Credit to Author: Threat Intelligence Team| Date: Tue, 01 Mar 2022 20:49:54 +0000
Perhaps one of the most interesting leaks for the threat intelligence community, the Conti data dumps will provide invaluable data for a long time to come.
The post The Conti ransomware leaks appeared first on Malwarebytes Labs.
Read more
Credit to Author: gallagherseanm| Date: Mon, 28 Feb 2022 12:30:19 +0000
An unpatched Microsoft Exchange Server let both ransomware actors in; Karma just stole data, while Conti encrypted.
Read moreCredit to Author: Pieter Arntz| Date: Mon, 28 Feb 2022 12:15:31 +0000
After months of spam silence, TrickBot has pulled the plug on its server infrastructure. Is this the end of an era?
The post TrickBot takes down server infrastructure after months of inactivity appeared first on Malwarebytes Labs.
Read moreCredit to Author: Malwarebytes Labs| Date: Mon, 28 Feb 2022 11:37:42 +0000
The most important and interesting security stories from the last seven days.
The post A week in security (February 21 – February 27) appeared first on Malwarebytes Labs.
Read moreCredit to Author: David Ruiz| Date: Fri, 25 Feb 2022 22:13:21 +0000
Responding to the crisis in Ukraine must prioritize physical safety, but there are related cyber-risks to consider too.
The post Potential cybersecurity impacts of Russia’s invasion of Ukraine appeared first on Malwarebytes Labs.
Read moreCredit to Author: Threat Intelligence Team| Date: Fri, 25 Feb 2022 20:59:40 +0000
There are many uncertainties with Russia’s invasion and war in Ukraine. In this unpredictable environment, we detail previous, current and expected cyber threats to watch out for.
The post Cyber lures and threats in the context of the war in Ukraine appeared first on Malwarebytes Labs.
Read moreCredit to Author: Pieter Arntz| Date: Wed, 23 Feb 2022 13:58:00 +0000
Researchers have found a flaw in the Hive ransomware encryption method that allows them to recover a high percentage of the encrypted files.
The post Hive ransomware: Researchers figure out a method to decrypt files appeared first on Malwarebytes Labs.
Read more
Credit to Author: Andrew Brandt| Date: Wed, 23 Feb 2022 11:30:07 +0000
Some code used in the ransomware bear a resemblance to code used in Dridex malware, hinting at a common origin
Read more
Credit to Author: BrianKrebs| Date: Wed, 16 Feb 2022 16:44:19 +0000
A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.
Read more
Credit to Author: BrianKrebs| Date: Mon, 14 Feb 2022 18:22:38 +0000
In January, KrebsOnSecurity examined clues left behind by “Wazawaka,” the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since “lost his mind” according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists. In last month’s story, we explored clues that led from Wazawaka’s multitude of monikers, email addresses, and passwords to a 30-something father in Abakan, Russia named Mikhail Pavlovich Matveev. This post concerns itself with the other half of Wazawaka’s identities not mentioned in the first story, such as how Wazawaka also ran the Babuk ransomware affiliate program, and later became “Orange,” the founder of the ransomware-focused Dark Web forum known as “RAMP.”
Read more