Ransomware hackers alleged harassment from U.S.
Views expressed in this cybersecurity-intelligence update are those of the reporters and correspondents.
Accessed on 23 October 2021, 1322 UTC.
Content provided by https://cyware.com.
Please click link or scroll down to read your selections.
Ransomware hackers nervous, allege harassment from U.S.
Several ransomware gangs posted lengthy anti-U.S. screeds. They appear prompted by the news that the FBI had successfully hacked and taken down another major ransomware group called REvil.
After Nation-State Hackers, Cybercriminals Also Add Sliver Pentest Tool to Arsenal
The cybercriminal group tracked as TA551 recently showed a significant change in tactics with the addition of the open-source pentest tool Sliver to its arsenal, according to cybersecurity firm Proofpoint.
Hackers Set Up Fake Company to Get IT Experts to Launch Ransomware Attacks
The financially motivated FIN7 gang has masqueraded as yet another fictitious cybersecurity company called “Bastion Secure” to recruit unwitting software engineers under the guise of penetration testing in a likely lead-up to a ransomware scheme.
Groove ransomware calls on all extortion gangs to attack US interests
The Groove ransomware cybercriminal group is calling on other ransomware extortion groups to attack US interests after law enforcement took down REvil’s infrastructure last week.
This monster of a phishing campaign is after your passwords
Microsoft has detailed an unusual phishing campaign aimed at stealing passwords that uses the ZooToday phishing kit built using pieces of code copied from other hackers’ work.
Swiss exhibitions organizer MCH Group hit by cyberattack
Swiss events organizer and marketing company MCH Group was hit by a malware attack on Wednesday (October 20). The firm says it is working to get systems up and running again.
CISA Awards $2M to Cybersecurity Training Programs
The United States’ Cybersecurity and Infrastructure Security Agency (CISA) has awarded two organizations, NPower and CyberWarrior, $2m to develop cybersecurity workforce training programs.
DarkSide Ransomware Gang Moves Bitcoin Reserves After REvil Got Hit by Law Enforcement Action
The operators of the Darkside and BlackMatter ransomware strains have moved a large chunk of their Bitcoin reserves after news broke that REvil was hit by a law enforcement takedown.
Turkish cybersecurity venture raises $24M to accelerate expansion
This latest round takes the total funding Picus has received to $33 million. The company plans to use the funds to help accelerate its expansion in EMEA and APAC countries.
Microsoft announces security programs for nonprofits as nation-state attacks increase
Microsoft unveiled a new suite of tools on Thursday built to protect nonprofits as threats against philanthropic organizations globally have skyrocketed, particularly from nation-states.
Massive Attack Campaign Uses YouTube to Deliver Password-Stealing Malware
When installed, the malware will communicate with a Command & Control server, where it waits for commands to execute by the attacker, which could entail the running of additional malware.
Google launches Android Enterprise bug bounty program
Google announced the launch of its first bug bounty program for Android Enterprise with rewards of up to $250,000. This builds on the introduction of several security enhancements in Android 12.
Microsoft, Intel and Goldman Sachs Team Up For New Supply Chain Security Initiative
As part of the non-profit Trusted Computing Group (TCG), the companies have created a new Supply Chain Security workgroup that will aim to bring in experts from across the tech sphere.
Scraped Profile Data of 2.6 Million Instagram and TikTok Users Exposed by Unsecured Server at IGBlade
Security researchers have discovered over two million social media user profiles scraped from the internet after they were unwittingly exposed online by an analytics firm, Infosecurity can reveal.
Cyber incident impact sits at over $500,000 for half of small to medium APAC businesses
51% of Asia Pacific small to medium-sized businesses that were hit with a cyber incident in the past year saw the cost of that incident exceed $500,000, according to a survey conducted by Cisco.
Critical Vulnerabilities Found in AUVESY Product Used by Major Industrial Firms
A total of 17 types of vulnerabilities, including many rated critical and high severity, have been found by researchers in the Versiondog data management product made by AUVESY.
U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes
The mandate, which is set to go into effect in 90 days, will forbid the export, re-export, and transfer of “cybersecurity items” to countries of national security or WMD concerns without a license.
KnowBe4 To Buy Awareness Startup SecurityAdvisor For $80M
KnowBe4 has agreed to purchase startup SecurityAdvisor to better identify and correlate human-behavior-driven security alerts generated across each layer of the existing security stack.
RedLine Stealer identified as primary source of stolen credentials on two dark web markets
First spotted in March 2020, the RedLine Stealer is an infostealer. Once it infects a computer, its primary purpose is to collect as much user data as possible and then send it to the attackers.
Cybercriminals Hide RAT Malware as Adult Game to Infect Users via Webhards and Torrents
The attackers are using easily obtainable malware such as njRAT and UDP RAT, wrap them in a package that appears like a game or other program, and then upload them on WebHard.
HTTPS Attestable: Remote, secure, verified enclaves proposed
Two Intel staffers believe web services can be made more secure by not only carrying out computations in remote trusted execution environments, but by also verifying for clients that this was done so.
Keysight Technologies Acquires SCALABLE Network Technologies
Headquartered in Culver City, California, SCALABLE Network Technologies provides network simulation solutions to model and visualize communications networks and cyber threats.
Cybercrime matures as hackers are forced to work smarter
An analysis by Kaspersky of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today.