Two Russian individuals admitted to participating in many LockBit ransomware attacks, which targeted victims worldwide and across the United States. According to a Justice Department press release on Thursday, Russian national Ruslan Magomedovich Astamirov and Canadian/Russian national Mikhail Vasiliev were both affiliates of LockBit's ransomware-as-a-service operation. LockBit affiliates like Vasiliev and Astamirov would identify and breach vulnerable systems on victims'...

Image: Midjourney A new threat actor known as CRYSTALRAY has significantly broadened its targeting scope with new tactics and exploits, now counting over 1,500 victims whose credentials were stolen and cryptominers deployed. This is being reported by researchers at Sysdig, who have tracked the threat actor since February, when they first reported their use of the SSH-Snake open-source worm to spread laterally on breached networks. SSH-snake is an open-source...

GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user. The GitLab DevSecOps platform has over 30 million registered users and is used by over 50% of Fortune 100 companies, including T-Mobile, Goldman Sachs, Airbus, Lockheed Martin, Nvidia, and UBS. The flaw patched in today's security update is tracked as CVE-2024-6385, and it received a CVSS base score severity rating of 9.6...

Antivirus company Avast have discovered a weakness in the cryptographic scheme of the DoNex ransomware family and released a decryptor so victims can recover their files for free. The company says it has been working with law enforcement to privately provide the decryptor to DoNex ransomware victims since March 2024. Cybersecurity vendors commonly distribute decryptors in this manner to prevent the threat actors from learning about the bug and fixing it. The flaw was...

BleepingComputer has verified that the helpdesk portal of a router maker is currently sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise. The Canadian router manufacturer, Mercku provides equipment to Canadian and European Internet Service providers (ISP) and networking companies including Start.ca, FibreStream, Innsys, RealNett, Orion Telekom, and Kelcom. Support tickets acknowledged with MetaMask phishing...

Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches. Cybersecurity firm Sygnia, who reported the incidents to Cisco, linked the attacks to a Chinese state-sponsored threat actor it tracks as Velvet Ant. "Sygnia detected this exploitation during a larger forensic investigation into the China-nexus cyberespionage group we are tracking as Velvet Ant," Amnon Kushnir, Director of Incident Response at...

A 22-year-old British national allegedly linked to the Scattered Spider hacking group and responsible for attacks on 45 U.S. companies has been arrested in Palma de Mallorca, Spain. The suspect is suspected of being a leader of a cybercrime gang dedicated to stealing data and cryptocurrencies from organizations and then extorting them for not publishing sensitive data. "The modus operandi consisted of obtaining access credentials from individuals through phishing techniques, which were...

A group of suspected Chinese cyberespionage actors named 'Velvet Ant' are deploying custom malware on F5 BIG-IP appliances to gain a persistent connection to the internal network and steal data. According to a Sygnia report who discovered the intrusion after they were called in to investigate the cyberattack, Velvet Ant established multiple footholds using various entry points across the network, including a legacy F5 BIG-IP appliance that served as an internal command and...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs. Tracked as CVE-2024-26169, this security flaw is caused by an improper privilege management weakness in the Windows Error Reporting service. Successful exploitation lets local attackers gain SYSTEM permissions in low-complexity attacks that don't require user interaction. Microsoft...

June 8, 2024   01:10 PM   0 Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed to BleepingComputer. As first seen by VX-Underground, the internal data was leaked on Thursday by an anonymous user who posted a torrent to a 273GB archive containing the stolen data. "Basically all source code belonging to The New...

June 4, 2024   05:57 PM   0 Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature. Zero-day vulnerabilities are security flaws with no official patch or public information detailing the underlying weakness. After being compromised, user accounts belonging to Sony, CNN, and Paris Hilton had to be taken down to...

May 29, 2024   01:14 PM   0 911 S5 seizure banner The U.S. Justice Department and international partners dismantled the 911 S5 proxy botnet and arrested 35-year-old Chinese national YunHe Wang, its administrator, in Singapore. "Working with our international partners, the FBI conducted a joint, sequenced cyber operation to dismantle the 911 S5 Botnet—likely the world's largest botnet ever," said FBI Director Christopher Wray. "We...

May 27, 2024   02:19 PM   0 Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory. Remote Access is integrated into all Check Point network firewalls. It can be configured as a client-to-site VPN for access to corporate networks via VPN clients or set up as an SSL VPN Portal for web-based access. Check Point says the attackers are targeting...

May 20, 2024   12:06 PM   0 A new version of the BiBi Wiper malware is now deleting the disk partition table to make data restoration harder, extending the downtime for targeted victims. BiBi Wiper attacks on Israel and Albania are linked to a suspected Iranian hacking group named 'Void Manticore' (Storm-842), which is believed to be affiliated with Iran's Ministry of Intelligence and Security (MOIS). BiBi Wiper...

May 20, 2024   03:36 PM   0 The owner and operator of Incognito Market, a dark web marketplace for selling illegal narcotics online, was arrested at the John F. Kennedy Airport in New York on May 18. This illegal drug market was used to sell more than $100 million worth of narcotics, including over 1,000 kilograms (kgs) of illicit drugs, including 295 kgs of methamphetamines, 364 kgs of cocaine, 112 kgs of amphetamine, and 92 kgs of ecstasy (MDMA). Since it...