomware operators, offering a framework for assessing risks and enhancing defenses.
The matrix encompasses a wide array of products and corresponding CVEs exploited by various ransomware groups. Here are a few notable entries:
Adobe ColdFusion
CVE(s): CVE-2023-29300 & CVE-2023-38203
Ransomware Group(s): Storm-0501
Source(s): Microsoft
Apache ActiveMQ
CVE(s): CVE-2023-46604
Ransomware Group(s): RansomHub
Source(s): CISA
Atlassian Confluence
CVE(s):
CVE-2023-22515 (RansomHub)
CVE-2023-22518 (Cerber)
CVE-2022-26134 (Cerber)
These entries not only identify the vulnerabilities but also the associated threat actors, underscoring the complex landscape of ransomware attacks. For instance, the notorious group LockBit has leveraged vulnerabilities in Apache’s Log4j, specifically CVE-2021-44228, to facilitate their attacks.
Ransomware vulnerabilities pose significant risks to organizations, as they can lead to data breaches, operational disruptions, and financial losses. Ransomware gangs exploit these vulnerabilities to infiltrate systems, encrypt critical data, and demand ransoms for decryption keys. Understanding the specific CVEs associated with ransomware attacks allows organizations to implement effective cybersecurity measures.
State-backed actors also play a crucial role in the ransomware ecosystem. Their involvement complicates the threat landscape, as they often have access to advanced tools and techniques that can bypass traditional defenses. The Ransomware Vulnerability Matrix provides insights into these state-backed threats, helping organizations recognize and prepare for potential attacks.
To leverage the insights from the Ransomware Vulnerability Matrix effectively, organizations should consider the following recommendations:
Continuously update the matrix with data from CVE databases to ensure it reflects the latest vulnerabilities and trends.
Implement a system to categorize the severity of each CVE, allowing teams to prioritize patching efforts based on risk.
Include information on when specific CVEs began to be exploited by ransomware groups, providing context for emerging threats.
Offer specific mitigation recommendations for each CVE, enabling organizations to implement targeted defenses.
Develop a notification system for newly discovered vulnerabilities to keep organizations ahead of potential threats.
Link vulnerabilities to tactics and techniques outlined in the MITRE ATT&CK framework for better threat modeling.
The Ransomware Vulnerability Matrix is an organized and insightful resource that empowers cybersecurity professionals in their fight against ransomware attacks. By detailing known vulnerabilities and associating them with specific ransomware types and threat groups, the matrix enhances the ability to assess risks and prioritize defenses.
By utilizing the Ransomware Vulnerability Matrix, organizations can not only upgrade their defenses but also contribute to the broader fight against the cyber threats posed by ransomware gangs. This proactive approach is essential for protecting networks and ensuring the integrity of vital systems.
The post Ransomware Vulnerability Matrix: A Comprehensive Resource for Cybersecurity Analysts appeared first on Cyble.
Blog – Cyble – Read More
Agentic AI security startup Zenity has raised $38 million in a Series B funding round led by Third Point Ventures and DTCP.
The post Zenity Raises $38 Million to Secure Agentic AI appeared first on SecurityWeek.
SecurityWeek – Read More
Custom generative AI solutions have the potential to transform industries, equipping businesses to reach their goals with exceptional…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
CERT-UA, the Cyber Emergency Response Team for Ukraine, uncovered a phishing campaign orchestrated by the threat actor UAC-0215. This campaign specifically targeted public institutions, major industries, and military units across Ukraine.
The phishing emails were cleverly disguised to promote integration with popular platforms like Amazon and Microsoft, as well as advocating for Zero Trust Architecture (ZTA). However, the emails contained malicious .rdp configuration files that, when opened, established a connection to an attacker-controlled server.
This connection provided unauthorized access to a variety of local resources, including disk drives, network assets, printers, audio devices, and even the clipboard. The sophistication of this campaign raises security concerns for critical infrastructure in Ukraine.
The campaign was first detected on October 22, 2024, with intelligence suggesting that the preparatory groundwork was laid as early as August 2024. The phishing operation’s extensive reach highlights not only a localized threat but also a broader international concern, as multiple cybersecurity organizations worldwide have corroborated it. The implications of this attack extend beyond individual organizations, threatening national security.
The primary targets of the phishing campaign include public authorities, major industries, and military organizations within Ukraine. This operation is assessed to have a high-risk score, indicating a threat to these sectors. The campaign is attributed to the advanced persistent threat (APT) group known as UAC-0215, utilizing rogue Remote Desktop Protocol (RDP) techniques.
The phishing campaign attributed to UAC-0215 utilizes rogue Remote Desktop Protocol (RDP) files to infiltrate key Ukrainian institutions. The malicious emails are designed to appear legitimate, enticing recipients to open attachments that ultimately compromise their systems. When a victim unwittingly opens the .rdp configuration file, it connects their computer to the attacker’s server, granting extensive access to critical local resources, including:
Disk Drives
Network Resources
Printers
COM Ports
Audio Devices
Clipboard
This access allows the attackers to execute unauthorized scripts and programs, further compromising the system.
The intelligence gathered suggests that the UAC-0215 campaign extends beyond Ukrainian targets, indicating a potential for broader cyberattacks across multiple regions, especially amid heightened tensions in the area, including recent cyberattacks on Ukraine that have garnered international concern.
This campaign highlights the growing sophistication of phishing tactics employed against Ukraine, as the attackers exploited RDP configurations to gain significant control over critical systems within public and industrial sectors, jeopardizing sensitive information and operational integrity.
To mitigate the risks posed by UAC-0215 and similar threats, organizations are advised to implement the following strategies:
Establish better filtering rules at the mail gateway to block emails containing .rdp file attachments. This measure is critical in reducing exposure to malicious configurations.
Limit users’ ability to execute .rdp files unless specifically authorized. This precaution will minimize the risk of accidental executions that could lead to breaches.
Configure firewall settings to prevent the Microsoft Remote Desktop client (mstsc.exe) from establishing RDP connections to external, internet-facing resources. This step will thwart unintended remote access and reduce the potential for exploitation.
Utilize Group Policy to disable resource redirection in RDP sessions. By setting restrictions under “Device and Resource Redirection” in Remote Desktop Services, organizations can prevent attackers from accessing local resources during RDP sessions.
The post Phishing Campaign Targeting Ukraine: UAC-0215 Threatens National Security appeared first on Cyble.
Blog – Cyble – Read More
The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two information stealers tracked as RedLine and MetaStealer.
The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force codenamed Operation Magnus that involved authorities from the U.S., the U.K., Belgium, Portugal, and
The Hacker News – Read More