Tag: Cyberattack

Third Ivanti VPN Vulnerability Under Massive Exploitation

One more vulnerability in Ivanti VPN software is actively exploited

Experts have discovered a third Server Side Request Forgery (SSRF) vulnerability in Ivanti products. This is a serious security issue for corporate VPN devices. The new vulnerability allows unauthorized access to restricted resources that were available only after authentication. Ivanti SSRF Vulnerability Exploited Ivanti, a renowned corporate VPN appliance provider, has issued a warning regarding… Continue reading Third Ivanti VPN Vulnerability Under Massive Exploitation

Claro Company Hit by Trigona Ransomware

One more telecom giant fell victim to a ransomware attack

Claro Company, the largest telecom operator in Central and South America, disclosed being hit by ransomware. Representatives shared this information in response to the service disruptions in several regions. From the ransom note it becomes clear that the attackers are Trigona ransomware. Claro Telecom Hacked, Services Disrupted Since January 25, 2024 Claro Telecom customers have… Continue reading Claro Company Hit by Trigona Ransomware

Carbanak is Back with a New Spreading Tactic

The banking malware Carbanak has been observed being used in ransomware attacks with updated tactics.

The Carbanak cybercrime group, infamous for its banking malware, has resurfaced with new ransomware tactics, marking a significant evolution in their modus operandi. This development, as reported by the NCC Group, reflects Carbanak’s adaptability and increased threat to global cybersecurity Carbanak is Back, Using New Distribution Methods Carbanak’s return is marked by a significant shift… Continue reading Carbanak is Back with a New Spreading Tactic

Kyivstar, Ukraine’s Biggest Cell Carrier, Hacked

Hackers managed to destroy all the software infrastructure

On Tuesday, December 12, 2023, Ukraine’s largest cellular operator Kyivstar got its network infrastructure ruined. This is a result of a hack that was most likely executed by a Russian threat actor. I considered delaying writing this post to gather more facts regarding the situation. On day 1, nothing but speculation and suppositions were available.… Continue reading Kyivstar, Ukraine’s Biggest Cell Carrier, Hacked

PoolParty Injection Techniques Circumvent EDR Solutions

Enthusiasts presented 8 new malware injection ways, based on Windows ThreadPool system

A set of process injection techniques, named PoolParty, was presented at the Black Hat Europe 2023 conference. A set of 8 tricks allows to force running any malicious code, and circumvents protection of top-notched EDR solutions. PoolParty Process Injection Exploits Windows Mechanisms The initial presentation of the techniques, along with further analysis, reveals a chain… Continue reading PoolParty Injection Techniques Circumvent EDR Solutions

AeroBlade TA Spies On U.S. Aerospace Industry

AeroBlade, a new threat actor, targets the U.S. Aerospace Industry. Analysts suppose it is a commercial espionage act

Cybersecurity experts have uncovered a sophisticated cyberespionage campaign targeting a prominent U.S. aerospace organization. The threat actor, identified as AeroBlade, executed a spear phishing attack, raising serious questions about the overall cybersecurity preparedness within critical industries. AeroBlade Attacks US Aerospace Company According to the cybersecurity experts, the spear phishing attack included sending the malicious file… Continue reading AeroBlade TA Spies On U.S. Aerospace Industry

Henry Schein was hacked twice by BlackCat ransomware

Healthcare company Henry Schein is restoring systems after a ransomware group re-encrypted files during negotiations.

Henry Schein Global, a healthcare solutions provider, faced a persistent cybersecurity nightmare. The BlackCat/ALPHV ransomware gang is launching a second wave of attacks, claiming to have re-encrypted files after stalled negotiations. The company, headquartered in Melville, New York, is restoring systems. It happened after the cybercrime group took credit for an initial breach on October… Continue reading Henry Schein was hacked twice by BlackCat ransomware

LitterDrifter – Russia’s USB Worm Targeting Ukrainian Entities

LitterDrifter USB worm is a cyber threat targeting Ukrainian entities, emphasizing the need for robust cybersecurity defenses worldwide.

LitterDrifter USB worm, intricately linked to the notorious Gamaredon group and originating from Russia. It has set its sights on Ukrainian entities, adding a concerning layer to the already complex world of state-sponsored cyber espionage. This USB worm, believed to be orchestrated by Russian actors, not only showcases the adaptability and innovation of Gamaredon but… Continue reading LitterDrifter – Russia’s USB Worm Targeting Ukrainian Entities

ALPHV/BlackCat Ransomware Reports MeridianLink Hack To SEC

Ransomware operators made use of the recent law to force the victim to pay the ransom

Ransomware Gang ALPHV Takes Unprecedented Step: Files SEC Complaint Over Alleged Victim’s Undisclosed Breach. And no, this is not a joke from ChatGPT. Hackers from BlackCat/ALPHV group found yet another way to make the victim pay the ransom. ALPHV Files SEC Compliant The ALPHV/BlackCat filed a complaint with the U.S. Securities and Exchange Commission (SEC)… Continue reading ALPHV/BlackCat Ransomware Reports MeridianLink Hack To SEC

Moneris Hacked, Medusa Ransomware Claims

Major Canadian fintech Moneris hacked by Medusa ransomware.

Canadian fintech giant Moneris has been claimed to have been hacked by the notorious Medusa ransomware group. It sends shockwaves through the country’s financial sector. The group is known for its aggressive tactics and audacious targets. They have demanded a ransom of $6 million in exchange for stolen data and the prevention of further disruption.… Continue reading Moneris Hacked, Medusa Ransomware Claims