October 22, 2024

Mexican airport operator purportedly breached by RansomHub

Mexico’s Grupo Aeroportuario del Centro Norte (OMA), which manages over a dozen airports across the country, has reportedly fallen victim to the RansomHub ransomware operation. The threat actors have claimed responsibility for the breach, alleging possession of 3 TB of sensitive data and warning of its exposure should the company fail to comply with their ransom demands, according to The […]
October 10, 2024

Over 200 malicious apps on Google Play downloaded millions of times

Google Play, the official application marketplace for Android, facilitated the distribution of over 200 malicious applications within a one-year period, collectively accumulating nearly eight million downloads. This data was gathered between June 2023 and April 2024 by threat intelligence researchers at Zscaler, who identified and analyzed various malware families present on both Google Play and other distribution platforms. Earlier in […]
September 20, 2024

New Linux malware Hadooken targets Oracle WebLogic servers

Aqua Security’s Nautilus research team recently reported the emergence of a new Linux malware called Hadooken. This malware specifically targets Oracle WebLogic servers to deploy additional malicious software and extract credentials for lateral movement within compromised networks.The Hadooken malware is disseminated through attacks that exploit vulnerabilities associated with weak passwords to gain initial access. Once attackers infiltrate a WebLogic server, […]
September 1, 2024

Linux version of new Cicada ransomware targets VMware ESXi servers

A new ransomware-as-a-service (RaaS) operation is falsely associating itself with the legitimate Cicada 3301 organization and has already listed 19 victims on its extortion portal, targeting companies globally at an alarming pace.This cybercrime operation adopts both the name and logo of the enigmatic 2012-2014 Cicada 3301 online and real-world game, which was known for its complex cryptographic puzzles.However, there is […]
August 29, 2024

China’s Volt Typhoon Hackers Caught Exploiting Zero-Day in Servers Used by ISPs, MSPs

Security researchers at Lumen Technologies have identified Chinese APT group Volt Typhoon leveraging a newly discovered zero-day vulnerability in Versa Director servers to compromise credentials and infiltrate downstream customer networks.The critical vulnerability, CVE-2024-39717, was recently added to the Cybersecurity and Infrastructure Security Agency’s (CISA) list of mandatory patches. Versa Networks confirmed the active exploitation of the zero-day and issued a […]
July 14, 2024

4TB of internaal date allegedly leaked in Austrailan medical research breach

The Medusa ransomware group has claimed responsibility for stealing over four terabytes of data from the Harry Perkins Institute of Medical Research in Western Australia. The group posted on its dark web leak site, stating that 4.6TB of internal building camera recordings had been uploaded. Medusa is demanding a ransom of US$500,000, though it is also willing to sell the […]
June 25, 2024

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks

Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have transitioned from using AutoIt scripts to an AutoHotkey mechanism for the final stages of the attack, highlighting the threat actors’ ongoing efforts to evade detection.These updates were observed in DarkGate version 6, released in March 2024 by its developer, RastaFarEye, who has been offering the program on a subscription basis to […]
June 5, 2024

AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform

Hugging Face, an AI company, revealed on Friday that its Spaces platform experienced unauthorized access earlier this week. We suspect that some Spaces’ secrets may have been accessed without permission, the company shared in an advisory. Spaces is a platform where users can build, host, and share AI and machine learning apps, as well as explore creations by others. Following […]
May 19, 2024

Citrix Releases Security Update For Critical PuTTY Vulnerability In Hypervisor 

There is a critical vulnerability (CVE-2024-31497) in certain versions of Citrix’s Hypervisor virtualization platform that has been disclosed in a security bulletin from Citrix. An issue that stems from XenCenter, the management console for Citrix Hypervisors, has been identified, containing a vulnerable version of PuTTY SSH.Previous versions of XenCenter for Citrix Hypervisor 8.2 CU1 Long Term Service Release (LTSR) included […]
123456789101112131415161718192021222324252627282930313233
Next page

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.