ransomware

Pierluigi Paganini September 08, 2023
Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. Cisco warns that a zero-day vulnerability (CVE-2023-20269) in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) is actively exploited by ransomware groups to gain initial access to corporate networks. An unauthenticated, remote attacker can exploit […]

Pierluigi Paganini September 03, 2023
LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)

The LockBit ransomware gang claims to have breached the Commission des services electriques de Montréal (CSEM). The LockBit ransomware group continues to be one of the most active extortion gangs in the threat landscape. This week the gang claimed to have hacked the Commission des services electriques de Montréal (CSEM). The Commission des services électriques […]

Pierluigi Paganini September 01, 2023
Researchers released a free decryptor for the Key Group ransomware

Researchers released a free decryptor for the Key Group ransomware that allows victims to recover their data without paying a ransom. Threat intelligence firm EclecticIQ released a free decryption tool for the Key Group ransomware (aka keygroup777) that allows victims to recover their data without paying a ransom. The Key Group ransomware gang has been […]

Pierluigi Paganini August 29, 2023
FIN8-linked actor targets Citrix NetScaler systems

A financially motivated actor linked to the FIN8 group exploits the CVE-2023-3519 RCE in attacks on Citrix NetScaler systems in massive attacks. Sophos X-Ops is tracking an ongoing campaign, which is targeting Citrix NetScaler systems, conducted by threat actors linked to the FIN8 group [BleepingComputer, SOCRadar]. The hackers are exploiting the remote code execution, tracked […]

Pierluigi Paganini August 28, 2023
Rhysida ransomware group claims the hack of Prospect Medical

The Rhysida ransomware group claimed to have hacked Prospect Medical Holdings and sensitive information from the company. In early August, a cyberattack disrupted the computer systems of multiple hospitals operated by Prospect Medical Holdings, which are located in multiple states, including California, Texas, Connecticut, Rhode Island, and Pennsylvania. Some emergency rooms in multiple hospitals in […]

Pierluigi Paganini August 21, 2023
BlackCat ransomware group claims the hack of Seiko network

The BlackCat/ALPHV ransomware group claims to have hacked the Japanese maker of watches Seiko and added the company to its data leak site. On August 10, 2023, the Japanese maker of watches Seiko disclosed a data breach following a cyber attack. “Seiko Group Corporation (hereinafter referred to as “the Company” or “we”) has confirmed that […]

Pierluigi Paganini August 07, 2023
The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO

Senior official reports a quadruple increase in ransomware attacks against Finland since it started the process to join NATO. The number of ransomware attacks targeting Finland has increased fourfold since the country began the process of joining NATO in 2023. The news was reported by Recorded Future News which interviewed Sauli Pahlman, the deputy director […]

Pierluigi Paganini August 06, 2023
Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

The Colorado Department of Higher Education (CDHE) finally disclosed a data breach impacting students, past students, and teachers after the June attack. In June a ransomware attack hit the Colorado Department of Higher Education (CDHE), now the organization disclosed a data breach. CDHE did not disclose the number of impacted individuals. CDHE discovered the ransomware […]

Pierluigi Paganini July 20, 2023
ALPHV/BlackCat and Clop gangs claim to have hacked cosmetics giant Estée Lauder

The American cosmetics giant company Estée Lauder was hacked by two distinct ransomware groups, the ALPHV/BlackCat and Clop gangs. Yesterday the cybersecurity expert @sonoclaudio first alerted me about a strange circumstance, two ransomware actors, ALPHV/BlackCat and Clop, claim to have hacked the cosmetics giant company Estée Lauder and added the company to their Tor leak […]

Pierluigi Paganini July 05, 2023
The Port of Nagoya, the largest Japanese port, suffered a ransomware attack

The Port of Nagoya, the largest port in Japan, suffered a ransomware attack that severely impacted its operations. The Port of Nagoya, in the Ise Bay, is the largest and busiest trading port in Japan, accounting for about 10% of the total trade value of Japan. Notably, this port is the largest exporter of cars […]