Security
-
Read moreThe Helldown ransomware, derived from LockBit 3.0, has expanded its attack scope to include VMware and Linux systems. Targeting critical industries such as IT, telecommunications, and healthcare, the ransomware exploits vulnerabilities in Zyxel firewalls and virtualized infrastructures. With aggressive tactics like double extortion and data encryption, Helldown poses a significant threat while showing signs of ongoing evolution. -
Read moreA new fraud campaign led by the Chinese threat actor SilkSpecter is leveraging 4,700 fake e-commerce websites to steal payment card details and personal information. These sites mimic popular brands and utilize legitimate payment processors like Stripe to deceive victims. -
Read moreA new ransomware strain, Ymir, is causing alarm with its unique memory exploitation tactics to evade detection. This advanced ransomware, following an initial breach via RustyStealer malware, recently hit a corporate network in Colombia, signaling the growing complexity and sophistication of ransomware strategies that target high-value corporate credentials. -
Read moreA new method in cyberattacks uses ZIP file concatenation to deliver malicious payloads undetected. By leveraging differences in ZIP parser handling, attackers can hide trojans in ZIP files, targeting unsuspecting users via phishing emails disguised as legitimate notices. -
Read moreThe newly discovered SteelFox malware leverages a vulnerable driver to escalate privileges, enabling it to steal sensitive data and mine cryptocurrency on Windows machines. Distributed through cracked software on forums and torrent sites, SteelFox presents significant risks to users of popular programs like AutoCAD, JetBrains, and Foxit PDF Editor. -
Read moreThe newly emerged Interlock ransomware is designed to specifically target FreeBSD servers, exploiting the OS's prevalence in critical infrastructure environments. This ransomware operation, active since late September 2024, has already compromised several organizations, using a unique FreeBSD-based encryptor to execute double-extortion attacks, leaving critical services vulnerable. -
Read moreFortinet has disclosed an actively exploited critical vulnerability, CVE-2024-47575, impacting FortiManager and FortiAnalyzer devices, which has been attributed to threat cluster UNC5820. This flaw, labeled FortiJump, enables remote unauthenticated attackers to execute arbitrary code on compromised systems, allowing for data exfiltration and potential lateral movement across enterprise networks. The U.S. CISA has flagged this vulnerability for immediate federal agency action, urging rapid patching to prevent unauthorized access and data theft. -
Read moreA new variant of the Qilin (Agenda) ransomware, known as Qilin.B, has been discovered with enhanced encryption methods, improved evasion techniques, and capabilities to disrupt data recovery. This strain targets both Windows and network systems, making it a serious threat to enterprises across various sectors. -
Read moreRansomware gangs are using the notorious LockBit’s reputation to intimidate victims and carry out sophisticated data exfiltration attacks via Amazon S3 Transfer Acceleration. These attacks exploit embedded AWS credentials and target Windows and macOS systems, encrypting data and applying pressure tactics to extract ransom payments. -
Read moreCybercriminals are increasingly abusing the open-source EDRSilencer tool to tamper with Endpoint Detection and Response (EDR) solutions and conceal their malicious activities. This tool uses the Windows Filtering Platform (WFP) to block security software from communicating, making it harder for organizations to detect and remove malware.
Recent Posts
November 20, 2024
November 15, 2024
