December 25, 2024

UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware

The threat actor identified as UAC-0099 has been associated with ongoing cyberattacks targeting Ukraine, some of which exploit a critical vulnerability in WinRAR to deploy a malware variant known as LONEPAGE. According to cybersecurity firm Deep Instinct, “The threat actor primarily focuses on Ukrainian employees working for foreign companies.” This observation was made in a report published on Thursday. UAC-0099 […]
December 15, 2024

Over 25,000 SonicWall VPN Firewalls exposed to critical flaws

A recent analysis by cybersecurity firm Bishop Fox uncovered that over 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical security flaws, with 20,000 running outdated SonicOS/OSX firmware that is no longer supported by the vendor. The study identified a total of 430,363 publicly exposed SonicWall firewalls, significantly expanding the potential attack surface for cyber threats. Many of these […]
December 3, 2024

Suspected Ukrainian hackers impersonating Russian ministries to spy on industry

According to researchers, a hacker group believed to be linked to Ukraine is conducting a new cyber espionage campaign against the Russian scientific and industrial sectors. The Russian cybersecurity company F.A.C.C.T. detected fraudulent emails that appeared to be from Russia’s Ministry of Industry and Trade. These emails, detailed in a report published on Wednesday, urged local defense industry firms to […]
November 12, 2024

Germany’s cybersecurity is on high alert ahead of elections

Germany is ramping up its cybersecurity efforts ahead of the upcoming elections, with Interior Minister Nancy Faeser emphasizing the importance of strong defenses against cyberattacks and disinformation. She cautioned about potential threats from Russia and other foreign entities, underscoring the need to protect democracy in the digital space.A report from the Federal Office for Information Security highlighted Germany’s susceptibility to […]
October 27, 2024

Over 22,000 CyberPanel Servers at Risk from Critical Vulnerabilities Exploitation by PSAUX Ransomware

CyberPanel, a widely used free web hosting control panel, was recently found to contain vulnerabilities that could allow unauthenticated remote code execution. The discovery was made by a security researcher known as DreyAnd. DreyAnd reported the vulnerabilities to CyberPanel developers, who released patches on October 23. A few days later, on October 27, the researcher publicly shared the technical details […]
October 22, 2024

Mexican airport operator purportedly breached by RansomHub

Mexico’s Grupo Aeroportuario del Centro Norte (OMA), which manages over a dozen airports across the country, has reportedly fallen victim to the RansomHub ransomware operation. The threat actors have claimed responsibility for the breach, alleging possession of 3 TB of sensitive data and warning of its exposure should the company fail to comply with their ransom demands, according to The […]
October 10, 2024

Over 200 malicious apps on Google Play downloaded millions of times

Google Play, the official application marketplace for Android, facilitated the distribution of over 200 malicious applications within a one-year period, collectively accumulating nearly eight million downloads. This data was gathered between June 2023 and April 2024 by threat intelligence researchers at Zscaler, who identified and analyzed various malware families present on both Google Play and other distribution platforms. Earlier in […]
September 20, 2024

New Linux malware Hadooken targets Oracle WebLogic servers

Aqua Security’s Nautilus research team recently reported the emergence of a new Linux malware called Hadooken. This malware specifically targets Oracle WebLogic servers to deploy additional malicious software and extract credentials for lateral movement within compromised networks.The Hadooken malware is disseminated through attacks that exploit vulnerabilities associated with weak passwords to gain initial access. Once attackers infiltrate a WebLogic server, […]
September 1, 2024

Linux version of new Cicada ransomware targets VMware ESXi servers

A new ransomware-as-a-service (RaaS) operation is falsely associating itself with the legitimate Cicada 3301 organization and has already listed 19 victims on its extortion portal, targeting companies globally at an alarming pace.This cybercrime operation adopts both the name and logo of the enigmatic 2012-2014 Cicada 3301 online and real-world game, which was known for its complex cryptographic puzzles.However, there is […]
123456789101112131415161718192021222324252627282930313233
Next page

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.