Two sources in the zero-day industry say Operation Zero’s prices for exploits against the popular messaging app Telegram will depend on different factors.
Security News | TechCrunch – Read More
The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a “global espionage campaign” that took place in 2022 targeting seven organizations.
These entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States. The activity, which took place
The Hacker News – Read More
Industry professionals comment on Google acquiring cloud security giant Wiz for $32 billion in cash.
The post Industry Reactions to Google Buying Wiz: Feedback Friday appeared first on SecurityWeek.
SecurityWeek – Read More
The FishMonger APT group, a subdivision of Chinese cybersecurity firm I-Soon, compromised seven organizations in a 2022 campaign.
The post Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley appeared first on SecurityWeek.
SecurityWeek – Read More
Amid growing concerns over Big Tech firms aligning with Trump administration policies, people are starting to move their digital lives to services based overseas. Here’s what you need to know.
Security Latest – Read More
Former NFL and University of Michigan assistant football coach Matt Weiss hacked into the computer accounts of thousands of college athletes seeking intimate photos and videos.
The post Former NFL, Michigan Assistant Coach Matt Weiss Charged With Hacking for Athletes’ Intimate Photos appeared first on SecurityWeek.
SecurityWeek – Read More
The Hellcat ransomware group claims to have stolen tens of gigabytes of data from Ascom and Jaguar Land Rover.
The post Ransomware Group Claims Attacks on Ascom, Jaguar Land Rover appeared first on SecurityWeek.
SecurityWeek – Read More
We closely monitor changes in the tactics of various cybercriminal groups. Recently, experts from Kaspersky’s Global Research and Analysis Team (GReAT) noted that, after attacks with Fog ransomware, malefactors were publishing not only victim’s data, but also the IP addresses of the attacked computers. We haven’t seen this tactic used by ransomware groups before. In this post, we explain why it’s important and what the purpose of this tactic is.
Since the ransomware business began to turn into a full-fledged industry, the involved cybercriminals have been splitting themselves up into various specializations. Nowadays, the creators of the ransomware and the people directly behind the attacks are most often not connected in any way — the former develop the malware along with a platform for attacks and subsequent blackmailing, while the latter simply buy access to the code and infrastructure under the ransomware-as-a-service (RaaS) model.
Fog ransomware is one such platform — first noticed in early 2024. The malware is used to attack computers running either Windows or Linux. As is customary among ransomware operators in recent years, the affected data is not only encrypted, but also uploaded to the attackers’ servers, and then, if the victim refuses to pay, published on a TOR site.
Attacks using Fog were carried out against companies working in the fields of education, finance, and recreation. Often, criminals used previously leaked VPN access credentials to penetrate the victim’s infrastructure.
Our experts believe that the main purpose of publishing IP addresses is to increase the psychological pressure on victims. Firstly, it increases the traceability and visibility of an incident. The effect of publishing the name of a victim company is less impressive, while the IP address can quickly tell not only who the victim was — but also what exactly was attacked (whether it was a server or a computer in the infrastructure). And the more visible the incident, the more likely it is to face lawsuits over data leakage and fines from regulators. Therefore, it’s more likely that the victim will make a deal and pay the ransom.
In addition, publishing an IP address sends a signal to other criminal groups, which can use the leaked data. They become aware of the address of a knowingly vulnerable machine, and have access to the information downloaded from it, which can be studied and used for further attacks on the infrastructure of the same company. This, in turn, makes the consequences of publication even more unpleasant, and therefore becomes an additional deterrent to ignoring the blackmailer’s demands.
Since most ransomware attacks still start with employee error, we first recommend periodically raising staff awareness about modern-day cyberthreats (for example, using the online training platform.)
In order not to lose access to critical data, we, as usual, recommend making backups and keeping them in storage isolated from the main network. To prevent the ransomware from running on the company’s computers, it’s necessary that each corporate device with access to the network be equipped with an effective security solution. We also recommend that large companies monitor activity in the infrastructure using an XDR class solution, and, if necessary, involve third-party experts in detection and response activities.
Kaspersky official blog – Read More
Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center.
The two critical-rated vulnerabilities in question are listed below –
CVE-2024-20439 (CVSS score: 9.8) – The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an
The Hacker News – Read More
Today, we are discussing Computer Vision applications, one of the most impactful AI-powered technologies that is reshaping our…
Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – Read More