Since its emergence in February 2024, RansomHub has quickly become one of the most prominent ransomware groups, surpassing established players like LockBit. This article explores RansomHub’s origins, tactics, and some of its most significant attacks. RansomHub: Origins and Structure RansomHub first appeared on the cybercrime scene in early 2024, announcing itself as a new ransomware-as-a-service…
Read More
A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. As Akamai security researchers found, a CVE-2024-47176 security flaw in the cups-browsed daemon that can be chained with three other bugs to gain remote code execution…
Read More
ESET researchers observed several campaigns targeting governmental institutions in Thailand, starting in 2023. These attacks leveraged revamped versions of components previously attributed by other researchers to the China-aligned advanced persistent threat (APT) group Mustang Panda, and later, a new set of tools that abuse service providers such as Pastebin, Dropbox, OneDrive, and GitHub to execute…
Read More
The Microsoft-DOJ effort has aimed to disrupt the group Star Blizzard—tied to Russia’s Federal Security Service (FSB)—which has been ‘targeting Microsoft customers globally.’ Microsoft disclosed details Thursday about a recent effort to disrupt the activities of a “relentless” Russia-linked threat group, which has targeted Microsoft customers worldwide including in the U.S., the company said. The…
Read More
Fake trading apps on Google Play and Apple’s App Store lure victims into “pig butchering” scams that have a global reach. The apps have been removed from the official Android and iOS stores after accumulating several thousand downloads, say researcher at cybersecurity company Group-IB, who discovered the fraud. Pig butchering is the name of a scam…
Read More
The national Dutch police (Politie) says that a state actor was likely behind the data breach it detected last week. The attack compromised police office contact details, names, email addresses, phone numbers, and in some cases, private details. According to the original report, the attacker had hacked a police account and stole work-related contact details…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-107 DATE(S) ISSUED: 10/01/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large…
Read MoreWe recommend the following actions be taken: * Apply appropriate updates provided by Zimbra to vulnerable systems immediately after appropriate testing. (**[M1051](https://attack.mitre.org/mitigations/M1051/): Update Software**) * **Safeguard 7.1: Establish and Maintain a Vulnerability Management Process:** Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes…
Read More
Microsoft and the Justice Department have seized over 100 domains used by the Russian ColdRiver hacking group to target United States government employees and nonprofit organizations from Russia and worldwide in spear-phishing attacks. In December, the United Kingdom and its Five Eyes allies linked this threat group to Russia’s Federal Security Service (FSB), the country’s…
Read More
‘So much of Tableau’s success is thanks to our partners’ investment in our customers,’ says Tableau CEO Ryan Aytay. Salesforce plans to roll out a Tableau Einstein Alliance partner community in February with the goal of furthering artificial intelligence and AI agent creation and delivery through access to experts, marketing materials and product road map…
Read More