Ransomware attacks are becoming a significant threat to critical infrastructure, with financial impacts soaring up to $1 million per incident. A survey conducted by Claroty, which involved 1,100 security professionals in sectors such as chemical manufacturing, healthcare, and energy, revealed that 45% of organizations suffered financial losses exceeding $500,000 due …
New research reveals significant gaps in third-party risk management within the financial sector, highlighted by recent incidents like the CrowdStrike IT outage. Despite increasing reliance on complex third-party IT ecosystems, only a small percentage of financial institutions have robust exit plans for supplier disruptions. The lack of preparedness leaves the …
The Brain Cipher ransomware group claims they orchestrated a cyberattack on several French national museums, including the iconic Le Grand Palais, during the recent Olympic Games. They allege they have stolen 300GB of data and plan to leak it today. The attack targeted financial systems related to 40 institutions overseen …
A new malware campaign targeting Magento-based online stores has surfaced, with cybercriminals injecting digital skimmers to steal credit card details. These skimmers capture information like card numbers, expiration dates, and CVV codes during the checkout process. The attackers exploited a common vulnerability across hundreds of stores, resulting in over a …
The Everest ransomware group, a Russian-speaking threat actor, has intensified its focus on the U.S. healthcare sector. This group, active since 2020, recently claimed responsibility for attacks on medical care providers in New York and Nevada, stealing sensitive patient and doctor information. Everest’s activities include ransomware operations and selling unauthorized …
A recent malvertising campaign has targeted Slack users by leveraging Google’s ad platform. The attackers created a fake ad that initially appeared legitimate, redirecting users to Slack’s official site. However, after days of inactivity, the ad began directing users to a fraudulent website designed to mimic Slack and deliver malware. …
Cybercriminals are exploiting the Steam gaming platform to host command and control (C2) domains by using Steam user accounts. This allows malware to fetch details for establishing a destination for C2 or data exfiltration. A recent investigation revealed a threat actor hiding their C2 domains with a substitution cipher, which, …
Sophos researchers recently analyzed a ransomware attack by RansomHub, uncovering a new tool that disables Endpoint Detection and Response (EDR) systems. They named this tool EDRKillShifter, which allows attackers to disable EDR agents before launching further attacks. John Bambenek, President of Bambenek Consulting, noted that while RansomHub currently uses this …
Researchers discovered eight vulnerabilities in Microsoft applications for macOS, including Teams, Outlook, and Word, that could allow attackers to gain access to users’ microphones, cameras, and more. The vulnerabilities exploit permissions previously granted to the apps, enabling malicious actors to record video or audio without the user’s knowledge. According to …
Security researchers at Palo Alto Networks uncovered a large-scale extortion campaign exploiting misconfigured cloud environments. Attackers targeted over 110,000 domains by accessing exposed .env files, which contained sensitive information like AWS IAM keys, SaaS API keys, and database logins. These misconfigurations allowed attackers to infiltrate cloud environments, exfiltrate data, and …
