CISA & FBI has released a joint Cybersecurity Advisory from government agencies in the United States and Australia to warn businesses about the most recent tactics, methods, and procedures (TTPs) utilized by the BianLian ransomware group. Since June 2022, BianLian, a ransomware and data extortion outfit, has been aiming its attacks towards organizations within the United States and Australia’s critical infrastructure. The #StopRansomware alert is based on findings from the FBI and the Australian Cyber Security Centre as of March 2023 and is part of a larger effort to combat ransomware. The goal is to arm defenders with the knowledge…
Olivia William
The Chinese state-sponsored hacking outfit “Camaro Dragon” attacks household TP-Link routers with bespoke “Horse Shell” malware to attack European foreign affairs organizations. Hackers use backdoor virus in custom firmware for TP-Link routers to launch assaults from home networks. According to Check Point research, this attack targets residential and home networks, not important networks. Thus, infecting a home router does not always suggest that the homeowner was a target, but rather that the attackers used it as a tool. The software lets threat actors run shell commands, upload and download data, and use the device as a SOCKS proxy to communicate…
The ransomware attacks of the recently identified RA Group, the latest threat actor to use the stolen Babuk code, have increased in frequency and severity. Their specialized technique sets them apart from the rest of the Babuk tribe. This week, Cisco Talos released an investigation claiming that RA Group had launched on April 22 and had since expanded significantly. So far, it has targeted manufacturing, wealth management, insurance, and pharmaceutical firms in the United States and South Korea. To give some context, in September 2021, the complete source code for the Babuk ransomware was released online, and since then, multiple…
South and Southeast Asian government, airline, and telecom institutions have been targeted by a new APT hacking outfit called Lancefly, which employs a variant of the ‘Merdoor’ backdoor malware. Symantec Threat Labs announced today that Lancefly has been using the stealthy Merdoor backdoor in targeted attacks against businesses since 2018. This allows the attackers to remain persistent, issue instructions, and collect keystroke data. According to the latest Symantec research, “Lancefly’s bespoke malware, which we have termed Merdoor, is a formidable backdoor that looks to have existed since 2018. Researchers at Symantec saw it in action in 2020 and 2021, and…
On April 8 that the Money Message ransomware organization attacked the national pharmacy network PharMerica and its parent company. The home and community healthcare business BrightSpring Health. Threat actors exposed evidence data, a statement was obtained from BrightSpring, and additional evidence and allegations were gained via Money Message. Money Message informed DataBreaches on April 14 that they had locked almost all of the infrastructure of both companies – a claim at odds with BrightSpring’s claim that operations were not impacted) and that, despite some negotiations, they had reached an impasse and would continue leaking data. PharMerica informed the office of…
A rundown of the headlines of news and events from the past week pertaining to ransomware, data breaches, quick response security, and other related topics. Malware Attacks From SmokeLoader And RoarBAT, CERT-UA Warns CERT-UA has reported the spread of SmokeLoader malware through invoice-themed phishing campaigns, which hijack accounts to send emails with a ZIP package containing a bogus document and JavaScript file. SmokeLoader, which has been active since 2011, can download and install additional malware onto affected devices. The report also details the financial benefit garnered by UAC-0006’s theft of passwords and illegal transfer of money. Additionally, Ukrainian cybersecurity authorities…
Web development involves building and programming websites and apps. It’s different from web design, which focuses on how websites look. Web developers make sure websites work well and are easy to use. They write code using different programming languages depending on what they need to do and which platform they are working on. Web developers are responsible for creating the web pages we use every day. Are you interested in becoming a web designer or improving your web development skills? Web design is a highly competitive field, and staying abreast with the current trends and technologies is crucial. In this…
Gmail users now have access to Google’s free dark web monitoring service, which can detect if their email is being shared on hacking forums. Google One, the search giant’s paid subscription service in the United States, already has a dark web surveillance option for paying subscribers. But at Google I/O 2018, the firm announced that all Gmail users will now receive free security monitoring. The tool may alert you when your Gmail address is posted on the dark web, but it does not appear to monitor other forms of personally identifiable information. Google has announced that in the coming weeks,…
U.S. officials announced on Tuesday that they had destroyed a worldwide network of compromised computers that Russian intelligence personnel had used to spy on the U.S. and its allies for over 20 years. It has been reported that a branch of Russia’s Federal Security Service (FSB) stole classified material from hundreds of infiltrated computer networks in at least 50 countries by using malicious software known as Snake. According to the Russian government, the compromised computers belonged to NATO member governments, journalists, and other individuals of interest. The information was sent back to Russia using hacked computers in the United States and elsewhere.…
“AndoryuBot’ is a new malware botnet that infects unpatched Wi-Fi access points for DDoS assaults using a key Ruckus Wireless Admin panel weakness. CVE-2023-25717 allows remote attackers to execute code on susceptible Ruckus Wireless Admin panels version 10.4 and older by sending unauthenticated HTTP GET requests. February 8, 2023, found and corrected the problem. Many have not installed security upgrades, and end-of-life models affected by the security issue will not receive a fix. Fortinet claims its Ruckus-targeting AndoryuBot debuted in mid-April. Botnet malware recruits susceptible devices to its profit-making DDoS swarm. Malicious HTTP GET requests to infect susceptible devices and…