The FBI, CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are raising the alarm on a ransomware gang's increased targeting of the education sector. In a joint advisory this week, the three agencies warn that a threat actor tracked as 'Vice Society' has been "disproportionately targeting the education sector with ransomware attacks". READ MORE...
Albania has severed diplomatic ties with Iran after a series of cyberattacks that kicked off July 15 and targeted multiple Albanian government websites, Albanian Prime Minister Edi Rama said Wednesday. All Iranian diplomatic and other personnel were given 24 hours to leave the country, Rama said in a video statement. A previously unknown group calling itself "Homeland Justice" took credit for the attacks. READ MORE...
Someone is flooding Cobalt Strike servers operated by former members of the Conti ransomware gang with anti-Russian messages to disrupt their activity. The operators of Conti ransomware completed turning off their internal infrastructure in May this year but its members have dispersed to other ransomware gangs, such as Quantum, Hive, and BlackCat. However, former Conti members continue to use the same Cobalt Strike infrastructure to conduct new attacks under other ransomware operations. READ MORE...
A relatively new cyber-espionage group is using an intriguing custom arsenal of tools and techniques to compromise companies and governments in Southeast Asia, the Middle East, and southern Africa, with attacks aimed at collecting intelligence from targeted organizations. According to an analysis published on Tuesday by cybersecurity firm ESET, the hallmark of the group is its use of custom tools not seen in other attacks, a focus on targets in Southeast Asia, and operational similarities to the China-linked TA428 group. READ MORE...
Networking device maker Zyxel is warning customers today of a new critical remote code execution (RCE) vulnerability impacting three models of its Networked Attached Storage (NAS) products. The vulnerability is tracked as CVE-2022-34747 and has received a CVSS v3 severity score of 9.8, rated critical, but not many details have been disclosed. "A format string vulnerability was found that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet," explains the advisory. READ MORE...
A few days ago - and smack in the middle of the weekend preceding Labor Day (as celebrated in the U.S.) - Taiwan-based QNAP Systems has warned about the latest round of DeadBolt ransomware attacks targeting users of its QNAP network-attached storage (NAS) devices. "QNAP detected a new DeadBolt ransomware campaign on the morning of September 3rd, 2022 (GMT+8). The campaign appears to target QNAP NAS devices running Photo Station with internet exposure," the company said in a security advisory. READ MORE...