Law enforcement agencies have taken over RagnarLocker ransomware group's leak site in an internationally coordinated takedown. Among the agencies involved are Europol's European Cybercrime Centre (EC3), the US's Federal Bureau of Investigation (FBI), and Germany's Bundeskriminalamt (BKA), among many others. The takedown follows a concerted effort from law enforcement in recent years to shutter ransomware groups as their success continues to exceed previous records. READ MORE...
Golem, the hacker who leaked the data of one million Ashkenazi Jews from the 23andMe ancestry service earlier this month has now released 4.1 million more genetic data profiles. This time the hacker, who is known by the online handle "Golem," has published a new dataset containing details of what they claim are "the wealthiest people living in the US and Western Europe" on the cybercrime forum BreachForums. READ MORE...
Iran-linked hacking group Crambus spent eight months inside a compromised network of a Middle Eastern government, Broadcom's Symantec cybersecurity unit reports. Symantec uses the Crambus name for clusters of activity that other cybersecurity firms are tracking as APT34 (also known as Cobalt Gypsy, OilRig, and Helix Kitten), and MuddyWater (aka Mango Sandstorm, Mercury, Seedworm, and Static Kitten). READ MORE...
State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies looking for IT workers. Microsoft has outlined on Wednesday how North Korea-backed hacking groups Lazarus (Diamond Sleet) and Andariel (Onyx Sleet) have been exploiting a critical authentication bypass vulnerability in JetBrains TeamCity server to breach target systems and establish persistent access to compromised hosts. READ MORE...
WithSecure researchers have tracked attacks using DarkGate malware to an active cluster of cybercriminals operating out of Vietnam. DarkGate is a remote access trojan (RAT) that has been used in attacks since at least 2018 and is currently available to cybercriminals as Malware-as-a-Service (MaaS). It has a diverse user base and a variety of capabilities. It has been observed in information stealing, cryptojacking, and ransomware campaigns. READ MORE...
The BlackCat/ALPHV ransomware operation has begun to use a new tool named 'Munchkin' that utilizes virtual machines to deploy encryptors on network devices stealthily. Munchkin enables BlackCat to run on remote systems or encrypt remote Server Message Block (SMB) or Common Internet File (CIFS) network shares. The introduction of Munchkin to BlackCat's already extensive and advanced arsenal makes the RaaS more attractive to cybercriminals seeking to become ransomware affiliates. READ MORE...
A critical vulnerability that hackers have exploited since August, which allows them to bypass multifactor authentication in Citrix networking hardware, has received a patch from the manufacturer. Unfortunately, applying it isn't enough to protect affected systems. The vulnerability, tracked as CVE-2023-4966 and carrying a severity rating of 9.8 out of a possible 10, resides in the NetScaler Application Delivery Controller and NetScaler Gateway. READ MORE...