REvil Affiliates Confirm: Leadership Were Cheating Dirtbags
After news of REvil's rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in "Hackers Court." [...]
After news of REvil's rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in "Hackers Court." [...]
It's the second agricultural business to be seized this week and portends a bitter harvest with yet another nasty jab at critical infrastructure. [...]
A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates’ cuts of ransom payments. [...]
VMware urged immediate patching of the max-severity, arbitrary file upload flaw in Analytics service, which affects all appliances running default 6.5, 6.7 and 7.0 installs. [...]
“TinyTurla,” simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years. [...]
Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out. [...]
Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam. [...]
The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August. [...]
Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil's servers went belly-up on July 13. [...]
On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit. [...]
Imperva's Elad Erez discusses findings that 46 percent of on-prem databases are sitting ducks, unpatched and vulnerable to attack, each with an average of 26 flaws. [...]
Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches. [...]
How did Kaseya get a universal decryptor after a mind-bogglingly big ransomware attack? A REvil coder misclicked, generated & issued it, and “That’s how we sh*t ourselves.” [...]
They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit. [...]
Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers. [...]
There are a lot of "tells" that the ransomware group doesn't understand how negotiators work, despite threatening to dox data if victims call for help. [...]
The attackers are indiscriminately striking thousands of victims worldwide with their new “Chimaera” campaign. [...]
Investigators/the FBI/ransomware negotiators just screw everything up, the ransomware gang said, threatening to publish files if victims look for help. [...]
The privacy-touting, end-to-end encrypted email provider erased its site's “we don’t log your IP” boast after France sicced Swiss cops on it. [...]
Verizon DBIR is already funny, useful & well-written, and it just got better with mapping to MITRE ATT&CK TTPs. The marriage could finally bring answers to "What are we doing right?" instead of the constant reminders of what's not working in fending off threats. [...]
The FTC's first spyware ban nixes a company whose "slipshod" security practices led to exposure of thousands of victims' illegally collected personal data. [...]
There's proof-of-concept code out for the near-maximum critical – rated at 9.8 – authentication bypass bug, but Cisco hasn't seen any malicious exploit yet. [...]
The ransomware gang claims to have pulled off successful attacks against two airlines and one airport with help from its Accenture attack. [...]
Cybercrooks are posting help-wanted ads on dark web forums, promising to do the technical work of compromising email accounts but looking for native English speakers to carry out the social-engineering part of these lucrative scams. [...]
The NAS maker issued two security advisories about the RCE and DoS flaws, adding to a flurry of advisories from the vast array of companies whose products use OpenSSL. [...]