menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Malware News

Malware News

source image

Cybersecurity-Insiders

2w

read

348

img
dot

Image Credit: Cybersecurity-Insiders

Cloud Storage buckets holding sensitive information vulnerable to ransomware attacks

  • A recent study by Palo Alto Networks‘ Unit 42 Threat Intelligence reveals that 66% of cloud-stored data is vulnerable to ransomware attacks.
  • Many businesses and individuals fail to implement necessary security measures in their cloud environments, relying on default settings that offer minimal protection.
  • The responsibility of securing data in the cloud falls on both the cloud storage provider and the user, who must implement and manage security tools effectively.
  • To mitigate the risk of ransomware attacks, users should adjust default settings, implement strong encryption protocols, manage access permissions, and stay updated with security patches and best practices.

Read Full Article

like

20 Likes

share

4 Shares

source image

Securityaffairs

2w

read

55

img
dot

Image Credit: Securityaffairs

Researcher releases free GPU-Based decryptor for Linux Akira ransomware

  • A security researcher has released a free decryptor for Linux Akira ransomware that uses GPU power to recover keys through brute force.
  • The researcher, Yohanes Nugroho, implemented a decryption technique that exploits the use of timestamp-based seeds by Akira ransomware to generate unique encryption keys for each file.
  • By analyzing log files, file metadata, and hardware benchmarks, the researcher estimated encryption timestamps, making the brute-forcing of decryption keys more efficient.
  • To speed up the process, Nugroho used sixteen RTX 4090 GPUs through cloud GPU services, reducing the decryption time to 10 hours.

Read Full Article

like

3 Likes

share

Share

source image

Silicon

2w

read

318

img
dot

Image Credit: Silicon

Medusa Ransomware Hits Critical Infrastructure

  • The Medusa ransomware has affected more than 300 organisations in critical infrastructure in the US alone from 2021 up to last month, according to the Cybersecurity and Infrastructure Security Agency (CISA).
  • The group's developers demand ransoms of $100,000 to $15 million, in double-extortion attacks, pressuring organisations to restore encrypted data and prevent exfiltrated data from being published online.
  • Symantec has warned of an increase in Medusa attacks, with an increase of 42% between 2023 and 2024 and twice as many incidents in January and February compared to the previous year.
  • CISA advises organisations to mitigate ransomware by patching security vulnerabilities, segmenting networks, and filtering network traffic to block access from unknown or untrusted sources.

Read Full Article

like

19 Likes

share

4 Shares

source image

TheStartupMag

2w

read

245

img
dot

Image Credit: TheStartupMag

Why Investing in Antivirus for Your Company’s Computers Is Essential

  • Investing in antivirus software is essential for company computers to protect against cyber threats.
  • Antivirus software safeguards sensitive business information, preventing financial and reputational damage.
  • Antivirus software helps prevent malware and ransomware attacks, detecting and blocking suspicious files.
  • Investing in antivirus software enhances employee cybersecurity awareness and improves system performance and efficiency.

Read Full Article

like

14 Likes

share

3 Shares

source image

Securityaffairs

2w

read

56

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 515 by Pierluigi Paganini – INTERNATIONAL EDITION

  • New MassJacker clipper targets pirated software seekers
  • Cisco IOS XR flaw allows attackers to crash BGP process on routers
  • LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.
  • SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

Read Full Article

like

3 Likes

share

Share

source image

Securityaffairs

2w

read

423

img
dot

Image Credit: Securityaffairs

A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.

  • A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.
  • Yap's Health Department detected the cyberattack and shut down the network and digital health systems to contain the threat.
  • The Department is working with government agencies and IT contractors to assess the extent of the breach and restore services.
  • No ransomware group has claimed responsibility for the attack.

Read Full Article

like

25 Likes

share

5 Shares

source image

Securityaffairs

2w

read

402

img
dot

Image Credit: Securityaffairs

New MassJacker clipper targets pirated software seekers

  • A new clipper malware named MassJacker is targeting users searching for pirated software.
  • MassJacker is a clipper malware that intercepts and manipulates clipboard data to redirect cryptocurrency funds.
  • The infection starts from a site distributing pirated software and involves multiple stages of execution.
  • MassJacker is a malware-as-a-service (MaaS), and the stolen funds are likely managed by a single entity.

Read Full Article

like

24 Likes

share

5 Shares

source image

Siliconangle

2w

read

269

img
dot

Image Credit: Siliconangle

Deep Instinct’s approach to cybersecurity: A prevention-first model

  • Deep Instinct Inc. is pioneering a prevention-first model in cybersecurity.
  • Unlike traditional systems, Deep Instinct's DSX platform uses deep neural networks to preemptively detect and block threats.
  • The company's AI-driven prevention model effectively neutralizes AI-generated malware in real-time.
  • Deep Instinct's flexible deployment model allows the application of deep learning core in various use cases.

Read Full Article

like

16 Likes

share

3 Shares

source image

Cybersecurity-Insiders

2w

read

73

img
dot

Image Credit: Cybersecurity-Insiders

Cyber Attack News: Top Headlines Trending on Google

  • Malware impersonating Booking.com targets hospitality sector.
  • Volt Typhoon infiltrates U.S. electric grid since 2023.
  • FCC updates cybersecurity guidelines for undersea cable operators.
  • Cybersecurity Insiders reports on the latest cyber attack news.

Read Full Article

like

4 Likes

share

1 Share

source image

Securityaffairs

2w

read

212

img
dot

Image Credit: Securityaffairs

LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.

  • The US Justice Department announced that the LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.
  • Rostislav Panev, a dual Russian-Israeli national, was arrested in Israel in 2024 and faces charges related to his involvement in the LockBit ransomware operation.
  • The LockBit ransomware group targeted over 2,500 victims worldwide, including 1,800 in the United States, and caused billions in damages by extracting $500 million in ransoms.
  • Panev admitted to coding, developing, and consulting for the LockBit group, including developing code to disable antivirus software, deploy malware, and print ransom notes to victim networks.

Read Full Article

like

12 Likes

share

2 Shares

source image

TechCrunch

2w

read

303

img
dot

Image Credit: TechCrunch

Accused LockBit ransomware developer extradited to the US

  • Rostislav Panev, a dual Russian and Israeli national, has been extradited from Israel to the US.
  • Panev is accused of being a key developer for the LockBit ransomware gang.
  • He was arrested in Israel in December 2024 and had been awaiting extradition.
  • Panev and other LockBit developers designed the gang's malware and maintained its infrastructure.

Read Full Article

like

18 Likes

share

4 Shares

source image

Securityaffairs

2w

read

82

img
dot

Image Credit: Securityaffairs

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

  • Operators behind the SuperBlack ransomware exploited two vulnerabilities in Fortinet firewalls for recent attacks.
  • Threat actor named 'Mora_001' used Russian-language artifacts and exhibited unique operational signature.
  • SuperBlack ransomware is tracked as an independent entity capable of independent intrusions.
  • Exploited vulnerabilities include CVE-2024-55591 and CVE-2025-24472 in FortiOS and FortiProxy.

Read Full Article

like

4 Likes

share

1 Share

source image

Cybersecurity-Insiders

2w

read

325

img
dot

Image Credit: Cybersecurity-Insiders

FBI alerts Gmail users over Medusa Ransomware

  • The FBI issued an urgent warning to Gmail users regarding the Medusa Ransomware hacking campaign.
  • Medusa Ransomware has compromised around 300 targets through phishing scams and unpatched software vulnerabilities.
  • The campaign aims to extort money from victims while also being involved in espionage activities.
  • Experts advise caution, enabling 2FA, updating systems, and avoiding unsecure networks to protect against Medusa Ransomware.

Read Full Article

like

19 Likes

share

4 Shares

source image

Socprime

2w

read

56

img
dot

Image Credit: Socprime

Medusa Ransomware Detection: The FBI, CISA & Partners Warn of Increasing Attacks by Ransomware Developers and Affiliates Against Critical Infrastructure

  • Ransomware recovery costs have surged to $2.73 million in 2024, marking a 500% increase from 2023.
  • The FBI, CISA, and MS-ISAC issued a joint advisory on Medusa ransomware, affecting 300+ victims in critical infrastructure.
  • Medusa ransomware differs from MedusaLocker and Medusa mobile malware.
  • Recent AA25-071A advisory underscores evolving ransomware threats targeting organizations of all sizes.
  • SOC Prime Platform offers rule collections for detecting Medusa ransomware TTPs early and effectively.
  • Detection rules are MITRE ATT&CK mapped, enriched with threat intel, and compatible with various security solutions.
  • Organizations can utilize Uncoder AI for quick IOC hunting based on the Medusa ransomware advisory.
  • Medusa ransomware actors use double extortion, exploit vulnerabilities, and employ various tools for network infiltration.
  • Detection evasion tactics include obfuscation methods, PowerShell history deletion, and disabling EDR solutions.
  • Security measures against Medusa ransomware include secure backups, strong passwords, patching, and cyber hygiene practices.

Read Full Article

like

3 Likes

share

Share

source image

Securityaffairs

2w

read

178

img
dot

Image Credit: Securityaffairs

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

  • North Korea-linked APT group ScarCruft has been using a new Android spyware called KoSpy to target Korean and English-speaking users.
  • KoSpy has been observed masquerading as utility apps like Phone Manager and File Manager, and has been distributed through the Google Play Store and Firebase Firestore.
  • The spyware collects SMS, calls, location, files, audio, and screenshots through plugins, and communicates with its C2 servers for further exploitation.
  • Researchers have found connections between KoSpy, APT37, and APT43, suggesting broader cyber-espionage operations targeting Korean users.

Read Full Article

like

10 Likes

share

2 Shares

Prev

1
2
3
4
5
6
7
8
9
10

Next

For uninterrupted reading, download the app