Russians plead guilty to involvement in LockBit ransomware attacks
Two Russian individuals admitted to participating in many LockBit ransomware attacks, which targeted victims worldwide and across the United States.
According to a Justice Department press release on Thursday, Russian national Ruslan Magomedovich Astamirov and Canadian/Russian national Mikhail Vasiliev were both affiliates of LockBit's ransomware-as-a-service operation.
LockBit affiliates like Vasiliev and Astamirov would identify and breach vulnerable systems on victims'...
CRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake tool
Image: Midjourney
A new threat actor known as CRYSTALRAY has significantly broadened its targeting scope with new tactics and exploits, now counting over 1,500 victims whose credentials were stolen and cryptominers deployed.
This is being reported by researchers at Sysdig, who have tracked the threat actor since February, when they first reported their use of the SSH-Snake open-source worm to spread laterally on breached networks.
SSH-snake is an open-source...
GitLab: Critical bug lets attackers run pipelines as other users
GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user.
The GitLab DevSecOps platform has over 30 million registered users and is used by over 50% of Fortune 100 companies, including T-Mobile, Goldman Sachs, Airbus, Lockheed Martin, Nvidia, and UBS.
The flaw patched in today's security update is tracked as CVE-2024-6385, and it received a CVSS base score severity rating of 9.6...
Avast releases free decryptor for DoNex ransomware and past variants
Antivirus company Avast have discovered a weakness in the cryptographic scheme of the DoNex ransomware family and released a decryptor so victims can recover their files for free.
The company says it has been working with law enforcement to privately provide the decryptor to DoNex ransomware victims since March 2024. Cybersecurity vendors commonly distribute decryptors in this manner to prevent the threat actors from learning about the bug and fixing it.
The flaw was...
Router maker's support portal hacked, replies with MetaMask phishing
BleepingComputer has verified that the helpdesk portal of a router maker is currently sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise.
The Canadian router manufacturer, Mercku provides equipment to Canadian and European Internet Service providers (ISP) and networking companies including Start.ca, FibreStream, Innsys, RealNett, Orion Telekom, and Kelcom.
Support tickets acknowledged with MetaMask phishing...
Cisco warns of NX-OS zero-day exploited to deploy custom malware
Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches.
Cybersecurity firm Sygnia, who reported the incidents to Cisco, linked the attacks to a Chinese state-sponsored threat actor it tracks as Velvet Ant.
"Sygnia detected this exploitation during a larger forensic investigation into the China-nexus cyberespionage group we are tracking as Velvet Ant," Amnon Kushnir, Director of Incident Response at...
Alleged Scattered Spider sim-swapper arrested in Spain
A 22-year-old British national allegedly linked to the Scattered Spider hacking group and responsible for attacks on 45 U.S. companies has been arrested in Palma de Mallorca, Spain.
The suspect is suspected of being a leader of a cybercrime gang dedicated to stealing data and cryptocurrencies from organizations and then extorting them for not publishing sensitive data.
"The modus operandi consisted of obtaining access credentials from individuals through phishing techniques, which were...
Hackers use F5 BIG-IP malware to stealthily steal data for years
A group of suspected Chinese cyberespionage actors named 'Velvet Ant' are deploying custom malware on F5 BIG-IP appliances to gain a persistent connection to the internal network and steal data.
According to a Sygnia report who discovered the intrusion after they were called in to investigate the cyberattack, Velvet Ant established multiple footholds using various entry points across the network, including a legacy F5 BIG-IP appliance that served as an internal command and...
CISA warns of Windows bug exploited in ransomware attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs.
Tracked as CVE-2024-26169, this security flaw is caused by an improper privilege management weakness in the Windows Error Reporting service. Successful exploitation lets local attackers gain SYSTEM permissions in low-complexity attacks that don't require user interaction.
Microsoft...
New York Times source code stolen using exposed GitHub token
June 8, 2024
01:10 PM
0
Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed to BleepingComputer.
As first seen by VX-Underground, the internal data was leaked on Thursday by an anonymous user who posted a torrent to a 273GB archive containing the stolen data.
"Basically all source code belonging to The New...
TikTok fixes zero-day bug used to hijack high-profile accounts
June 4, 2024
05:57 PM
0
Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature.
Zero-day vulnerabilities are security flaws with no official patch or public information detailing the underlying weakness.
After being compromised, user accounts belonging to Sony, CNN, and Paris Hilton had to be taken down to...
US dismantles 911 S5 botnet used for cyberattacks, arrests admin
May 29, 2024
01:14 PM
0
911 S5 seizure banner
The U.S. Justice Department and international partners dismantled the 911 S5 proxy botnet and arrested 35-year-old Chinese national YunHe Wang, its administrator, in Singapore.
"Working with our international partners, the FBI conducted a joint, sequenced cyber operation to dismantle the 911 S5 Botnet—likely the world's largest botnet ever," said FBI Director Christopher Wray.
"We...
Hackers target Check Point VPNs to breach enterprise networks
May 27, 2024
02:19 PM
0
Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory.
Remote Access is integrated into all Check Point network firewalls. It can be configured as a client-to-site VPN for access to corporate networks via VPN clients or set up as an SSL VPN Portal for web-based access.
Check Point says the attackers are targeting...
New BiBi Wiper version also destroys the disk partition table
May 20, 2024
12:06 PM
0
A new version of the BiBi Wiper malware is now deleting the disk partition table to make data restoration harder, extending the downtime for targeted victims.
BiBi Wiper attacks on Israel and Albania are linked to a suspected Iranian hacking group named 'Void Manticore' (Storm-842), which is believed to be affiliated with Iran's Ministry of Intelligence and Security (MOIS).
BiBi Wiper...
Owner of Incognito dark web drugs market arrested in New York
May 20, 2024
03:36 PM
0
The owner and operator of Incognito Market, a dark web marketplace for selling illegal narcotics online, was arrested at the John F. Kennedy Airport in New York on May 18.
This illegal drug market was used to sell more than $100 million worth of narcotics, including over 1,000 kilograms (kgs) of illicit drugs, including 295 kgs of methamphetamines, 364 kgs of cocaine, 112 kgs of amphetamine, and 92 kgs of ecstasy (MDMA).
Since it...
More Articles
Read More
Iranian hackers pose as journalists to push backdoor malware
May 4, 2024
10:17 AM
0
The Iranian state-backed threat actor...
RansomHub extortion gang linked to now-defunct Knight ransomware
June 5, 2024
08:39 AM
0
Security researchers analyzing the...
Advance Auto Parts data breach impacts 2.3 million people
Advance Auto Parts is sending data breach notifications to over 2.3 million people whose...
Microsoft rolls out passkey auth for personal Microsoft accounts
May 3, 2024
11:17 AM
0
Microsoft announced that Windows users...
Google rolls back reCaptcha update to fix Firefox issues
May 3, 2024
01:07 PM
1
Google has rolled back a recent release...