A naukri.com initiative
Malware News
Cybersecurity-Insiders
1M
169
Image Credit: Cybersecurity-Insiders
What to Do If Hit by Ransomware
- Stay calm and assess the situation. Note the ransom message and identify affected files or systems.
- Disconnect from the network to prevent the spread of ransomware. Do not pay the ransom.
- Try to identify the specific type of ransomware and report the incident to law enforcement.
- Consult security professionals, restore from backups, remove the ransomware, and change passwords.
Read Full Article
10 Likes
Securityaffairs
1M
128
Image Credit: Securityaffairs
International law enforcement operation dismantled RedLine and Meta infostealers
- A global law enforcement operation disrupted RedLine and Meta infostealers, seizing their infrastructure and making arrests.
- RedLine and Meta targeted millions of victims worldwide, making it one of the largest malware platforms globally.
- Authorities from the Netherlands, the United States, Belgium, Portugal, the United Kingdom, and Australia participated in the operation.
- Law enforcement agencies seized servers, domains, and made arrests, aiming to shut down the criminal activities of RedLine and Meta.
Read Full Article
7 Likes
TechCrunch
1M
274
Image Credit: TechCrunch
How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware
- U.S. prosecutors have charged Russian national Maxim Rudometov over his alleged involvement in developing and distributing the Redline password-stealing malware.
- Rudometov's operational security errors, including the use of a known email account and reusing monikers, led to his identification.
- Files retrieved from Rudometov's iCloud account and a publicly viewable profile on VK linked him to Redline.
- Authorities seized servers, domains, and Telegram accounts associated with Redline, stopping the sale of the malware and leading to arrests in Belgium.
Read Full Article
16 Likes
Securityaffairs
1M
178
Image Credit: Securityaffairs
Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766
- Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks.
- CVE-2024-40766 is an Improper Access Control Vulnerability impacting SonicWall SonicOS, the company addressed it in August 2024.
- Threat actors can exploit the vulnerability to gain unauthorized resource access and crash the impacted firewalls.
- Arctic Wolf researchers detected over 30 Akira and Fog ransomware intrusions since August, all leveraging unpatched SonicWall SSL VPNs (CVE-2024-40766).
Read Full Article
10 Likes
Securelist
1M
109
Image Credit: Securelist
Lumma/Amadey: fake CAPTCHAs want to know if you’re human
- Attackers are distributing malware through a fake CAPTCHA as the initial infection vector, which primarily targets gamers by delivering Lumma stealer through websites hosting cracked games.
- The malicious CAPTCHA is spreading through various online resources that have nothing to do with games such as adult sites, anime resources, file-sharing services, betting platforms, and web apps monetizing through traffic now expanding its distribution network to a broader pool of victims.
- Researchers have found that the ad network pushing pages with a malicious CAPTCHA also includes legitimate non-malicious offers where clicking anywhere on a page using the ad module redirects the user to other resources.
- The CAPTCHA delivers not only Lumma but also the Amadey Trojan, making it essential to understand how the attackers and their distribution network operate to avoid falling for the attack.
- Unlike genuine CAPTCHAs designed to protect websites from bots, this imitation serves to promote shady resources.
- The Trojans are distributed through CAPTCHAs with instructions. Once the victim clicks the 'I'm not a robot' button, it copies a line containing Base64-encoded PowerShell commands.
- The malicious PowerShell script ultimately downloads the malicious payload through an obfuscated PowerShell script that steals credentials and cryptocurrency wallets.
- The Lumma stealer searches for files related to cryptocurrencies and steals them, views browser extensions for cryptocurrencies, steals data from them, and searches for password manager archives to exfiltrate their contents to the attackers’ server.
- The same campaign is now spreading the Amadey Trojan credential stealer, VNC system credential stealer, and Remcos remote access tool to the victim’s device, giving the attackers full access to it.
- 140,000 users encountered ad scripts, out of which 20,000+ users were redirected to infected sites that saw fake update notifications or fake CAPTCHAs. Users in Brazil, Spain, Italy, and Russia were most frequently affected.
Read Full Article
6 Likes
Securityaffairs
1M
366
Image Credit: Securityaffairs
Russia-linked espionage group UNC5812 targets Ukraine’s military with malware
- Suspected Russia-linked espionage group UNC5812 targets Ukraine’s military with Windows and Android malware via Telegram.
- UNC5812 used the Telegram channel called 'Civil Defense' and the website civildefense[.]com.ua to distribute malware.
- The group delivered malware disguised as free software programs for viewing and sharing locations of Ukrainian military recruiters.
- UNC5812 conducted influence campaigns to weaken support for Ukraine's mobilization and recruitment efforts.
Read Full Article
22 Likes
Securityaffairs
1M
32
Image Credit: Securityaffairs
A crime ring compromised Italian state databases reselling stolen info
- Italian police have arrested four individuals and are investigating dozens, including Leonardo Maria Del Vecchio, for unauthorized access to state databases.
- Charges include criminal conspiracy, illegal interception, falsification of electronic communications, disclosure of confidential information, aiding and abetting, and extortion.
- The criminal ring allegedly collected a large amount of sensitive data and offered it to customers for various purposes, potentially including spying and blackmail.
- Investigators suspect that foreign intelligence agencies may have also accessed the stolen data.
Read Full Article
1 Like
TechCrunch
1M
265
Image Credit: TechCrunch
Police operation claims takedown of prolific Redline and Meta password stealers
- A coalition of international law enforcement agencies has disrupted the operations of two prolific infostealers.
- The Dutch National Police led the takedown, gaining full access to the servers used by the Redline and Meta infostealers.
- Redline is a highly active and widespread infostealer malware responsible for stealing sensitive data of millions of people.
- The law enforcement agencies obtained usernames, passwords, IP addresses, source code, and other details from the infostealer servers.
Read Full Article
15 Likes
Securityaffairs
1M
384
Image Credit: Securityaffairs
Black Basta affiliates used Microsoft Teams in recent attacks
- ReliaQuest researchers observed Black Basta affiliates relying on Microsoft Teams to gain initial access to target networks.
- Black Basta ransomware affiliates switched to Microsoft Teams, posing as IT support to deceive employees into granting access.
- Threat actors flood employee inboxes with emails, then impersonate IT support on Microsoft Teams to offer help.
- Attackers send QR codes in chats as part of Quishing attempts.
Read Full Article
23 Likes
Securityaffairs
1M
449
Image Credit: Securityaffairs
Security Affairs newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION
- Chinese cyber spies targeted phones used by Trump and Vance
- Irish Data Protection Commission fined LinkedIn €310M for GDPR infringement
- Change Healthcare data breach impacted over 100 million people
- OnePoint Patient Care data breach impacted 795916 individuals
Read Full Article
27 Likes
Securityaffairs
2M
302
Image Credit: Securityaffairs
Change Healthcare data breach impacted over 100 million people
- The Change Healthcare data breach in February 2024 impacted over 100 million people, making it the largest-ever healthcare data breach in the US.
- UnitedHealth Group confirmed that the cyber attack disrupted IT operations of Change Healthcare, affecting more than 100 applications and impacting thousands of pharmacies and healthcare providers.
- Compromised data in the breach includes names, addresses, dates of birth, phone numbers, Social Security numbers, medical records, and more.
- The Alphv/BlackCat ransomware gang claimed responsibility for the attack, with reports suggesting that UnitedHealth paid a $22 million ransom.
Read Full Article
18 Likes
Socprime
2M
362
Image Credit: Socprime
UAC-0218 Attack Detection: Adversaries Steal Files Using HOMESTEEL Malware
- UAC-0218 group is behind phishing attacks using HOMESTEEL malware for file theft.
- SOC Prime Platform has published Sigma rules for UAC-0218 activity detection.
- The phishing emails contain invoice-related subject lures leading to malicious RAR archives.
- The malware facilitates exfiltration of files to an adversary server via HTTP requests.
Read Full Article
21 Likes
Securityaffairs
2M
275
Image Credit: Securityaffairs
OnePoint Patient Care data breach impacted 795916 individuals
- US hospice pharmacy OnePoint Patient Care experienced a data breach that impacted approximately 800,000 individuals.
- The breach resulted in the exposure of personal information, including names, residence info, medical records, and Social Security numbers.
- OnePoint Patient Care detected suspicious network activity on August 8, 2024, prompting an internal investigation and engagement of a forensic security firm.
- The breach was attributed to the INC RANSOM ransomware group, which leaked stolen data after the company refused to pay the ransom.
Read Full Article
16 Likes
Cybersecurity-Insiders
2M
22
Image Credit: Cybersecurity-Insiders
Ransomware threat to Apple MacOS devices
- Ransomware criminals are now targeting Apple's macOS systems, posing a new threat to its users.
- The ransomware known as macOS.NotLockBit encrypts files and deletes data if the ransom is not paid.
- Cybersecurity experts warn that this threat could become more significant if Apple does not implement timely defenses.
- The healthcare sector in the US has seen a surge in ransomware attacks, with 389 organizations affected and significant financial losses incurred.
Read Full Article
1 Like
TechCrunch
2M
440
Image Credit: TechCrunch
UnitedHealth says Change Healthcare hack affects over 100 million, the largest-ever US healthcare data breach
- More than 100 million individuals had their private health information stolen during the ransomware attack on Change Healthcare in February.
- The U.S. Department of Health and Human Services first reported the updated number on its data breach portal on Thursday.
- UHG began notifying affected individuals in late July, which continued through October.
- The stolen personal data includes personal information, such as names and addresses, dates of birth, phone numbers and email addresses, and government identity documents, including Social Security numbers, driver licenses and passport numbers.
- Change Healthcare is one of the largest handlers of health, medical data and patient records as it processes patient insurance and billing across the U.S. healthcare sector.
- The cyberattack became public on February 21 when Change Healthcare pulled much of its network offline to contain the intruders, causing immediate outages across the U.S. healthcare sector.
- In paying the ransom, Change obtained a copy of the stolen dataset, allowing the company to identify and notify the affected individuals whose information was found in the data.
- Corporate consolidation and poor security blamed for data breach.
- According to its 2023 full-year earnings report, UHG made $22 billion in profit on revenues of $371 billion.
- The Justice Department reportedly began cranking up its investigation into UHG and its potential anticompetitive practices in the months prior to the Change Healthcare hack.
Read Full Article
26 Likes
For uninterrupted reading, download the app