Ransomware: Looking for weaknesses in your own network is key to stopping attacks
www.zdnet.com/article/ransomware-looking-for-weaknesses-in-your-own-network-is-key-to-stopping-attacks/ Ransomware is a major cybersecurity threat to organisations around the world, but it’s possible to reduce the impact of an attack if you have a thorough understanding of your own network and the correct protections are in place. While the best form of defence is to stop ransomware infiltrating the network in the first place, thinking about how the network is put together can help slow down or stop the spread of an attack, even if the intruders have successfully breached the perimeter.
Ransomware: Why do backups fail when you need them most?
blog.malwarebytes.com/malwarebytes-news/2021/10/ransomware-why-do-backups-fail-when-you-need-them-most/ It’s widely known, and endlessly repeated, that the last, best line of defence against the potentially devastating effects of a ransomware attack is your backups. “We’re also feeling relatively confident, we have a very good backup system and then we find out at about four or five hours after the attack that our backup system is completely gone.”
DarkSide ransomware rushes to cash out $7 million in Bitcoin
www.bleepingcomputer.com/news/security/darkside-ransomware-rushes-to-cash-out-7-million-in-bitcoin/ Almost $7 million worth of Bitcoin in a wallet controlled by DarkSide ransomware operators has been moved in what looks like a money laundering rollercoaster. The funds have been moving to multiple new wallets since yesterday, a smaller amount being transferred with each transaction to make the money more difficult to track.
Groove ransomware calls on all extortion gangs to attack US interests
www.bleepingcomputer.com/news/security/groove-ransomware-calls-on-all-extortion-gangs-to-attack-us-interests/ The Groove ransomware gang is calling on other extortion groups to attack US interests after law enforcement took down REvil’s infrastructure last week.
Recycled Cobalt Strike key pairs show many crooks are using same cloned installation
www.theregister.com/2021/10/22/cobalt_strike_virustotal_key_discovery/ Around 1, 500 Cobalt Strike beacons uploaded to VirusTotal were reusing the same RSA keys from a cracked version of the software, according to a security researcher who pored through the malware repository. The discovery could make blue teams’ lives easier by giving them a clue about whether or not Cobalt Strike traffic across their networks is a real threat or an action by an authorised red team carrying out a penetration test.
Crypto-miner found hidden inside three npm libraries
Terveystietoja ja henkilötunnuksia saattoi päätyä paperinkeräykseen Utajärvellä
yle.fi/uutiset/3-12156589 Mahdollisesti jopa satojen ihmisten terveys- ja henkilötietoja päätyi vahingossa paperinkeräykseen Pohjois-Pohjanmaalla.
Didier Stevens – New tool
blog.didierstevens.com/2021/10/22/new-tool-cs-decrypt-metadata-py/ cs-decrypt-metadata.py is a new tool, developed to decrypt the metadata of a Cobalt Strike beacon.