menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Malware News

Malware News

source image

Insider

1M

read

264

img
dot

Image Credit: Insider

What you need to know about the 'Ghost' cyberattacks and why the FBI is concerned

  • The FBI has issued a warning about a Chinese ransomware group called Ghost.
  • Ghost has attacked critical infrastructure, schools, and businesses in over 70 countries.
  • The FBI advises using security updates and multifactor authentication to prevent ransomware attacks.
  • Ghost actors exploit common vulnerabilities in organizations' software and demand ransom for stolen data.

Read Full Article

like

15 Likes

share

3 Shares

source image

Pymnts

1M

read

4

img
dot

Image Credit: Pymnts

Ransomware Group Black Basta’s Internal Communications Leaked Online

  • More than 200,000 messages from ransomware group Black Basta have been leaked online.
  • The leaked messages expose the group's tactics and internal rift among its members.
  • It is unclear if the leaker was an insider or someone who gained access to Black Basta's communications.
  • Black Basta had targeted 12 of America's critical infrastructure sectors in attacks on 500 organizations worldwide.

Read Full Article

like

Like

share

Share

source image

Securityaffairs

1M

read

435

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 512 by Pierluigi Paganini – INTERNATIONAL EDITION

  • Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever
  • Apple removes iCloud encryption in UK following backdoor demand
  • US CISA adds Craft CMS and Palo Alto Networks PAN-OS flaws to its Known Exploited Vulnerabilities catalog
  • Atlassian fixed critical flaws in Confluence and CrowdSalt

Read Full Article

like

26 Likes

share

6 Shares

source image

Arstechnica

1M

read

386

img
dot

Image Credit: Arstechnica

Leaked chat logs expose inner workings of secretive ransomware group

  • Leaked chat logs of Black Basta, a prominent ransomware group, have been published online.
  • The leak exposes tactics, trade secrets, and internal rifts of the group's members.
  • The logs consist of more than 200,000 messages sent over the Matrix chat platform from September 2023 to September 2024.
  • The motive of the leak and the identity of the leaker remain unknown.

Read Full Article

like

23 Likes

share

5 Shares

source image

Arstechnica

1M

read

292

img
dot

Image Credit: Arstechnica

Notorious crooks broke into a company network in 48 minutes. Here’s how.

  • In December, a manufacturing company experienced a rapid intrusion into its network.
  • A tsunami of phishing messages overwhelmed employees, allowing attackers to access the network in just 48 minutes.
  • Ransomware attacks have encouraged security companies and customers to become better at detecting breaches.
  • Attackers are adapting by acting swiftly, reducing the breakout time by 22% compared to the previous year.

Read Full Article

like

17 Likes

share

4 Shares

source image

TechCrunch

1M

read

260

img
dot

Image Credit: TechCrunch

A huge trove of leaked Black Basta chat logs expose the ransomware gang’s key members and victims

  • Chat logs allegedly belonging to Black Basta ransomware group have been leaked online, exposing key members of the gang.
  • The leaked chat logs show internal conflict within the group and reveal targets that were previously unreported.
  • The chat logs contain details about key members, including the main administrator and a 17-year-old member.
  • The logs also provide insights into the group's operations, including victims, exploits used, and cybersecurity vulnerabilities exploited.

Read Full Article

like

15 Likes

share

3 Shares

source image

Securityaffairs

1M

read

323

img
dot

Image Credit: Securityaffairs

B1ack’s Stash released 1 Million credit cards

  • Carding website B1ack’s Stash released a collection of over 1 million unique credit and debit cards.
  • The release of free samples aims to attract new customers and gain notoriety in the cybercrime ecosystem.
  • The leaked data includes PAN, expiration date, CVV2, personal details, and email address.
  • Banking institutions should monitor the dark web to prevent fraudulent activities.

Read Full Article

like

19 Likes

share

4 Shares

source image

Securelist

1M

read

89

img
dot

Image Credit: Securelist

Angry Likho: Old beasts in a new forest

  • Angry Likho, an APT group, resembling Awaken Likho, focuses on targeted attacks on employees of large organizations, mainly in Russia and Belarus.
  • Their attacks involve spear-phishing emails with malicious attachments, including a self-extracting archive named FrameworkSurvivor.exe.
  • The implant in the archive hides the Lumma Trojan stealer, aimed at stealing sensitive data such as banking details, usernames, passwords, and more.
  • The group uses obfuscation techniques in their scripts to hide their activities, making analysis complex.
  • Angry Likho's recent surge in activity in January 2025 indicates ongoing threats, with hundreds of victims in Russia and Belarus.
  • The attackers target specific users with tailored spear-phishing emails and use malicious utilities from darknet forums for their operations.
  • To defend against such attacks, organizations need robust security solutions, employee training, and awareness programs.
  • The group's attack techniques remain consistent with periodic pauses, suggesting strategic planning in their operations.
  • The report provides indicators of compromise, including file hashes, implants, bait files, and malicious domains associated with Angry Likho's activities.
  • Monitoring and updating cyber intelligence data on such APT groups are essential to combat evolving cybersecurity threats effectively.

Read Full Article

like

5 Likes

share

1 Share

source image

Securityaffairs

1M

read

324

img
dot

Image Credit: Securityaffairs

Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers

  • China-linked APT group Salt Typhoon utilizes custom malware JumbledPath to spy on U.S. telecom providers, as reported by Cisco Talos researchers.
  • The APT group has been active since at least 2019, targeting government entities and telecom companies globally.
  • Salt Typhoon exploited Cisco vulnerabilities, breached U.S. telecom networks, and utilized GRE tunnels for data exfiltration.
  • Stolen credentials, network config captures, and intercepted traffic were used by Salt Typhoon for further access inside networks.
  • The group manipulated network settings, used JumbledPath tool for packet capture, and attempted evasion techniques.
  • In December 2024, Salt Typhoon targeted a Myanmar-based telecom provider, with IOCs and mitigation recommendations provided in the report.
  • The group also compromised Charter Communications and Windstream, exploiting vulnerabilities in major network device vendors.
  • Salt Typhoon breached a ninth U.S. telecom as part of a global cyberespionage campaign aimed at telco firms, confirmed by a White House official.
  • President Biden's national security adviser disclosed breaches in telecommunications companies globally by the China-linked APT group.
  • Lumen, AT&T, and Verizon reported securing networks post-cyberespionage attempts by Salt Typhoon, active for 1-2 years targeting telcos worldwide.

Read Full Article

like

19 Likes

share

4 Shares

source image

Medium

1M

read

427

img
dot

Image Credit: Medium

Thread Call Stack Cleaning

  • Stack cleaning is a technique used to remove traces of injected or suspicious execution paths from a thread's call stack.
  • By manipulating the return addresses in the call stack, stack cleaning can help malware evade detection by security tools.
  • The process involves suspending the thread, retrieving the execution context, reading memory from the stack, zeroing out the stack values, and restoring the original context.
  • Stack cleaning combined with other evasion techniques can improve stealth and persistence of malware, but advanced security solutions can still detect suspicious activity.

Read Full Article

like

25 Likes

share

6 Shares

source image

Kaspersky

1M

read

175

img
dot

Image Credit: Kaspersky

The complete story of the 2024 ransomware attack on UnitedHealth

  • UnitedHealth Group, a major health-insurance company, was hit by a ransomware attack in 2024, causing significant disruptions.
  • The attack targeted Change Healthcare, a platform acquired by UnitedHealth, impacting insurance claims processing.
  • Recovery efforts took months, with some systems remaining partially available even a year later.
  • The attackers bypassed two-factor authentication on the Citrix portal to initiate the attack.
  • UnitedHealth Group paid a $22 million ransom to the BlackCat/ALPHV gang, leading to further complications.
  • The cybercriminals claimed to have stolen extensive sensitive data, including medical records and financial documents.
  • The financial losses for UnitedHealth from the breach were estimated at over $3 billion by the end of the year.
  • Initial estimates of affected individuals at 100 million later rose to 190 million, revealing the massive impact of the breach.
  • Lessons from the attack include the critical need for two-factor authentication and robust cybersecurity practices.
  • Companies are advised to implement multilayered defenses, raise employee awareness, and engage external threat-hunting services.

Read Full Article

like

10 Likes

share

2 Shares

source image

VentureBeat

1M

read

328

img
dot

Image Credit: VentureBeat

The cyber insurance reckoning: Why AI-powered attacks are breaking coverage (and what comes next)

  • Standard business insurance policies typically do not cover losses from cyber attacks, making cybersecurity insurance increasingly important as AI-powered attacks grow in complexity.
  • Cybersecurity-specific insurance policies provide coverage for remediation costs and recovery efforts, but can be complex to navigate with various exclusions and sub-limits.
  • Cyber insurance covers first-party and third-party damages, but may have restrictions on ransomware payments and may not cover social engineering attacks or insider threats.
  • Insurance providers look for strong security measures in companies before offering quotes, such as zero-trust capabilities, multifactor authentication, and incident response plans.
  • Companies can reduce cyber insurance premiums by demonstrating compliance with security frameworks like NIST or ISO 27001 and conducting regular risk assessments.
  • Policies should clearly define coverage for extortion expenses, computer systems, lost income, data restoration, and types of threats by attackers.
  • Top-reported cyber insurance claims in 2024 included BEC, FTF, and ransomware, with varying claim amounts ranging from $1,000 to over $500 million.
  • Predictions for 2025 include increased premiums, expanded coverage for CISOs due to SEC scrutiny, and requirements for robust third-party risk management programs.
  • Insurers are emphasizing the need for clients to implement strong cybersecurity measures to mitigate risks and qualify for cyber insurance coverage.

Read Full Article

like

19 Likes

share

4 Shares

source image

Secureerpinc

1M

read

270

img
dot

Image Credit: Secureerpinc

Cyber Insurance: A Key Defense Against Ransomware

  • More companies are taking out cyber insurance policies to protect themselves from financial losses arising from data breaches and cyberattacks, including ransomware.
  • Cyber insurance covers costs related to ransom payments, data recovery, legal fees, regulatory fines, customer notification, and business interruptions.
  • The insurance also provides assistance with incident response, such as forensic investigation and public relations efforts to protect or restore the company's reputation.
  • When considering cyber insurance, businesses should evaluate their risk profiles, existing security infrastructure, critical assets, security incident history, data sensitivity, geographic location, and desired level of coverage.

Read Full Article

like

16 Likes

share

3 Shares

source image

Securityaffairs

1M

read

391

img
dot

Image Credit: Securityaffairs

NailaoLocker ransomware targets EU healthcare-related entities

  • NailaoLocker ransomware targeted European healthcare organizations between June and October 2024.
  • The malware campaign, called The Green Nailao, involved the use of ShadowPad, PlugX, and the newly discovered NailaoLocker ransomware.
  • The attack exploited a zero-day vulnerability in Check Point VPN appliances, allowing the threat actors to access sensitive information and move laterally through the network.
  • Although the campaign shares similarities with China-linked APT groups, attribution remains uncertain.

Read Full Article

like

23 Likes

share

5 Shares

source image

TechCrunch

1M

read

94

img
dot

Image Credit: TechCrunch

UK healthcare giant HCRG confirms hack after ransomware gang claims theft of sensitive data

  • U.K. healthcare giant HCRG Care Group is investigating a cybersecurity incident after a ransomware gang claimed to have breached the company’s systems and stolen sensitive data.
  • The Medusa ransomware group has allegedly stolen more than two terabytes of data, including employees’ personal information, medical records, financial records, and government identification documents.
  • HCRG has confirmed the incident and is working with external forensic specialists to investigate. It has informed the Information Commissioner's Office and other regulators.
  • The Medusa ransomware group is demanding a $2 million ransom from HCRG, threatening to publish the stolen data if the payment is not made.

Read Full Article

like

5 Likes

share

1 Share

Prev

1
2
3
4
5
6
7
8
9
10

Next

For uninterrupted reading, download the app