Collaborate Disseminate
Flashpoint released Flashpoint Automate, a low-code security automation platform that enables cyber threat intelligence (CTI), security operation center (SOC), fraud, vulnerability management, and physical security teams to build, implement, and accele… Continue reading Flashpoint Automate accelerates repeatable security-related processes
The risks presented by ransomware and cyber extortion events have likely found a place in your own security team’s discussions, and rightfully so. Ransomware attacks have proliferated in the last decade. The numbers are staggering if not overwhelming, … Continue reading Detection, isolation, and negotiation: Improving your ransomware preparedness and response
Flashpoint says international sanctions and a string of law enforcement actions are causing trouble for criminals to cash out.
The post Russia’s war on Ukraine making life difficult for Russian cybercriminals appeared first on CyberScoop.
Continue reading Russia’s war on Ukraine making life difficult for Russian cybercriminals
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion.
LAPSUS$ is known for stealing data and then demanding a ransom not to publish or sell it. But the leaked chats indicate this mercenary activity was of little interest to the tyrannical teenage leader of LAPSUS$, whose obsession with stealing and leaking proprietary computer source code from the world’s largest tech companies ultimately led to the group’s undoing. Continue reading Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code
Russian authorities have arrested six men accused of operating some of the most active online bazaars for selling stolen payment card data. The crackdown — the second closure of major card fraud shops by Russian authorities in as many weeks — comes closely behind Russia’s arrest of 14 alleged affiliates of the REvil ransomware gang, and has many in the cybercrime underground asking who might be next. Continue reading Russian Govt. Continues Carding Shop Crackdown
In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “BlackCat”), considered to be the first professional cybercrime group to create and use a ransomware strain in the Rust programming language. In this post, we’ll explore some of the clues left behind by the developer who was reputedly hired to code the ransomware variant. Continue reading Who Wrote the ALPHV/BlackCat Ransomware Strain?
Flashpoint announced it has acquired Risk Based Security (RBS), a Richmond, Virginia-based company specializing in vulnerability and data breach intelligence, as well as vendor risk ratings. The integration of RBS’s collections and technology into the … Continue reading Flashpoint acquires Risk Based Security to help businesses detect emerging cyber risks
In a great many ransomware attacks, the criminals who pillage the victim’s network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by Wazawaka, the handle chosen by a major access broker in the Russian-speaking cybercrime scene. Continue reading Who is the Network Access Broker ‘Wazawaka?’
Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in stealing remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the clues left behind by “Babam,” the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occasions over the past few years. Continue reading Who Is the Network Access Broker ‘Babam’?
Cyware announced an expanded partnership with Flashpoint to deliver intelligent automation to security teams. The partnership now features a solution that enables customers to leverage Flashpoint’s intelligence data with Cyware’s Security Orchestration… Continue reading Cyware partners with Flashpoint to empower security teams to automate threat response workflows