The RansomHub ransomware gang is behind the recent cyberattack on oil and gas services giant Halliburton, which disrupted the company's IT systems and business operations. The attack caused widespread disruption, and BleepingComputer was told that customers couldn't generate invoices or purchase orders because the required systems were down. Halliburton disclosed the attack last Friday in an SEC filing, stating they suffered a cyberattack on August 21, 2024, by an unauthorized party. READ MORE...
RansomHub, a ransomware-as-a-service (RaaS) outfit that "popped up" earlier this year, has already amassed at least 210 victims (that we know of). Its affiliates have hit government services, IT and communication companies, healthcare institutions, financial organizations, emergency services, manufacturing and transportation outfits, and commercial facilities. The affiliates' tactics and techniques are as diverse as their victims. READ MORE...
In a previous blog post, we showed how fraudsters were leveraging features from the very company (Microsoft) they were impersonating. We continue this series with another clever trick abusing Canva, a popular online tool for graphic design. This time, the scammers registered an account on Canva to create a new design that, is in fact, a replica of the Canva home page. As victims come from a malicious ad, they land on this deceiving page that lures them into interacting with it. READ MORE...
Cybersecurity solutions provider Fortra this week announced patches for two vulnerabilities in FileCatalyst Workflow, including a critical-severity flaw involving leaked credentials. The critical issue, tracked as CVE-2024-6633 (CVSS score of 9.8), exists because the default credentials for the setup HSQL database (HSQLDB) have been published in a vendor knowledgebase article. According to the company, HSQLDB, which has been deprecated, is included to facilitate installation. READ MORE...
Who doesn't fancy earning US $2.5 million? That's the reward that's on offer from the US Department and State and Secret Service for information leading to the arrest and/or conviction of a Belarusian man who allegedly was a key figure behind the development and distribution of the notorious Angler Exploit Kit. 38-year-old Vladimir Kadariya is charged with a range of cybercrime offences which saw millions of internet users defrauded through malvertising and other means. READ MORE...
BlackByte is a ransomware-as-a-service brand believed to be an off-shoot of Conti. It was first seen in mid- to late-2021. Talos has observed the BlackByte ransomware brand employing new techniques in addition to the standard TTPs previously noted. Further investigation and correlation of new instances with existing telemetry also leads Talos to believe that BlackByte has been considerably more active than previously assumed. READ MORE...
Google's Threat Analysis Group (TAG) has spotted an interesting pattern: A Kremlin-linked cyber-espionage crew and commercial spyware makers exploiting specific security vulnerabilities in pretty much the same way. The TAG team reckon a crew dubbed APT29, said to be directed by the Russian government, infected the websites of Mongolia's Cabinet and Ministry of Foreign Affairs to exploit known flaws in Apple's iOS and Chrome on Android in order to hijack devices of the sites' visitors. READ MORE...
Government-backed Iranian actors allegedly set up dozens of fake recruiting websites and social media accounts to hunt down double agents and dissidents suspected of collaborating with the nation's enemies, including Israel. The campaign targeted Farsi speakers living in and outside of Iran, began as early as 2017 and lasted until at least March this year. The threat intel team at Google-owned Mandiant uncovered the activity and detailed it in a report published Wednesday. READ MORE...