Patches, crooks, spies, privateers, and mercenaries
Cisco patches command injection vulnerability. NIST issues antiphishing guidance. HeadCrab malware's worldwide distribution campaign. Gamaredon update: the APT is more interested in collection than destruction. Recovering from gangland's cyberattacks. Trends in cyberattacks by state-sponsored actors.
More than a hundred gangs use ransomware. Sandworm's NikoWiper and Ukraine's energy sector. Mobilizing cybercriminals in a hybrid war. Firebrick Ostrich and business email compromise. Telegram used for sharing stolen data and selling malware. Crypto scams find their way into app stores. Third party-risk management: balancing security, economy, and convenience. Fraudulent professional credentials in the C2C market.
Perspective on the cybercriminal labor market. DocuSign impersonated in credential-harvesting campaign. Social engineering pursues financial advisors. Killnet is active against the US healthcare sector. Further reflections on the GRU's SwiftSlicer wiper. SVR activity in the hybrid war. Russia insists that it's the real victim here.
Gootloader's evolution. Yandex source code leaked. New GRU wiper malware active against Ukraine. Latvia reports cyberattacks by Gamaredon. Russia and the US trade accusations of malign cyber activity. A hacktivist auxiliary's social support system.
Hive is down. Killnet continues retaliatory DDoS against German targets. CISA advisories.
Hive ransomware gang taken down. Killnet continues reprisals against German targets. CISA releases eight ICS advisories. CISA also adds an entry to its Known Exploited Vulnerabilities Catalog.
