Although the nature of the attack was not specified, the county’s IT staff discovered irregularities in their system and called in external cybersecurity experts to investigate and secure their servers.
Compliance requirements drive the use of these services, making them attractive targets for ransomware groups looking to exploit the systems used for sending sensitive data.
AlphaLock’s business model represents a new and sophisticated approach to cybercrime, creating a pipeline of trained hackers and monetizing their services through an affiliate program.
The round, which brought the total amount to $30.2M, was led by Summit Peak Ventures (US) and King River Capital (US), with participation from Care Super (Australia) and BlackBird Ventures (Australasia), along with other investors.
The attackers upload a malicious DLL as a User-Defined Function library, allowing them to execute commands and deploy the Ddostf malware. The malware collects system information and waits for commands to launch DDoS attacks.
Users are advised to avoid exposing Azure CLI output in logs, regularly rotate keys and secrets, and review best practices for securing Azure Pipelines and GitHub Actions to prevent accidental exposure of sensitive information.
The SQL injection vulnerability, tracked as CVE-2023-6063 and with a high-severity score of 8.6, can be exploited by manipulating a cookie value to execute unauthorized SQL queries. Over 600,000 websites are still running the vulnerable plugin.
A targeted campaign against the gaming community exploits Discord channels and fake download sites to distribute types of information-stealing malware. Multiple information stealer families, including BBy Stealer, Nova Sentinel, Doenerium, and Epsilon Stealer, were identified. To counter similar threats, online gamers are urged to download software exclusively from official and trustworthy websites.
The Royal ransomware gang, now known as BlackSuit, has undergone a strategic rebranding, unveiled in a joint advisory by CISA and the FBI. This shift, observed since November 2022, involves advanced encryption methods and sophisticated attack vectors, emphasizing the exploitation of vulnerabilities in public-facing applications and remote desktop protocols.
TA402 has recently employed a new initial access downloader called IronWind, using various infection chains and delivery methods such as Dropbox links, XLL and RAR file attachments, in order to evade detection.