16 Oct, 2024

Akira and Fog ransomware now exploit critical Veeam RCE flaw

Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers. Code White security researcher Florian Hauser found that the security flaw, now tracked as CVE-2024-40711, is caused by a deserialization of untrusted data weakness that unauthenticated threat actors can exploit in […]

2 mins read

Highline Public Schools confirms ransomware behind shutdown

On Thursday, K-12 school district Highline Public Schools confirmed that a ransomware attack forced it to shut down all schools in early September. Highline Public Schools has over 2,000 staff members and offers programs ranging from early childhood education to college preparation. It serves over 17,500 students across 34 schools in the Burien, Des Moines, […]

3 mins read

Evil Corp hit with new sanctions, BitPaymer ransomware charges

The Evil Corp cybercrime syndicate has been hit with new sanctions by the United States, United Kingdom, and Australia. The US also indicted one of its members for conducting BitPaymer ransomware attacks. In 2019, the United States sanctioned seventeen individuals and seven entities linked to the Evil Corp gang, including the group’s leader, Maksim Yakubets. Today, the US Treasury’s […]

5 mins read

Fake browser updates spread updated WarmCookie malware

A new ‘FakeUpdate’ campaign targeting users in France leverages compromised websites to show fake browser and application updates that spread a new version of the WarmCookie backdoor. FakeUpdate is a cyberattack strategy used by a threat group known as ‘SocGolish’ who compromises or creates fake websites to show visitors fake update prompts for a variety of applications, such […]

3 mins read

Ransomware attack forces UMC Health System to divert some patients

Texas healthcare provider UMC Health System was forced to divert some patients to other locations after a ransomware attack impacted its operations. In an announcement published on its website late last week, which is offline at the time of writing, UMC disclosed it is responding to an IT outage impacting its network. While facilities remain […]

2 mins read

JPCERT shares Windows Event Log tips to detect ransomware attacks

Japan’s Computer Emergency Response Center (JPCERT/CC) has shared tips on detecting different ransomware gang’s attacks based on entries in Windows Event Logs, providing timely detection of ongoing attacks before they spread too far into a network. JPCERT/CC says the technique can be valuable when responding to ransomware attacks, and identifying the attack vector among various […]

2 mins read

Embargo ransomware escalates attacks to cloud environments

Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets. The threat actor first emerged in 2021 as a ransomware affiliate for the Sabbath ransomware operation. Later they started to deploy file-encrypting malware from Hive, BlackCat, LockBit, and Hunters International gangs. […]

3 mins read

AutoCanada says ransomware attack “may” impact employee data

AutoCanada is warning that employee data may have been exposed in an August cyberattack claimed by the Hunters International ransomware gang. Although the firm says it has detected no fraud campaigns targeting impacted individuals, it is sending notifications to alert affected people of potential risks. In mid-August, the car dealership company disclosed that it had […]

3 mins read

RansomHub claims Kawasaki cyberattack, threatens to leak stolen data

Kawasaki Motors Europe has announced that it’s recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak stolen data. The company says the attack targeted its EU headquarters, and it is currently analyzing and cleaning any “suspicious material,” such as malware, that may still be lurking on systems. “At the […]

3 mins read

RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software

The RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to disable endpoint detection and response (EDR) services on target systems. After taking down the defenses, RansomHub deployed the LaZagne credential-harvesting tool to extract logins from various application databases that could help move laterally on the network. TDSSKiller abused in ransomware attacks Kaspersky […]

2 mins read