Russia-linked Gamaredon shows signs of possible recent activity in Ukraine, researchers say

A series of cyberattacks on Ukrainian institutions over the past few weeks — including website defacement, computer-wiping malware and phishing campaigns — have the hallmarks of hacking activity associated with the Russian government, but conclusive attribution remains elusive. Research published Thursday, however, shows how a known Russia-linked hacking group, Gamaredon, could be involved in active targeting of Ukrainian targets, including an attempt to compromise a Western government entity in Ukraine on Jan. 19. The findings, published by Palo Alto Networks’ Unit 42 threat intelligence unit, focus on the group as the Russian military amasses more than 100,000 troops along its border with Ukraine. The U.S. and other NATO governments say it’s preparation for a dramatic military escalation. Unit 42 makes clear that its research does not directly tie Gamaredon to the recent high-profile attacks. The team says it mapped out three “large clusters” of Gamaredon infrastructure that are used to support […]

The post Russia-linked Gamaredon shows signs of possible recent activity in Ukraine, researchers say appeared first on CyberScoop.

Continue reading Russia-linked Gamaredon shows signs of possible recent activity in Ukraine, researchers say

Unpacking the rise of BlackCat ransomware: High victim count, high payouts, customized features

Despite being a relative newcomer, the BlackCat ransomware family is moving up the list of the most prolific operators in the space, according to a report from Palo Alto Network’s Unit 42 threat intelligence unit. The group’s latest report, published Thursday and first reported by CyberScoop, found that as of December 2021, BlackCat has the seventh-most victims among all ransomware groups Unit 42 tracks, a remarkable feat considering that BlackCat initially garnered notice in mid-November 2021. “This highlights a worrying trend that newcomers (or reformed groups) can attack many victims in a short space of time,” the researchers wrote. BlackCat is a typical ransomware group in some ways, but has novel aspects that Unit 42 analyzed. Its ransomware is written in Rust, a computer coding language growing in popularity for its web application benefits, memory management and efficiency. Rust has been used in malware in the past, but BlackCat might be the […]

The post Unpacking the rise of BlackCat ransomware: High victim count, high payouts, customized features appeared first on CyberScoop.

Continue reading Unpacking the rise of BlackCat ransomware: High victim count, high payouts, customized features

Interpol arrests 11 alleged members of Nigerian scam syndicate ‘SilverTerrier’

International law enforcement authorities say they’ve arrested nearly a dozen members of a notorious Nigerian cybercrime gang potentially responsible for targeting as many as 50,000 victims in various scams in recent years. Some of the 11 suspects are thought to be associated with “SilverTerrier,” a syndicate accused of employing a range of malware variants in tens of thousands of financial scams dating back to at least 2014, Interpol said Wednesday. The announcement comes two months after three members of the same group were arrested after a year-long Interpol-led investigation called Operation Falcon into the prolific business email compromise (BEC) scams the group’s members are alleged to have pulled off over the years. Authorities called this latest roundup Operation Falcon II. The arrests occurred between Dec. 13 and 22, but it’s not clear exactly where. A statement from a senior Nigerian law enforcement official and included in the Interpol release referenced […]

The post Interpol arrests 11 alleged members of Nigerian scam syndicate ‘SilverTerrier’ appeared first on CyberScoop.

Continue reading Interpol arrests 11 alleged members of Nigerian scam syndicate ‘SilverTerrier’

Tigera strengthens real-time intrusion detection and prevention with container firewalls

Tigera latest release of Calico Cloud and Calico Enterprise further strengthens its unified platform for cloud-native application security and observability by introducing real-time intrusion detection and prevention, integration with the Palo Alto Net… Continue reading Tigera strengthens real-time intrusion detection and prevention with container firewalls

Attackers exploit another zero-day in ManageEngine software (CVE-2021-44515)

A vulnerability (CVE-2021-44515) in ManageEngine Desktop Central is being leveraged in attacks in the wild to gain access to server running the vulnerable software. About CVE-2021-44515 CVE-2021-44515 is an authentication bypass vulnerability that coul… Continue reading Attackers exploit another zero-day in ManageEngine software (CVE-2021-44515)

Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)

An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including defense and tech. “Successful exploitation of the vulnerability allows an at… Continue reading Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)

Infosec products of the month: November 2021

Here’s a look at the most interesting products from the past month, featuring releases from 1Password, Avast, Boxcryptor, Code42, ColorTokens, Cynamics, Fortanix, Hiya, Huntsman Security, Imperva, iStorage, Jetico, Netscout, Palo Alto Networks, Siren, … Continue reading Infosec products of the month: November 2021

Alkira partners with Exclusive Networks to expand its cloud market share

Alkira has appointed Exclusive Networks, a global trusted cybersecurity specialist for digital infrastructure, as a distributor for its cloud networking as-a-service platform (CNaaS). The deal makes Alkira’s CNaaS platform Cloud Services Exchange (CSX)… Continue reading Alkira partners with Exclusive Networks to expand its cloud market share

New infosec products of the week: November 19, 2021

Here’s a look at the most interesting product releases from the past week, featuring releases from 1Password, Fortanix, Jetico, Palo Alto Networks, Saviynt, StorONE, Viavi Solutions and WatchGuard. 1Password 8 for Windows is here, features enhanced sec… Continue reading New infosec products of the week: November 19, 2021

Palo Alto Network CASB helps organizations enable safe adoption of SaaS

Palo Alto Networks introduced the Next-Generation CASB (Cloud Access Security Broker) — raising the bar in SaaS security to accommodate today’s hybrid work tools. As cloud applications, especially modern collaboration tools, power a rapidly expan… Continue reading Palo Alto Network CASB helps organizations enable safe adoption of SaaS