Operation Earth Kitsune A Dance of Two New Backdoors (Trend Micro) We uncovered two new espionage backdoors associated with Operation Earth Kitsune: agfSpy and dneSpy. This post provides details about these malware types, including the relationship between them and their command and control (C&C) servers
Chinese Hackers Expanding Global Footprint Exploiting Common Vulnerabilities, Report Says (International Business Times, Singapore Edition) After the NSA published a list of 25 common vulnerabilities, cybersecurity research firm Check Point found that Chinese hackers have been exploiting them to expand globally
Cyberattacks target international conference attendees (Microsoft on the Issues) Today, we’re sharing that we have detected and worked to stop a series of cyberattacks from the Iranian threat actor Phosphorous masquerading as conference organizers to target more than 100 high-profile individuals, including potential attendees of the upcoming Munich Security Conference and the T20 Summit in Saudi Arabia.
Microsoft detects cyberattacks from Iran-linked actor engaged in intelligence collection (Reuters) Microsoft Corp <MSFT.O> said on Wednesday that it detected and attempted to stop a series of cyberattacks from Phosphorus, which the company described as an 'Iranian actor', with the attacks aimed to target over 100 high-profile individuals.
Microsoft: Iranian attackers hacked security conference attendees (BleepingComputer) Microsoft disclosed today that Iranian state-sponsored hackers successfully hacked into the email accounts of multiple high-profile individuals and potential attendees at this year's Munich Security Conference and the Think 20 (T20) summit.
Microsoft warns that Iranian hackers are targeting the Munich Security Conference (SiliconANGLE) Microsoft warns that Iranian hackers are targeting the Munich Security Conference - SiliconANGLE
Building wave of ransomware attacks strike U.S. hospitals (Reuters) Eastern European criminals are targeting dozens of U.S. hospitals with ransomware, and federal officials on Wednesday urged healthcare facilities to beef up preparations rapidly in case they are next.
European ransomware group strikes US hospital networks, analysts warn (CyberScoop) An Eastern European cybercriminal group has conducted ransomware attacks at multiple U.S. hospitals in recent days in some of the most disruptive cyber-activity in the sector during the coronavirus pandemic, cybersecurity company FireEye said Wednesday.
Ryuk Ransomware Delivered Using Malware-as-a-Service Tool (BankInfo Security) The operators behind the Ryuk strain of malware are increasingly relying on a malware-as-a-service tool - the Buer loader - to deliver the malware, rather than
FBI warns ransomware assault threatens US healthcare system (ABC News) Federal agencies say cybercriminals are unleashing a major ransomware assault against the U.S. healthcare system
FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals (KrebsOnSecurity) On Monday, Oct. 27, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Department of…
Hospitals being hit in coordinated, targeted ransomware attack from Russian-speaking criminals (Washington Post) Russian-speaking cybercriminals in recent days have launched a coordinated attack targeting U.S. hospitals already stressed by the coronavirus pandemic with ransomware that analysts worry could lead to fatalities.
Ransomware Activity Targeting the Healthcare and Public Health Sector (CISA) This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health Sector (HPH) to infect systems with Ryuk ransomware for financial gain.
New Emotet delivery method spotted during downward detection trend (Malwarebytes Labs) Emotet got a superficial facelift this week, hiding itself within a fake request asking users to update Microsoft Word to take advantage of new features.
EXCLUSIVE: Medical Records of 3.5 Million U.S. Patients Can be Accessed and Manipulated by Anyone (SecurityWeek) The results of 13 million medical exams relating to around 3.5 million U.S. patients are unprotected and available to anyone on the Internet, with more than 2 petabytes exposed.
German infectious disease agency hit again by hackers after arson attack (Reuters) Germany's Robert Koch Institute for infectious disease control was targeted again by hackers on Wednesday, days after its headquarters was damaged in an arson attack, the Interior Ministry said.
Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser (FireEye) Mandiant Threat Intelligence has tracked several loader and backdoor campaigns that lead to the post-compromise deployment of ransomware.
REvil ransomware gang claims over $100 million profit in a year (BleepingComputer) REvil ransomware developers say that they made more than $100 million in one year by extorting large businesses across the world from various sectors.
Keeping ransomware cash away from your business (Malwarebytes Labs) Ransomware gangs are in the news for donating stolen funds to charitable organisations. Is this a good thing, or ultimately a terrible idea?
A Lesson in Phishing: University Account Takeover (INKY) If your business works with any universities, you’ll want to know about the latest phishing scam involving university account takeovers. Learn how hackers are harvesting credentials from businesses and what you can do to protect your company’s interests.
Fake COVID-19 survey hides ransomware in Canadian university attack (Malwarebytes Labs) Universities are a hot target for ransomware right now. In this latest attack, a threat actor was targeting the University of British Columbia.