Halliburton cyberattack linked to RansomHub ransomware gang
The RansomHub ransomware gang is behind the recent cyberattack on oil and gas services giant Halliburton, which disrupted the company's IT systems and business operations. The attack caused widespread disruption, and BleepingComputer was told that customers couldn't generate invoices or purchase orders because the required systems were down. Halliburton disclosed the attack last Friday in an SEC filing, stating they suffered a cyberattack on August 21, 2024, by an unauthorized party. READ MORE...
How RansomHub went from zero to 210 victims in six months
RansomHub, a ransomware-as-a-service (RaaS) outfit that "popped up" earlier this year, has already amassed at least 210 victims (that we know of). Its affiliates have hit government services, IT and communication companies, healthcare institutions, financial organizations, emergency services, manufacturing and transportation outfits, and commercial facilities. The affiliates' tactics and techniques are as diverse as their victims. READ MORE...
Fake Canva home page leads to browser lock
In a previous blog post, we showed how fraudsters were leveraging features from the very company (Microsoft) they were impersonating. We continue this series with another clever trick abusing Canva, a popular online tool for graphic design. This time, the scammers registered an account on Canva to create a new design that, is in fact, a replica of the Canva home page. As victims come from a malicious ad, they land on this deceiving page that lures them into interacting with it. READ MORE...
Fortra Patches Critical Vulnerability in FileCatalyst Workflow
Cybersecurity solutions provider Fortra this week announced patches for two vulnerabilities in FileCatalyst Workflow, including a critical-severity flaw involving leaked credentials. The critical issue, tracked as CVE-2024-6633 (CVSS score of 9.8), exists because the default credentials for the setup HSQL database (HSQLDB) have been published in a vendor knowledgebase article. According to the company, HSQLDB, which has been deprecated, is included to facilitate installation. READ MORE...
2.5 Million Reward Offered For Cyber Criminal Linked To Notorious Angler Exploit Kit
Who doesn't fancy earning US $2.5 million? That's the reward that's on offer from the US Department and State and Secret Service for information leading to the arrest and/or conviction of a Belarusian man who allegedly was a key figure behind the development and distribution of the notorious Angler Exploit Kit. 38-year-old Vladimir Kadariya is charged with a range of cybercrime offences which saw millions of internet users defrauded through malvertising and other means. READ MORE...
BlackByte Ransomware Gang Believed to Be More Active Than Leak Site Suggests
BlackByte is a ransomware-as-a-service brand believed to be an off-shoot of Conti. It was first seen in mid- to late-2021. Talos has observed the BlackByte ransomware brand employing new techniques in addition to the standard TTPs previously noted. Further investigation and correlation of new instances with existing telemetry also leads Talos to believe that BlackByte has been considerably more active than previously assumed. READ MORE...
What a coincidence. Spyware makers, Russia's Cozy Bear seem to share same exploits
Google's Threat Analysis Group (TAG) has spotted an interesting pattern: A Kremlin-linked cyber-espionage crew and commercial spyware makers exploiting specific security vulnerabilities in pretty much the same way. The TAG team reckon a crew dubbed APT29, said to be directed by the Russian government, infected the websites of Mongolia's Cabinet and Ministry of Foreign Affairs to exploit known flaws in Apple's iOS and Chrome on Android in order to hijack devices of the sites' visitors. READ MORE...
Iran hunts down double agents with fake recruiting sites, Mandiant reckons
Government-backed Iranian actors allegedly set up dozens of fake recruiting websites and social media accounts to hunt down double agents and dissidents suspected of collaborating with the nation's enemies, including Israel. The campaign targeted Farsi speakers living in and outside of Iran, began as early as 2017 and lasted until at least March this year. The threat intel team at Google-owned Mandiant uncovered the activity and detailed it in a report published Wednesday. READ MORE...
- ...in 1797, English novelist Mary Shelley, whose "Frankenstein; or, The Modern Prometheus" is considered one of the first works of science fiction, is born in London.
- ...in 1945, Gen. Douglas MacArthur lands in Japan to accept the nation's formal surrender to the Allied Powers, and to organize the postwar occupation government.
- ...in 1956, writer and comedian Frank Conniff Jr., AKA "TV's Frank" from "Mystery Science Theater 3000", is born in New York City.
- ...in 1967, Thurgood Marshall becomes the first African-American Justice to be confirmed to the Supreme Court.
