Ransomware access broker steals accounts via Microsoft Teams phishing
In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file
Read More...
Cisco warns of VPN zero-day exploited by ransomware gangs
The medium severity zero-day allows unauthorized remote attackers to conduct brute force attacks against existing accounts
Read More...
Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware
Targets include internet backbone infrastructure and healthcare entities in Europe and the U.S
Read More...
Akira ransomware targets Cisco VPNs to breach organizations
Akira has been using compromised Cisco VPN accounts to breach corporate networks without needing to drop additional backdoors
Read More...
Rhysida ransomware behind recent attacks on healthcare
They primarily attack education, government, manufacturing, and technology and managed service provider sectors
Read More...
Linux version of Akira ransomware targets VMware ESXi servers
By targeting ESXi servers, a threat actor can encrypt many servers running as virtual machines in a single run of the ransomware encryptor
Read More...
New Buhti ransomware operation uses rebranded LockBit and Babuk payloads
The ransomware operation doesn't have its own ransomware payload, however, it uses a custom information stealer to target specified file types
Read More...
Critical Infrastructure Organizations Warned of BianLian Ransomware Attacks
The gang has been observed gaining access to victim networks via remote desktop protocol (RDP) credentials that were likely acquired from initial access brokers or via phishing attacks
Read More...
Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers
These add too many other unique, non-Babuk-based ransomware strains targeting VMware ESXi virtual machines discovered in the wild for several years
Read More...
New Cactus ransomware encrypts itself to evade antivirus
Researchers found that Cactus obtains initial access into the victim network by exploiting known vulnerabilities in Fortinet VPN appliances
Read More...