From bankinfosecurity.com
Being listed on a ransomware leak site isn’t just embarrassing – it may also be an invitation for a follow-up attack by other ransomware gangs betting that the original vulnerability has gone unpatched.
From securelist.com
For more than a year, we have been providing free intelligence services via the OpenTIP portal. Using the web interface, anyone can upload and scan files with our antivirus engine, get a basic sandbox report, look up various network indicators (IP addresses, hosts, URLs). Later on, we presented an easy-to-use HTTPS-based programming interface, so that you could use the service in your own scripts and integrate it in existing workflow.
From unit42.paloaltonetworks.com
Beginning in early May 2022, Unit 42 observed a threat actor deploying Cuba Ransomware using novel tools and techniques. Using our naming schema, Unit 42 tracks the threat actor as Tropical Scorpius.
Here, we start with an overview of the ransomware and focus on an evolution of behavior observed leading up to deployment of Cuba Ransomware. While this behavior was consistent for over a year, Unit 42 has observed some recent changes. This includes providing an overview of the ransomware’s functionality and algorithms, as well as covering the technical details of the tactics, techniques and procedures (TTPs) used by Tropical Scorpius. Specifically, this involves:
From helpnetsecurity.com
A wave of cybercriminals spreading malware families – including QakBot, IceID, Emotet, and RedLine Stealer – are shifting to shortcut (LNK) files for email malware delivery. Shortcuts are replacing Office macros – which are starting to be blocked by default in Office – as a way for attackers to get a foothold within networks by tricking users into infecting their PCs with malware.
Read more…
From cybersecurity-insiders.com
Cybersecurity firm Sophos has warned that many organizations across the globe are being targeted by simultaneous cyber-attacks, where a single corporate network is hit by multiple attackers. Research claims that the time frame to launch simultaneous cyber attacks varies and can be anything between a few days, weeks, or months.
From theregister.com
DARPA’s attempt to build an internetwork of communications satellites – which operates under the fabulous name Space-BACN – has tapped Intel, SpaceX and others to build kit that will make its planned “Space-Based Adaptive Communications Node” a reality.
As The Register detailed when Space-BACN was announced in late 2021, DARPA has taken note of the launch of many comms satellites by the likes of SpaceX’s Starlink and Amazon’s planned constellation of 7,774 satellites.
From infosecurity-magazine.com
Emotet was the most widely used malware in the wild in July, followed by Formbook and XMRig, a new report by Check Point Research (CPR) suggests.
In June 2022 CPR reported that Emotet had a global impact of 14%. July saw a 50% reduction in Emotet’s global impact, down to 7%, but despite this the malware remains in the top spot.
“Emotet continues to dominate our monthly top malware charts,” explained Maya Horowitz, VP of research at CPR.
“This botnet continually evolves to maintain its persistence and evasion. Its latest developments include a credit card stealer module, meaning that enterprises and individuals must take extra care when making any online purchases.”