Posts

Cybersecurity Updates For Week 9 of 2022

DORA’s Global Reach and Why Enterprises Need to Prepare

A new cybersecurity regulation is coming to the European financial services sector, and its authority will be felt worldwide.

Read more:
https://www.darkreading.com/risk/dora-s-global-reach-and-why-enterprises-need-to-prepare

Shadowserver Special Reports – Cyclops Blink

On 2022-03-03 we sent out a second special report with an additional 673 IPs likely infected with Cyclops Blink, observed on 2022-02-24.

Read more:
https://www.shadowserver.org/news/shadowserver-special-reports-cyclops-blink/

Free HermeticRansom Ransomware Decryptor Released

A free decryptor is out to unlock a ransomware found piggybacking on the HermeticWiper data wiper malware that ESET and Broadcom’s Symantec discovered targeting machines at financial, defense, aviation and IT services outfits in Ukraine, Lithuania and Latvia last week.

Read More:
https://threatpost.com/free-hermeticransom-ransomware-decryptor-released/178762/

Other news worth mentioning:

Conti Ransomware Group Diaries, Part I: Evasion
Conti Ransomware Group Diaries, Part II: The Office
Conti Ransomware Group Diaries, Part III: Weaponry
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks

Cybersecurity Updates For Week 8 of 2022

New Data-Wiping Malware Discovered on Systems in Ukraine

Researchers were scrambling to analyze a newly discovered piece of data-wiping malware found in the wild.

Read more:
https://www.darkreading.com/attacks-breaches/new-data-wiping-malware-discovered-on-systems-in-ukraine

Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure

The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years.

Read more:
https://thehackernews.com/2022/02/notorious-trickbot-malware-gang-shuts.html

Microsoft Exchange Bugs Exploited by ‘Cuba’ Ransomware Gang

The ransomware gang known as “Cuba” is increasingly shifting to exploiting Microsoft Exchange vulnerabilities – including ProxyShell and ProxyLogon – as initial infection vectors, researchers have found.

Read More:
https://threatpost.com/microsoft-exchange-exploited-cuba-ransomware/178665/

Other news worth mentioning:

Russia Sanctions May Spark Escalating Cyber Conflict
Redcar and Cleveland Council: Four serious data breaches reported
How to Use Google Chrome’s Enhanced Safety Mode
Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store