Brett Callow of Emsisoft broke the unpleasant news on Twitter last night — REvil’s dedicated leak site, “The Happy Blog,” which had disappeared after the Kaseya supply chain attack, had reappeared at its old onion address. Unfortunately, the Happy Blog is back online #REvil pic.twitter.com/vMr9qTOht2 — Brett Callow (@BrettCallow) September 7, 2021 There were no…
Category: Commentaries and Analyses
Afghanistan becomes the primary target for ransomware attacks following Taliban takeover
Paul Skeldon reports; The recent Taliban takeover of the government in Afghanistan has brought a lot of chaos upon the nation – and cybercriminals are seeing that such disorder in the country is another chance for them to benefit. According to the Atlas VPN team data analysis, Afghanistan became the primary target for ransomware attacks worldwide in…
Microsoft Outlook shows real person’s contact info for IDN phishing emails
Ax Sharma reports: If you receive an email from someone@arstechnіca.com, is it really from someone at Ars? Most definitely not—the domain in that email address is not the same arstechnica.com that you know. The ‘і’ character in there is from the Cyrillic script and not the Latin alphabet. This isn’t a novel problem, either. Up until a few…
North Korean hackers breach prominent defector’s accounts in targeted attack
Jeongmin Kim and Nils Weisensee report: In a multilingual social engineering attack, North Korean hackers broke into several accounts of a prominent defector and used their access to send a malicious document to a contact working on DPRK issues, an NK News investigation found. The attackers also used one of the accounts to message journalists at NK News in…
Chinese hackers behind July 2021 SolarWinds zero-day attacks
Catalin Cimpanu reports: In mid-July this year, Texas-based software provider SolarWinds released an emergency security update to patch a zero-day in its Serv-U file transferring technology that was being exploited in the wild. At the time, SolarWinds did not share any details about the attacks and only said that it learned of the bug from…
NC: Sandhills Center Provides Notice of Potential Data Theft
On July 30, 2021, DataBreaches.net reported on a claimed cyberattack against Sandhills Center in North Carolina. Data for sale had shown up on the “Marketo” site, and when DataBreaches.net looked at the “proof packs,” of data, they included psychological evaluations and other documents with personal and sensitive information. Much of the data was old, and…