https://www.scmagazine.com/topic/ransomware
SCM feed for Ransomware
2024-03-29T05:01:53+00:00
https://files.scmagazine.com/logo/scm-horizontal-white-with-resource.png
Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved
tag:www.scmagazine.com:post,709864
Nothing will change as a result of the Change Healthcare incident
2024-03-28T14:11:47-04:00
Toby Gouker
https://www.scmagazine.com/contributor/toby-gouker
<p>Unless there are major policy and regulatory changes and the industry focuses more on threat sharing, nothing much will change in healthcare.</p>
2024-03-28T13:59:23-04:00
tag:www.scmagazine.com:post,709826
'Darcula’ phishing platform targets postal organizations worldwide
2024-03-28T13:38:53-04:00
Steve Zurier
https://www.scmagazine.com/contributor/steve-zurier
<p>Netcraft researchers say the Chinese-language PhaaS platform targeted postal organization in more than 100 countries, including USPS. </p>
2024-03-28T13:38:40-04:00
tag:www.scmagazine.com:post,709779
Escalating cyber threats require immediate adaptation
2024-03-28T09:36:06-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Significant increases have been observed in the prevalence of several cybersecurity threats during the past year, SiliconAngle reports.</p>
2024-03-28T09:36:00-04:00
tag:www.scmagazine.com:post,709776
Zero-day exploitation spikes
2024-03-28T10:00:32-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Threat actors actively exploited 97 zero-day vulnerabilities last year, which is more than 50% higher than in 2022 but lower than in 2021, reports BleepingComputer.</p>
2024-03-28T09:30:24-04:00
tag:www.scmagazine.com:post,709766
Advanced payouts to Change Healthcare attack-hit providers exceed $3.3B
2024-03-28T09:19:32-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>CNBC reports that UnitedHealth Group has already provided more than $3.3 billion in advanced payments to U.S. healthcare providers that experienced financial disruptions following the far-reaching ransomware attack against its payment processor subsidiary Change Healthcare last month attributed to the ALPHV/BlackCat ransomware operation.</p>
2024-03-28T09:19:26-04:00
tag:www.scmagazine.com:post,709758
Cyberespionage campaign hits India
2024-03-28T09:09:36-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>India had several of its government agencies and energy industry organizations subjected to cyberespionage attacks delivering the HackBrowserData information-stealing malware as part of the new Operation FlightNight campaign identified earlier this month, according to The Record, a news site by cybersecurity firm Recorded Future.</p>
2024-03-28T09:09:31-04:00
tag:www.scmagazine.com:post,709754
NHS Scotland data leak warned by INC Ransom group
2024-03-28T09:08:51-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>BleepingComputer reports that Scotland's National Health Service has been threatened by the INC Ransom extortion operation to expose 3 TB of data stolen from an attack this month.</p>
2024-03-28T09:08:46-04:00
tag:www.scmagazine.com:post,709750
Agent Tesla distributed via fraudulent bank notifications
2024-03-28T08:55:35-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Threat actors have launched a new phishing campaign using fraudulent bank payment notifications to facilitate the deployment of the Agent Tesla information-stealing and keylogging malware, The Hacker News reports.</p>
2024-03-28T08:55:30-04:00
tag:www.scmagazine.com:post,709748
New CISA cyber incident reporting draft unveiled
2024-03-28T08:50:20-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>The Cybersecurity and Infrastructure Security Agency has unveiled a draft cyber incident disclosure rule created under the Cyber Incident Reporting for Critical Infrastructure Act that would mandate organizations part of the 16 designated critical infrastructure sectors to report ransomware incidents and payments within a 72-hour and 24-hour period, respectively, according to CyberScoop.</p>
2024-03-28T08:50:15-04:00
tag:www.scmagazine.com:post,709435
Nearly 2K Shopify stores' data exposed by plugins
2024-03-27T09:59:51-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>More than 1,800 stores on major e-commerce platform Shopify using Saara's EcoReturns and WyseMe plugins had 25 GB of data exposed due to the developer's misconfigured MongoDB database, according to Cybernews.</p>
2024-03-27T09:59:46-04:00
tag:www.scmagazine.com:post,709429
Cyber incident against The Big Issue confirmed after Qilin ransomware claims
2024-03-27T09:57:32-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Major UK street newspaper and social enterprise The Big Issue had its systems confirmed to be impacted by a cyberattack days after the intrusion was admitted by the Qilin ransomware operation, which claimed the exfiltration of 550 GB of confidential files, reports The Record, a news site by cybersecurity firm Recorded Future.</p>
2024-03-27T09:57:26-04:00
tag:www.scmagazine.com:post,709420
Industrial systems targeted by suspicious NuGet package
2024-03-27T09:40:19-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Industrial cyberespionage could potentially be facilitated by the new suspicious SqzrFramework480 NuGet package seemingly targeted to developers using tools by Chinese industrial firm Bozhon Precision Industry Technology Co., according to The Hacker News.</p>
2024-03-27T09:40:14-04:00
tag:www.scmagazine.com:post,709411
Massive TheMoon bot campaign hits outdated routers, IoT devices
2024-03-27T09:18:59-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Attacks with an updated TheMoon botnet variant have impacted more than 40,000 end-of-life small office and home office routers and internet of things devices across 88 countries during the first two months of 2024, while the botnet's latest campaign earlier this month facilitated the compromise of over 6,000 Asus routers in less than three days, Security Affairs reports.</p>
2024-03-27T09:18:52-04:00
tag:www.scmagazine.com:post,709256
Active adversary dwell time: The good (and bad) news
2024-03-26T15:03:10-04:00
George V. Hulme
https://www.scmagazine.com/contributor/george-v-hulme
<p>Why dwell times -- defined as when an attack starts and when it is detected – have declined.</p>
2024-03-26T15:03:05-04:00
tag:www.scmagazine.com:post,709074
Reported HHS breach leading to theft of $7.5M under investigation
2024-03-26T07:47:41-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>More details regarding the reported breach of the Department of Health and Human Services' Health Resources and Services Administration grant payments platform from March to November 2023 have been demanded.</p>
2024-03-26T07:47:36-04:00
tag:www.scmagazine.com:post,709073
Outages at major UK tech trade union linked to cyberattack
2024-03-26T07:45:32-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Such impacted systems contained certain CWU member information but further investigation into a possible data breach is still needed.</p>
2024-03-26T07:45:27-04:00
tag:www.scmagazine.com:post,709071
Ransomware hits Florida city
2024-03-26T07:41:20-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>The City of St. Cloud in Florida have confirmed that the city's services have been disrupted by a ransomware attack.</p>
2024-03-26T07:41:15-04:00
tag:www.scmagazine.com:post,709070
Malware, scams promoted by Google AI-powered search algorithms
2024-03-26T07:39:02-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Malicious websites redirecting to fraudulent giveaways, tech support scams, and spam subscriptions were discovered by search engine optimization expert Lily Ray and pushed by Google's newly launched artificial intelligence-based Search Generative Experience functionality.</p>
2024-03-26T07:38:57-04:00
tag:www.scmagazine.com:post,709080
New Tycoon 2FA PhaaS kit examined
2024-03-26T07:33:53-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Microsoft 365 and Gmail accounts have been increasingly targeted with attacks leveraging the new Tycoon 2FA phishing-as-a-service kit.</p>
2024-03-26T07:33:49-04:00
tag:www.scmagazine.com:post,686450
Patrick Stewart, Colorama, Strelastealer, CVSS scores, CHUDS, Josh Marpet, and more - SWN #372
2024-03-26T15:32:04-04:00
Doug White
https://www.scmagazine.com/contributor/doug-white
Josh Marpet
https://www.scmagazine.com/contributor/josh-marpet
2024-03-26T00:00:00-04:00
tag:www.scmagazine.com:post,708894
StrelaStealer malware hits more than 100 EU and US organizations
2024-03-25T14:25:06-04:00
Steve Zurier
https://www.scmagazine.com/contributor/steve-zurier
<p>Security pros say StrelaStealer uses control flow obfuscation — a technique that lets the threat actor better evade detection and reverse engineering.</p>
2024-03-25T14:24:21-04:00
The StrelaStealer malware has been updated to avoid detection. (Adobe Stock)
tag:www.scmagazine.com:post,708916
Nemesis Market disrupted by German police
2024-03-25T13:29:17-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Dark web marketplace Nemesis Market, which peddles cybercrime services in addition to illegal drugs and illicit goods, was reported by the German Federal Crime Police Office, or BKA, to have been dismantled following a more than a year-long law enforcement operation conducted alongside U.S. and Lithuanian authorities, The Hacker News reports.</p>
2024-03-25T13:29:12-04:00
tag:www.scmagazine.com:post,708909
Conditional expedited payments for cyberattack-hit health providers pushed in new bill
2024-03-25T13:26:39-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Health providers across the U.S. impacted by cyberattacks would be able to receive advanced payments from the Centers for Medicare & Medicaid Services as long as they meet minimum cybersecurity standards under new legislation introduced by Senate Cybersecurity Caucus co-chair Mark Warner, D-Va., according to CyberScoop.</p>
2024-03-25T13:26:33-04:00
tag:www.scmagazine.com:post,708885
Separate ransomware attacks reported by Illinois county, college
2024-03-25T12:22:10-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Illinois' Henry County and Monmouth College have confirmed being impacted by separate ransomware attacks during the past week, according to The Record, a news site by cybersecurity firm Recorded Future.</p>
2024-03-25T12:22:04-04:00
tag:www.scmagazine.com:post,708877
Ongoing Kimsuky attacks involve novel tactic
2024-03-25T12:16:13-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Information-stealing malware has been deployed by North Korean state-backed hacking group Kimsuky in ongoing attacks against South Korean organizations exploiting Compiled HTML Help files, reports The Hacker News.</p>
2024-03-25T12:16:07-04:00
tag:www.scmagazine.com:post,708874
Massive StrelaStealer malware campaign hits US, Europe
2024-03-25T12:13:07-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>More than 100 organizations in the U.S. and Europe have been subjected to a far-reaching StrelaStealer malware attack campaign aimed at exfiltrating email account credentials that peaked from late January to early February, BleepingComputer reports.</p>
2024-03-25T12:13:02-04:00
tag:www.scmagazine.com:post,708665
ConnectWise ScreenConnect attacks deliver malware
2024-03-22T20:57:22-04:00
Sponsored by Sophos
https://www.scmagazine.com/contributor/presented-by-sophos
<p>Multiple attacks exploit vulnerabilities in an IT remote access tool to deliver a variety of different payloads into business environments.</p>
2024-03-22T20:53:55-04:00
tag:www.scmagazine.com:post,708574
Is Cozy Bear targeting Western political parties with phishing attacks?
2024-03-22T16:11:13-04:00
Steve Zurier
https://www.scmagazine.com/contributor/steve-zurier
<p>Google Mandiant says APT29 targeted German politicians and is a threat to Western political parties.</p>
2024-03-22T16:07:12-04:00
(Adobe Stock)
tag:www.scmagazine.com:post,708593
Fighting active adversaries: The need for dynamic defenses
2024-03-22T14:35:03-04:00
George V. Hulme
https://www.scmagazine.com/contributor/george-v-hulme
<p>How to gain the insights necessary to change security policies as active adversaries persist.</p>
2024-03-22T14:34:58-04:00
tag:www.scmagazine.com:post,708487
New Turla attack sheds more light on backdoor
2024-03-22T07:04:01-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>After conducting an initial compromise in October, Turla deployed custom Chisel tunneling software to expand infections across other systems in December before proceeding with data exfiltration activities a month later.</p>
2024-03-22T07:03:56-04:00
tag:www.scmagazine.com:post,708484
Rhysida ransomware lays claim on MarineMax compromise
2024-03-22T07:01:36-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>More than $774 million worth of bitcoin has been demanded by Rhysida for the alleged stolen data, which includes the company's customer databases, earnings reports, bank account transfers, balance sheets, and other financial records.</p>
2024-03-22T07:01:30-04:00
tag:www.scmagazine.com:post,708485
Cyberattacks hit various US state, local governments
2024-03-22T06:59:45-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Officials at the City of Jacksonville Beach in Florida confirmed that nearly 49,000 people had their names and Social Security numbers exfiltrated following a LockBit ransomware attack in late January.</p>
2024-03-22T06:59:40-04:00
tag:www.scmagazine.com:post,686448
Robots, UDP, GoFetch, DCs, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More - SWN #371
2024-03-22T15:41:03-04:00
Doug White
https://www.scmagazine.com/contributor/doug-white
Aaran Leyland
https://www.scmagazine.com/contributor/aaran-leyland
2024-03-22T00:00:00-04:00
tag:www.scmagazine.com:post,708432
LockBit: Lessons learned on winning the war on cybercrime
2024-03-21T17:45:49-04:00
Sponsored by Sophos
https://www.scmagazine.com/contributor/presented-by-sophos
<p>Making sense of the ransomware-group takedown -- what it means for ransomware and law enforcement</p>
2024-03-21T17:44:12-04:00
(Adobe Stock)
tag:www.scmagazine.com:post,708282
Takedowns spark affiliate bidding war among ransomware gangs
2024-03-21T10:48:54-04:00
Simon Hendery
https://www.scmagazine.com/contributor/simon-hendery
<p>After authorities disrupted LockBit and ALPHV/BlackCat, smaller extortion groups are scrambling to recruit their former affiliates.</p>
2024-03-21T10:47:37-04:00
Ransomware-as-a-service groups are actively recruiting affiliates. (Adobe Stock)
tag:www.scmagazine.com:post,708190
Hijacked Spa Grand Prix email leveraged in phishing attack
2024-03-21T06:49:27-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Attackers leveraged the hijacked email account to send phishing emails using a €50 voucher for ticket purchases as a lure that redirected to a spoofed Spa GP website that sought targets' banking details and other personal information. </p>
2024-03-21T06:49:23-04:00
tag:www.scmagazine.com:post,708188
Mounting AceCryptor malware attacks target Europe
2024-03-21T06:42:28-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Organizations across Europe have been subjected to a deluge of attacks involving AceCryptor malware as part of campaigns that sought to exfiltrate email and browser credentials during the second half of 2023.</p>
2024-03-21T06:42:24-04:00
tag:www.scmagazine.com:post,708162
Adversarial evolution: How defenders must also evolve
2024-03-20T21:20:33-04:00
George V. Hulme
https://www.scmagazine.com/contributor/george-v-hulme
<p>To effectively respond, organizations must have an adaptable security posture.</p>
2024-03-20T21:16:40-04:00
tag:www.scmagazine.com:post,708083
Open-source ransomware, RATs deployed on compromised TeamCity servers
2024-03-20T18:03:41-04:00
Laura French
https://www.scmagazine.com/contributor/laura-french
<p>Jasmin ransomware, SparkRAT and XMRig cryptominers were dropped post-exploitation of CVE-2024-27198.</p>
2024-03-20T18:03:31-04:00
tag:www.scmagazine.com:post,708068
Change Healthcare ransomware attack disrupting industry nationwide
2024-03-21T13:38:36-04:00
Steve Zurier
https://www.scmagazine.com/contributor/steve-zurier
<p>Caregivers, patients caught in middle as officials work to respond to Change Healthcare incident.</p>
2024-03-20T17:50:02-04:00
A ransomware attack on Change Healthcare has roiled the medical industry. (Adobe Stock)
tag:www.scmagazine.com:post,707882
UnitedHealth, insurers called to act following Change Healthcare hack
2024-03-20T07:18:25-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Health providers should also be given more details by UnitedHealth regarding its claims systems security efforts and third-party assessment timelines.</p>
2024-03-20T07:18:20-04:00
tag:www.scmagazine.com:post,707884
Crinetics Pharmaceuticals cyberattack under investigation
2024-03-20T07:12:37-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>U.S. endocrine-focused pharmaceutical development and commercialization firm Crinetics Pharmaceuticals has confirmed an ongoing investigation into a cybersecurity incident claimed by the LockBit ransomware operation.</p>
2024-03-20T07:12:32-04:00
tag:www.scmagazine.com:post,707762
The Change Healthcare attack points out the real need to modernize healthcare cybersecurity
2024-03-19T16:47:09-04:00
Morgan Wright
https://www.scmagazine.com/contributor/morgan-wright
<p>By focusing on the patients harmed by the Change Healthcare incident, the industry can control the narrative and finally push for funding to modernize healthcare cybersecurity. </p>
2024-03-20T07:00:00-04:00
tag:www.scmagazine.com:post,707842
Using MITRE ATT&CK framework to thwart active adversaries
2024-03-20T07:48:05-04:00
George V. Hulme
https://www.scmagazine.com/contributor/george-v-hulme
<p>Mapping the most common active adversary attack techniques with the MITRE ATT&CK framework.</p>
2024-03-19T21:01:03-04:00
tag:www.scmagazine.com:post,707622
Updated version of wiper malware used in Viasat hack emerges
2024-03-19T07:56:53-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Significant improvements have been implemented in the new variant of the AcidRain wiper malware leveraged by Russia to compromise satellite internet provider Viasat.</p>
2024-03-19T07:56:48-04:00
tag:www.scmagazine.com:post,707620
Mintlify breach leaks customer GitHub tokens
2024-03-19T07:30:16-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>Such a security issue within Mintlify's systems facilitated the exposure of its internal admin credentials, which could be leveraged to enable internal endpoint compromise and further data exposure. </p>
2024-03-19T07:30:11-04:00
tag:www.scmagazine.com:post,707619
Cyberattack impacts over 83K Nations Direct Mortgage clients
2024-03-19T07:25:44-04:00
SC Staff
https://www.scmagazine.com/contributor/sc-staff
<p>More than 83,000 individuals had their sensitive data compromised following a December cyberattack against Nevada-based mortgage lender Nations Direct Mortgage.</p>
2024-03-19T07:25:39-04:00