August 1, 2024

Possible APT28-linked hackers target Ukraine’s scientific institutions

A recent cyber-espionage campaign targeting Ukraine’s scientific and research institutions has been linked to APT28, a Kremlin-backed group associated with Russia’s military intelligence (GRU). Researchers from CERT-UA identified the involvement of the UAC-0063 group, which used malware strains Hatvibe and Cherryspy in July attacks. Hatvibe enables the execution of additional files on infected devices, while Cherryspy allows attackers to run […]
July 24, 2024

CrowdStrike impact update: More than 5,000 flights cancelled

Software update has caused significant global IT disruptions, leading to canceled flights, interruptions in healthcare services, and potential payroll issues. The company responsible has issued an apology, but industry experts caution that resolving issues such as “blue screens of death” and endless loops may take weeks.One of the most severely affected sectors is aviation. According to updated figures from the […]
June 20, 2024

Ransomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools

Ransomware activity increased in 2023 compared to 2022, according to Google-owned Mandiant.This is despite broadscale law enforcement operations against prominent ransomware groups, including ALPHV/BlackCat. In 2023, Mandiant noted a rise in ransomware activity, reflected by more posts on data leak sites and a moderate increase in ransomware investigations. Around a third of new ransomware families were variants of existing ones. […]
May 25, 2024

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation

Google has announced that it patched its 10th zero-day exploit of 2024. The vulnerability, tagged as CVE-2024-7965, was found in Google Chrome and is linked to an issue in V8, Chrome’s JavaScript engine. This flaw, present in versions before 128.0.6613.84, could allow attackers to exploit heap corruption using a crafted HTML page. The problem, described as an “inappropriate implementation in […]
March 13, 2024

Researchers Uncover Kubernetes Flaw allowing Full Control of Windows Nodes

There is a vulnerability that allows remote code execution with SYSTEM privileges on all Windows machines within a Kubernetes cluster. Tracked as CVE-2023-5528 (CVSS score: 7.2), the shortcoming affects all versions of Kubelet, both prior to and after version 1.8.0. A successful exploit of the vulnerability could result in the complete takeover of all Windows nodes in a cluster, and it […]
March 4, 2024

NTLM authentication hashes are stolen during phishing attacks by hackers

As a result of a recent shift in tactics, the hacking group known as TA577 has employed phishing emails to steal the authentication hashes of NT LAN Manager (NTLM) accounts in order to use them for account hijackings. The NTLM hash is a key component of Windows authentication and session security and can be used for offline password cracking to […]
February 29, 2024

Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors

Suspected Iran-nexus espionage activity targeting the aerospace, aviation and defense industries in Middle East countries, including Israel and the United Arab Emirates (UAE) and potentially Turkey, India, and Albania. Mandiant attributes this activity with moderate confidence to the Iranian actor UNC1549, which overlaps with Tortoiseshell—a threat actor that has been publicly linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). Tortoiseshell […]
February 29, 2024

Black Basta ransomware attacks ZircoDATA company

ZircoDATA is the leading provider of secure document storage and records management (RIM) solutions from information governance and digital conversion to storage, language services and secure shredding since 1995.ZircoDATA has been attacked by the Black Basta Group, claiming 395 GB of data, including financial documents, personal user folders, and confidentiality agreements. There are at least 46 passport scans and 12 […]
June 8, 2023

MOVEit extortion attacks claimed by Clop ransomware gang

The Clop ransomware gang has confirmed that they are behind the MOVEit Transfer attacks where they have been exploiting a zero-day vulnerability to breach servers belonging to “hundreds of companies” and steal data. It has been revealed that the gang had started exploiting the vulnerability on Saturday 27th of May 2023, during the US Memorial Day holiday. At this time, the […]
1234567891011121314151617
Next page

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.