Malware News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Malware News

Arstechnica

334

Image Credit: Arstechnica

Leaked chat logs expose inner workings of secretive ransomware group

Leaked chat logs of Black Basta, a prominent ransomware group, have been published online.
The leak exposes tactics, trade secrets, and internal rifts of the group's members.
The logs consist of more than 200,000 messages sent over the Matrix chat platform from September 2023 to September 2024.
The motive of the leak and the identity of the leaker remain unknown.

Read Full Article

20 Likes

Arstechnica

253

Image Credit: Arstechnica

Notorious crooks broke into a company network in 48 minutes. Here’s how.

In December, a manufacturing company experienced a rapid intrusion into its network.
A tsunami of phishing messages overwhelmed employees, allowing attackers to access the network in just 48 minutes.
Ransomware attacks have encouraged security companies and customers to become better at detecting breaches.
Attackers are adapting by acting swiftly, reducing the breakout time by 22% compared to the previous year.

Read Full Article

15 Likes

TechCrunch

226

Image Credit: TechCrunch

A huge trove of leaked Black Basta chat logs expose the ransomware gang’s key members and victims

Chat logs allegedly belonging to Black Basta ransomware group have been leaked online, exposing key members of the gang.
The leaked chat logs show internal conflict within the group and reveal targets that were previously unreported.
The chat logs contain details about key members, including the main administrator and a 17-year-old member.
The logs also provide insights into the group's operations, including victims, exploits used, and cybersecurity vulnerabilities exploited.

Read Full Article

13 Likes

Securityaffairs

281

Image Credit: Securityaffairs

B1ack’s Stash released 1 Million credit cards

Carding website B1ack’s Stash released a collection of over 1 million unique credit and debit cards.
The release of free samples aims to attract new customers and gain notoriety in the cybercrime ecosystem.
The leaked data includes PAN, expiration date, CVV2, personal details, and email address.
Banking institutions should monitor the dark web to prevent fraudulent activities.

Read Full Article

16 Likes

Discover more

Securelist

Image Credit: Securelist

Angry Likho: Old beasts in a new forest

Angry Likho, an APT group, resembling Awaken Likho, focuses on targeted attacks on employees of large organizations, mainly in Russia and Belarus.
Their attacks involve spear-phishing emails with malicious attachments, including a self-extracting archive named FrameworkSurvivor.exe.
The implant in the archive hides the Lumma Trojan stealer, aimed at stealing sensitive data such as banking details, usernames, passwords, and more.
The group uses obfuscation techniques in their scripts to hide their activities, making analysis complex.
Angry Likho's recent surge in activity in January 2025 indicates ongoing threats, with hundreds of victims in Russia and Belarus.
The attackers target specific users with tailored spear-phishing emails and use malicious utilities from darknet forums for their operations.
To defend against such attacks, organizations need robust security solutions, employee training, and awareness programs.
The group's attack techniques remain consistent with periodic pauses, suggesting strategic planning in their operations.
The report provides indicators of compromise, including file hashes, implants, bait files, and malicious domains associated with Angry Likho's activities.
Monitoring and updating cyber intelligence data on such APT groups are essential to combat evolving cybersecurity threats effectively.

Read Full Article

4 Likes

Secureerpinc

239

Image Credit: Secureerpinc

Cyber Insurance: A Key Defense Against Ransomware

More companies are taking out cyber insurance policies to protect themselves from financial losses arising from data breaches and cyberattacks, including ransomware.
Cyber insurance covers costs related to ransom payments, data recovery, legal fees, regulatory fines, customer notification, and business interruptions.
The insurance also provides assistance with incident response, such as forensic investigation and public relations efforts to protect or restore the company's reputation.
When considering cyber insurance, businesses should evaluate their risk profiles, existing security infrastructure, critical assets, security incident history, data sensitivity, geographic location, and desired level of coverage.

Read Full Article

14 Likes

TechCrunch

Image Credit: TechCrunch

UK healthcare giant HCRG confirms hack after ransomware gang claims theft of sensitive data

U.K. healthcare giant HCRG Care Group is investigating a cybersecurity incident after a ransomware gang claimed to have breached the company’s systems and stolen sensitive data.
The Medusa ransomware group has allegedly stolen more than two terabytes of data, including employees’ personal information, medical records, financial records, and government identification documents.
HCRG has confirmed the incident and is working with external forensic specialists to investigate. It has informed the Information Commissioner's Office and other regulators.
The Medusa ransomware group is demanding a $2 million ransom from HCRG, threatening to publish the stolen data if the payment is not made.

Read Full Article

5 Likes

Socprime

207

Image Credit: Socprime

Ghost (Cring) Ransomware Detection: The FBI, CISA, and Partners Warn of Increasing China-Backed Group’s Attacks for Financial Gain

The FBI, CISA, and partners issue a joint alert warning of increasing Ghost (Cring) ransomware attacks by China-backed hackers for financial gain globally.
Ransomware recovery costs have surged to $2.73M in 2024, driving the need for advanced detection methods and cyber defense technology.
SOC Prime Platform offers detection rules to combat Ghost (Cring) ransomware, mapped to the MITRE ATT&CK framework for streamlined threat investigation.
Security professionals can access a broad set of detection rules compatible with various security solutions to detect vulnerability exploitation threats.
China-backed APT groups have been targeting organizations across 70+ countries since early 2021 using outdated software vulnerabilities and sophisticated attack techniques.
Ghost (Cring) ransomware operators leverage tools like Cobalt Strike, Mimikatz, and ransomware executables like Cring.exe and ElysiumO.exe to execute attacks and evade defenses.
Defenders recommend cybersecurity best practices such as maintaining backups, patching systems, and implementing MFA to mitigate the risks of Ghost (Cring) ransomware attacks.
The group employs ransom notes threatening data sale if ransoms are unpaid but rarely exfiltrates large data amounts, relying on encrypted email services for communication.
They disable security measures, encrypt files, clear logs, and hinder recovery efforts to maximize impact, emphasizing swift ransomware deployment over persistence.
To combat the increasing threats posed by Ghost (Cring) ransomware attacks, organizations are advised to enhance their cybersecurity posture and adopt proactive defense strategies.

Read Full Article

12 Likes

Cybersecurity-Insiders

223

Image Credit: Cybersecurity-Insiders

Ransomware attacks on Food and Agriculture sector could intensify

Ransomware attacks on Food and Agriculture sectors may intensify, according to a report.
Ransomware attacks in the sector increased by 27% in 2024.
These attacks put both customers and partners at risk, potentially causing shortages and supply chain disruptions.
New ransomware groups, such as RansomHub, are targeting the Food and Agriculture sectors.

Read Full Article

13 Likes

Securityaffairs

343

Image Credit: Securityaffairs

Security Affairs newsletter Round 512 by Pierluigi Paganini – INTERNATIONAL EDITION

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever
Apple removes iCloud encryption in UK following backdoor demand
US CISA adds Craft CMS and Palo Alto Networks PAN-OS flaws to its Known Exploited Vulnerabilities catalog
Atlassian fixed critical flaws in Confluence and CrowdSalt

Read Full Article

20 Likes

Securityaffairs

285

Image Credit: Securityaffairs

Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers

China-linked APT group Salt Typhoon utilizes custom malware JumbledPath to spy on U.S. telecom providers, as reported by Cisco Talos researchers.
The APT group has been active since at least 2019, targeting government entities and telecom companies globally.
Salt Typhoon exploited Cisco vulnerabilities, breached U.S. telecom networks, and utilized GRE tunnels for data exfiltration.
Stolen credentials, network config captures, and intercepted traffic were used by Salt Typhoon for further access inside networks.
The group manipulated network settings, used JumbledPath tool for packet capture, and attempted evasion techniques.
In December 2024, Salt Typhoon targeted a Myanmar-based telecom provider, with IOCs and mitigation recommendations provided in the report.
The group also compromised Charter Communications and Windstream, exploiting vulnerabilities in major network device vendors.
Salt Typhoon breached a ninth U.S. telecom as part of a global cyberespionage campaign aimed at telco firms, confirmed by a White House official.
President Biden's national security adviser disclosed breaches in telecommunications companies globally by the China-linked APT group.
Lumen, AT&T, and Verizon reported securing networks post-cyberespionage attempts by Salt Typhoon, active for 1-2 years targeting telcos worldwide.

Read Full Article

17 Likes

Medium

377

Image Credit: Medium

Thread Call Stack Cleaning

Stack cleaning is a technique used to remove traces of injected or suspicious execution paths from a thread's call stack.
By manipulating the return addresses in the call stack, stack cleaning can help malware evade detection by security tools.
The process involves suspending the thread, retrieving the execution context, reading memory from the stack, zeroing out the stack values, and restoring the original context.
Stack cleaning combined with other evasion techniques can improve stealth and persistence of malware, but advanced security solutions can still detect suspicious activity.

Read Full Article

22 Likes

Kaspersky

155

Image Credit: Kaspersky

The complete story of the 2024 ransomware attack on UnitedHealth

UnitedHealth Group, a major health-insurance company, was hit by a ransomware attack in 2024, causing significant disruptions.
The attack targeted Change Healthcare, a platform acquired by UnitedHealth, impacting insurance claims processing.
Recovery efforts took months, with some systems remaining partially available even a year later.
The attackers bypassed two-factor authentication on the Citrix portal to initiate the attack.
UnitedHealth Group paid a $22 million ransom to the BlackCat/ALPHV gang, leading to further complications.
The cybercriminals claimed to have stolen extensive sensitive data, including medical records and financial documents.
The financial losses for UnitedHealth from the breach were estimated at over $3 billion by the end of the year.
Initial estimates of affected individuals at 100 million later rose to 190 million, revealing the massive impact of the breach.
Lessons from the attack include the critical need for two-factor authentication and robust cybersecurity practices.
Companies are advised to implement multilayered defenses, raise employee awareness, and engage external threat-hunting services.

Read Full Article

9 Likes

VentureBeat

290

Image Credit: VentureBeat

The cyber insurance reckoning: Why AI-powered attacks are breaking coverage (and what comes next)

Standard business insurance policies typically do not cover losses from cyber attacks, making cybersecurity insurance increasingly important as AI-powered attacks grow in complexity.
Cybersecurity-specific insurance policies provide coverage for remediation costs and recovery efforts, but can be complex to navigate with various exclusions and sub-limits.
Cyber insurance covers first-party and third-party damages, but may have restrictions on ransomware payments and may not cover social engineering attacks or insider threats.
Insurance providers look for strong security measures in companies before offering quotes, such as zero-trust capabilities, multifactor authentication, and incident response plans.
Companies can reduce cyber insurance premiums by demonstrating compliance with security frameworks like NIST or ISO 27001 and conducting regular risk assessments.
Policies should clearly define coverage for extortion expenses, computer systems, lost income, data restoration, and types of threats by attackers.
Top-reported cyber insurance claims in 2024 included BEC, FTF, and ransomware, with varying claim amounts ranging from $1,000 to over $500 million.
Predictions for 2025 include increased premiums, expanded coverage for CISOs due to SEC scrutiny, and requirements for robust third-party risk management programs.
Insurers are emphasizing the need for clients to implement strong cybersecurity measures to mitigate risks and qualify for cyber insurance coverage.

Read Full Article

17 Likes

Securityaffairs

346

Image Credit: Securityaffairs

NailaoLocker ransomware targets EU healthcare-related entities

NailaoLocker ransomware targeted European healthcare organizations between June and October 2024.
The malware campaign, called The Green Nailao, involved the use of ShadowPad, PlugX, and the newly discovered NailaoLocker ransomware.
The attack exploited a zero-day vulnerability in Check Point VPN appliances, allowing the threat actors to access sensitive information and move laterally through the network.
Although the campaign shares similarities with China-linked APT groups, attribution remains uncertain.

Read Full Article

20 Likes

For uninterrupted reading, download the app