Collaborate Disseminate
Researchers discovered a new ransomware gang that appears to be in the early stages of their extortion campaigns.
The post Report: New ransomware gang emerges in Vietnam appeared first on CyberScoop.
Continue reading Report: New ransomware gang emerges in Vietnam
Learn how a malicious driver exploits a loophole in the Windows operating system to run at kernel level. Continue reading Cisco Talos Reports Microsoft Windows Policy Loophole Being Exploited by Threat Actor
This month’s Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16, which includes a nifty new privacy and security feature called “Lockdown Mode.” And Adobe axed 63 vulnerabilities in a range of products. Continue reading Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday
Attack could have been part of an attempted supply chain attack, the researchers said.
The post Hackers attempt to infiltrate Ukrainian tech company with backdoor malware, Talos says appeared first on CyberScoop.
The ZingoStealer information stealer identified by Cisco Talos threat analysts can exfiltrate credentials and steal cryptocurrency wallet information.
The post Information-stealing malware is spreading widely on Telegram, Cisco Talos says appeared first on CyberScoop.
Continue reading Information-stealing malware is spreading widely on Telegram, Cisco Talos says
In January, KrebsOnSecurity examined clues left behind by “Wazawaka,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists.
In last month’s story, we explored clues that led from Wazawaka’s multitude of monikers, email addresses, and passwords to a 30-something father in Abakan, Russia named Mikhail Pavlovich Matveev. This post concerns itself with the other half of Wazawaka’s identities not mentioned in the first story, such as how Wazawaka also ran the Babuk ransomware affiliate program, and later became “Orange,” the founder of the ransomware-focused Dark Web forum known as “RAMP.” Continue reading Wazawaka Goes Waka Waka
A hacking group is targeting Palestinian people and organizations with a wave of years-old malware, according to research published Wednesday. The findings, from Cisco’s Talos threat intelligence division, unpack a surge of attacks starting around October 2021 targeting Palestinians using malware known as Micropsia. The attacks are part of a broader campaign dating back to 2017 connected to a group known as Arid Viper, an Arabic hacking group possibly associated with Hamas that first emerged in 2015. Also known as Desert Falcons or APT-C-23, — “APT” stands for “advanced persistent threat,” a kind of group often associated with nation-state hackers —Kaspersky researchers in 2015 named it the “first exclusively Arabic APT group.” Kaspersky estimated at the time that it numbered 30 or so attackers who employed homemade malware, social engineering and other techniques against targets all over the world. The group’s main motivation is espionage and information theft, Talos noted in […]
The post Researchers detect fresh wave of hacking attacks on Palestinian targets appeared first on CyberScoop.
Continue reading Researchers detect fresh wave of hacking attacks on Palestinian targets
As if ransomware and email fraud didn’t already create enough revenue for cybercriminals, scammers now are auctioning access to their victims’ internet connections in an effort to find more profits. Hackers are seizing on a category of legitimate digital services that allow internet users to rent out access to their web connection in exchange for a small payment. While the stated goal of each of these services varies — one, Honeygain, markets itself as a tool for “effortlessly” earning a “passive income” — they typically promise to enable broadband customers to collect a fee every time an outsider connects to their hotspot. The promise of using an emerging technology to earn a quick buck has been enough to generate consistent engagement on forum sites like Reddit. Hackers are watching, too, of course. Fraudsters are “taking multiple avenues to monetize these new platforms” for their own gain, Cisco’s Talos threat intelligence […]
The post Scammers pounce on internet-for-rent services, generating cryptocurrency in quiet appeared first on CyberScoop.
Continue reading Scammers pounce on internet-for-rent services, generating cryptocurrency in quiet
The so-called PrintNightmare vulnerability in Microsoft software is turning into a dream for ransomware gangs. For the second time this week, security researchers have warned that extortionists exploited the critical flaw in an attempt to lock files and shake down victims. It shows how, more than a month after Microsoft disclosed the bug and urged users to update their software, a new round of exploitation is under way against vulnerable organizations. A ransomware group dubbed Vice Society recently seized on the PrintNightmare bug to move through an unnamed victim’s network and attempt to steal sensitive data, Talos, Cisco’s threat intelligence unit, said Thursday. A day earlier, cybersecurity firm CrowdStrike said that hackers using another type of ransomware had tried to use PrintNightmare to infect victims in South Korea. Neither Talos nor CrowdStrike named the targeted organizations. The PrintNightmare vulnerability affects how Windows’ Print Spooler manages interactions between computers and printers. […]
The post Multiple ransomware gangs pounce on ‘PrintNightmare’ vulnerability appeared first on CyberScoop.
Continue reading Multiple ransomware gangs pounce on ‘PrintNightmare’ vulnerability
The ransomware-induced disruption of Colonial Pipeline, which supplies 45% of fuel consumed on the East Coast, has already forced big changes to U.S. government policies on pipeline security and brought heightened scrutiny of organizations’ decisions to pay hackers ransoms. Now, the incident has factored into one prominent security firm’s decision to change how it publicly classifies the relationship between criminal hacking groups and the governments that host them. Talos, the threat intelligence unit of Cisco, said Wednesday that it would begin using the term “privateers” to describe hacking groups that aren’t controlled by governments but which “benefit from government decisions to turn a blind eye toward their activities.” Other cybersecurity executives have compared the safe havens that some governments provide cybercriminals today with 17th century piracy. “If it were the 17th century, and pirates harassing the English merchant fleet were ducking into Dutch harbors, at what point would the Dutch […]
The post Security researchers suggest naming state-harbored hackers ‘privateers’ appeared first on CyberScoop.
Continue reading Security researchers suggest naming state-harbored hackers ‘privateers’