Stopping the ransomware epidemic is less about tackling individual crypto-locking malware variants and more about combating the entire ecosystem of bad actors underpinning digital extortion, the British government said Monday. Behind any infection from name-brand ransomware such as LockBit or BlackCat lies a loose network of affiliates, initial access brokers and other actors, warned the…
Dangerous spyware masquerading as a set of legitimate Telegram “mods” inside the official Google Play app store has been downloaded tens of thousands of times — and its existence poses serious ramifications for business users. Modified applications (“mods”) for the popular messaging client are a well-known part of the Telegram ecosystem. Mods are apps that…
Cisco warns that a zero-day vulnerability (CVE-2023-20269) in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) is actively exploited by ransomware groups to gain initial access to corporate networks. An unauthenticated, remote attacker can exploit the vulnerability to conduct a brute force attack in an attempt to identify valid username and password combinations…
While ransomware still dominates the threat landscape, recent Sophos research finds attacker dwell time decreased in 2022, from 15 to 10 days, for all attack types. For ransomware cases, the dwell time decreased from 11 to 9 days, while the decrease was even greater for non-ransomware attacks. The dwell time for the latter declined from…
Swedish DPA Fines Insurer The Swedish data protection authority fined insurer Trygg-Hansa $3 million for a data breach that exposed the sensitive information of approximately 650,000 customers through the company’s online portal. The data protection authority’s investigation revealed the exposure had gone on for over two years, from October 2018 to February 2021. The breach…
Google released September 2023 Android security updates that address tens of vulnerabilities, including a zero-day flaw tracked as CVE-2023-35674 that was actively exploited in the wild. This high-severity vulnerability CVE-2023-35674 resides in the Framework component, a threat actor could exploit the issue to escalate privileges without requiring user interaction or additional execution privileges. “There are…
The new Caldera for OT extension is the result of a collaboration between the Homeland Security Systems Engineering and Development Institute (HSSEDI) and CISA, to help improve the resilience of critical infrastructure. The Caldera cybersecurity platform provides automated adversary emulation, security assessments, and red-, blue-, and purple-teaming, and uses the MITRE ATT&CK framework as its…
In an updated advisory, the virtualization technology giant confirmed the public release of exploit code that provides a roadmap for hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface. The exploit code and root-cause analysis, released by SinSinology researcher Sina Kheirkhah, documents the problem as a case…
Lacework, the data-driven cloud security company, today announced an expansion of its partnership with Google Cloud. Several new features will allow joint customers to innovate even faster in Google Cloud environments with the confidence that their cloud environment is even more secure. Customers can now choose to have the full Lacework platform, which provides data-driven…
Hackers aligned with Chinese interests are targeting Android users with fake encrypted chat apps Trojanized with espionage capabilities in separate and ongoing campaigns, one active since July 2020 and the other for more than 12 months. Researchers at Eset on Wednesday attributed the campaigns to a threat group tracked as Gref, which overlaps with activity…
Ransomware: It Takes A Village, Says NCSC
