LockBit Tries to Distance Itself From Royal Mail Attack
What’s the term for when a ransomware group blames a geopolitically awkward attack it appears to have carried out on someone – anyone – else, just not them? Let’s call it getting “Colonial Pipelined,” after the DarkSide group’s disastrous hit on that oil pipeline system led the crime group to kill its brand. Is the…
FBI Recommends Ad Blockers as Cybercriminals Impersonate Brands in Search Engine Ads
The attackers register domains similar to those of legitimate businesses or services and use those domains to purchase ads from search engine advertisement services, the FBI says in an alert. These nefarious ads are displayed at the top of the web page when the user searches for that business or service, and the user might…
Analyzing Australia’s cyberthreat landscape, and what it means for the rest of the world
Australia has been the victim of damaging cyberattacks in the latter half of this year, with high-profile incidents impacting businesses across critical sectors such as telecoms, healthcare, and government. The impacts of some of these attacks have been rolling on for months, with new details and further information about data breached from the incidents suffered…
Users Warned of New Aerst, ScareCrow, and Vohuk Ransomware Families
Targeting Windows computers, these are typical ransomware families that encrypt victim files and demand a ransom payment in exchange for a decryption key. This new ransomware has been used in an increasing number of attacks. Aerst was seen appending to encrypted files the ‘.aerst’ extension and displaying a popup window containing the attacker’s email address,…
California County Says Personal Information Compromised in Data Breach
The incident, Tehama County says, was identified on April 9, but the investigation into the matter stretched to August 19, when it was determined that personally identifiable information (PII) was compromised. The investigation revealed that an unauthorized third-party had access to the county’s systems between November 18, 2021, and April 9, 2022, and that files…
Microsoft Links Prestige Ransomware Attacks to Russian State-Sponsored Hackers
Initially detailed in October, the Prestige ransomware has been used in attacks against transportation and related logistics organizations in Ukraine and Poland, with some of the victims previously infected with the destructive HermeticWiper malware (FoxBlade). At the time, Microsoft said that the attacks did not appear to be related to known ransomware campaigns, despite the…
Russian National Arrested in Canada Over LockBit Ransomware Attacks
The individual, Mikhail Vasiliev, was arrested in late October, Europol said on Thursday. He is described as one of the world’s most prolific ransomware operators and one of Europol’s high-value targets due to his involvement in many high-profile ransomware cases. Authorities said he demanded ransom payments ranging between €5 and €70 million. The US Justice…
Microsoft Patches MotW Zero-Day Exploited for Malware Delivery
Windows adds the MotW to files coming from untrusted locations, including browser downloads and email attachments. When trying to open files with the MotW, users are warned about the potential risks or, in the case of Office, macros are blocked to prevent malicious code execution. However, there are ways to bypass MotW defenses. Researcher Will…
Hackers Leak Australian Health Records on Dark Web
Medibank told investors that a “sample” of data from some 9.7 million clients had been posted on a “dark web forum” — and that more leaks were likely. Sensitive records were posted anonymously in the early hours of Wednesday and included names, birth dates, passport numbers and information on medical claims for hundreds of customers….
Darwinium Raises $10 Million for Customer Protection Platform
The security and fraud prevention firm’s platform identifies bad behavior in real time by continuously assessing users’ digital interactions across websites, applications, and APIs. Darwinium says it takes a new approach to customer protection by combining internal cybersecurity tools with fraud-prevention tools, in a single view. The startup aims to prevent account compromise and online…
