The US Secret Service and various reporting portals tied the criminals’ laundering efforts to multiple wallet addresses. The seized proceeds were returned in the stablecoin Tether.
A proof-of-concept exploit has been released for a critical zero-day vulnerability in Windows SmartScreen. The vulnerability, identified as CVE-2023-36025, allows attackers to bypass Windows Defender SmartScreen checks and execute malicious code.
Dream Security has raised $35 million in a financing round led by existing investors Aleph and Dovi France’s Group 11. It offers a range of products that assess and predict cyber threats, react in real-time, and create customized protective measures.
The UK’s National Cyber Security Centre (NCSC) has released its first RFC for the Internet Engineering Task Force (IETF), focusing on indicators of compromise (IoCs), which are observable artifacts associated with attackers.
While the effectiveness of this feature is yet to be verified by security researchers or Google, the existence of similar claims by another malware suggests that there may be an exploitable vulnerability in session cookies.
According to experts, companies are increasingly prioritizing system backups and restoration capabilities to avoid paying ransoms during cyber incidents. Companies must also report cyber incidents and notify affected individuals.
The CVE-2023-4966 vulnerability has been actively exploited by threat actors since late August, allowing them to hijack authenticated sessions and bypass strong authentication measures.
The Cybersecurity and Infrastructure Security Agency (CISA), FBI, MS-ISAC, and ASD’s ACSC have released a joint advisory in response to LockBit 3.0 ransomware affiliates exploiting a vulnerability in Citrix’s NetScaler web application control.
The Information Commissioner’s Office (ICO) said that a complaint was first lodged back in June 2019, after a patient raised concerns that their records had been improperly accessed by Loretta Alborghetti, from Redditch.
Play ransomware attacks have shown little variation, suggesting that affiliates are following predefined playbooks provided with the RaaS, using identical tactics and commands.