Important clarifications regarding arrest of climate activist
Ghostscript zero-day allows full server compromises
therecord.media/ghostscript-zero-day-allows-full-server-compromises/ Proof-of-concept exploit code was published online over the weekend for an unpatched Ghostscript vulnerability that puts all servers that rely on the component at risk of attacks.
REvil ransomware’s servers mysteriously come back online
www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/ Today, both the Tor payment/negotiation site and REvil’s Tor ‘Happy Blog’ data leak site suddenly came back online.. It is unclear at this time whether the ransomware gang is back in operation, the servers have been turned back on by mistake, or it is due to the actions of law enforcement.
IoT Attacks Skyrocket, Doubling in 6 Months
threatpost.com/iot-attacks-doubling/169224/ According to a Kaspersky analysis of its telemetry from honeypots shared with Threatpost, the firm detected more than 1.5 billion IoT attacks up from 639 million during the previous half year, which is more than twice the volume.
Ransomware attacks, all concerned how to prevent them and respond to an incident
www.ssi.gouv.fr/uploads/2021/08/anssi-guide-ransomware_attacks_all_concerned-v1.0.pdf Ransomware attacks are a current and growing trend, not only in France, but also worldwide. Because they are a serious threat, this guide translated into English aims at making our expertise and our recommendations available to a wider audience we hope that you find it useful.
UK data watchdog brings cookies to G7 meeting pop-up consent requests, not the delicious baked treats
www.theregister.com/2021/09/07/ico_cookies_g7/ The ICO said it would call on fellow G7 data protection and privacy authorities three of which used to be its fellow EU member states to work together to overhaul cookie consent pop-ups to make people’s privacy “more meaningfully protected” and help businesses offer “a better web browsing experience.”
Varo näitä viestejä näin suomalaisia huijataan nyt
www.is.fi/digitoday/tietoturva/art-2000008246431.html SUOMALAISILLE lähetetään parhaillaan ahkerasti huijausviestejä pankkien nimissä. Ainakin Nordean nimissä on nähty viime päivinä paljon sähköposteja.. Viestejä on ainakin kahta tyyppiä: yhdessä kerrotaan saapuneesta luottamuksellisesta viestistä tai asiakirjasta ja toisessa psd2-maksupalveludirektiivin vaatimista toimenpiteistä.
Ransomware gang threatens to leak data if victim contacts FBI, police
www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-leak-data-if-victim-contacts-fbi-police/ In an announcement published on Ragnar Locker’s darknet leak site this week, the group is threatening to publish full data of victims who seek the help of law enforcement and investigative agencies following a ransomware attack.. The threat also applies to victims contacting data recovery experts to attempt decryption and conduct the negotiation process.
New Chainsaw tool helps IR teams analyze Windows event logs
www.bleepingcomputer.com/news/security/new-chainsaw-tool-helps-ir-teams-analyze-windows-event-logs/ Authored by James D, lead threat hunter at F-Secures Countercept division, Chainsaw is a Rust-based command-line utility that can go through event logs to highlight suspicious entries or strings that may indicate a threat.. The tool uses the Sigma rule detection logic to quickly find event logs relevant to the investigation.. Tool at
Irish Police ‘Significantly Disrupt’ Attackers’ Operations
www.bankinfosecurity.com/irish-police-significantly-disrupt-hse-attackers-ops-a-17466 Ireland’s cybercrime police, the Garda National Cyber Crime Bureau, have conducted a “significant disruption operation” targeting the IT infrastructure of a cybercrime group. As part of the operation, police seized several domains used in a May ransomware attack against Ireland’s national health services provider Health Service Executive, a spokesperson tells Information Security Media Group.
The Ideal Ransomware Victim: What Attackers Are Looking For
ke-la.com/the-ideal-ransomware-victim-what-attackers-are-looking-for/ In July 2021, KELA observed threat actors creating multiple threads where they claimed they are ready to buy accesses and described their conditions. Some of them appear to use access for deploying info-stealing malware and carrying out other malicious activities. Others aim to plant ransomware and steal data. KELA explored what is valuable for threat actors buying accesses, especially ransomware . attackers, and built a profile of an ideal ransomware victim.. On average, the actors active in July 2021 aimed to buy access to US companies with revenue of more than 100 million USD. Almost half of them refused to buy access to companies from the healthcare and education industries.. The most common products (enabling network access) mentioned were Citrix, Palo Alto Networks, VMware, Fortinet, and Cisco.. Ransomware attackers are ready to pay for access up to 100,000 USD, with most actors setting the boundaries at half of that price 56,250 USD.