This week, the Cl0p ransomware group’s leak site displayed sensitive information from students, faculty members, and parents from Fort Sumner Municipal Schools. The leak included scans of driver’s licenses and more.
Recently, during December 2021, Unit 42 researchers received various Dridex samples, which were exploiting XLL and XLM 4.0 in combination with Discord and OneDrive to download the final payload.
That’s despite an overwhelming 93% of respondents that require password management training, with 63% holding training more than once per year, according to a survey conducted by Pulse on behalf of Hitachi ID.
Security researchers are warning that external remote access services continue to be the main vector for ransomware gangs to breach company networks but there’s a notable uptick in exploiting vulnerabilities.
Russia’s banking and financial services company Sberbank is being targeted in a wave of unprecedented hacker attacks. Earlier this month, the bank fought off the largest distributed denial-of-service (DDoS) attack in its history.
The report uncovered 22 new vulnerabilities tied to ransomware (bringing the total to 310) and connected Conti, a prolific ransomware group that sided with the Russian government following the invasion of Ukraine, to 19 of those new vulnerabilities.
Consistent with findings from CitizenLab, Google TAG assesses that government-backed actors purchasing these exploits are located (at least) in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain, and Indonesia.
In tracking the Trojan PSW attacks for 219 countries, territories and unions, Kaspersky found some of the largest increases in Brazil, Canada, Colombia, Hungary, Mexico, Russia, Serbia and the U.S.
Even before Russia’s invasion of Ukraine started, in January, the country and its government’s websites were subject to defacement and tampering, with Russian hackers accused of being behind the attack.
Security researchers at SentinelLabs are calling attention to a software chain supply attack targeting Rust developers with malware aimed directly at infecting GitLab Continuous Integration (CI) pipelines.