Commentaries and Analyses – Page 278

New .avos2 variant: AvosLocker affiliate extorts $ 85k from victim thanks to old vulnerability in FortiGate VPN

Posted on September 10, 2021 by Dissent

Marco A. De Felice reports: An affiliate of the AvosLocker ransomware group extorts $ 85,000 in bitcoin from a company thanks to a known vulnerability in FortiGate VPN ( CVE-2018-13379 ). A vulnerability that the American multinational had corrected THANKS TO AN UPDATE released IN NOVEMBER 2019 . Those who have not updated their systems are a small company that…

Groove VS Babuk; Groove Ransom Manifesto & RAMP Underground Platform Secret

Posted on September 10, 2021 by Dissent

I’m not sure if you need to be a threat analyst, a drama critic, or a bit of both these days. But Yelisey Boguslavskiy & Anastasia Sentsova of AdvIntel dive in to some of the recent goings on: On September 7, 2021, a representative of the newly-formed Groove ransomware syndicate decided to share their insights…

United Nations’ Computers Breached by Hackers Earlier This Year – Resecurity

Posted on September 9, 2021 by Dissent

William Turton and Kartikay Mehrotra of Bloommberg report: Hackers breached the United Nations’ computer networks earlier this year and made off with a trove of data that could be used to target agencies within the intergovernmental organization. The hackers’ method for gaining access to the UN network appears to be unsophisticated: They likely got in…

REvil ransomware’s servers reappear without fanfare or explanation

Posted on September 8, 2021 by Dissent

Brett Callow of Emsisoft broke the unpleasant news on Twitter last night — REvil’s dedicated leak site, “The Happy Blog,” which had disappeared after the Kaseya supply chain attack, had reappeared at its old onion address. Unfortunately, the Happy Blog is back online #REvil pic.twitter.com/vMr9qTOht2 — Brett Callow (@BrettCallow) September 7, 2021 There were no…

Afghanistan becomes the primary target for ransomware attacks following Taliban takeover

Posted on September 8, 2021 by Dissent

Paul Skeldon reports; The recent Taliban takeover of the government in Afghanistan has brought a lot of chaos upon the nation – and cybercriminals are seeing that such disorder in the country is another chance for them to benefit. According to the Atlas VPN team data analysis, Afghanistan became the primary target for ransomware attacks worldwide in…

Microsoft Outlook shows real person’s contact info for IDN phishing emails

Posted on September 8, 2021 by Dissent

Ax Sharma reports: If you receive an email from someone@arstechnіca.com, is it really from someone at Ars? Most definitely not—the domain in that email address is not the same arstechnica.com that you know. The ‘і’ character in there is from the Cyrillic script and not the Latin alphabet. This isn’t a novel problem, either. Up until a few…