The Clop ransomware gang has started extorting companies impacted by the MOVEit data theft attacks, first listing the company’s names on a data leak site—an often-employed tactic before public disclosure of stolen information
Until security updates are released for affected MOVEit Transfer versions, Progress “strongly” recommends modifying firewall rules to deny HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 as a temporary workaround.
Balada leverages functions written in the Go language to spread itself and maintain persistence by executing a series of attacks, cross-site infections, and installation of backdoors.
Multiple federal agencies, including two Department of Energy entities, were victims of a cyberattack that resulted from a widespread vulnerability in MOVEit file transfer software, federal officials said Thursday.
The joint guidance emphasizes the importance of taking proactive measures to secure and maintain BMCs effectively, adding that many organizations fail to implement even minimum security practices.
Deploying Cayosin botnet, an off-the-shelf Mirai-based botnet agent to target routers running the Linux-based OS OpenWRT is a newly adopted tactic, indicating that the group changes its attack style after examining its targets.
The zero-day leveraged in the campaign, tracked as CVE-2023-2868, impacts Barracuda Email Security Gateway (ESG), specifically a module designed for the initial screening of email attachments.
The Federal Communications Commission will launch its first-ever privacy and data protection task force to crack down on SIM swapping and address broader data privacy concerns, Chairwoman Jessica Rosenworcel announced on Wednesday.
Shell confirmed on Thursday it had been impacted by the Clop ransomware gang’s breach of the MOVEit file transfer tool after the group listed the British oil and gas multinational on its extortion site.
Researchers came across the Shampoo malware campaign that uses a malicious browser extension from the ChromeLoader family to gather sensitive personal information and inject advertisements into victims’ browsing sessions. The new version of the ChromeLoader extension includes many anti-debugging and anti-analysis techniques to make detection challenging.