Our news
-
ALPHV Ransomware: A Closer Look into the Russian Ransomware Group
In recent years, the Russian-based ALPHV ransomware group, also known as BlackCat, Noberus, Gold Blazer, and Alpha Spider, has emerged as a formidable cyber threat, targeting organizations worldwide and operating with a ransomware-as-a-service (RaaS) business model. With their advanced tactics and persistent attacks, ALPHV has become a significant player in the ransomware landscape targeting over…
-
CISA and FBI Release #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability
CISA and FBI released a joint Cybersecurity Advisory (CSA) [CL0P Ransomware Gang Exploits MOVEit Vulnerability] in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This [joint guide] provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) identified through FBI investigations as recently as May this year. Additionally, it provides immediate actions to…
-
#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability
SUMMARY Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov…
-
Cactus Ransomware Group: An Emerging Threat in 2023
In today’s ever-evolving cybersecurity landscape, staying ahead of emerging threats is crucial. One threat that has recently taken the stage is the Cactus Ransomware Group. This clandestine organization has captured the attention of cybersecurity professionals worldwide, causing significant concern. In this blog post, we aim to explore the inner workings, tactics, and effective mitigation strategies…
-
CISA and Partners Release the Guide to Securing Remote Access Software
Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Israel National Cyber Directorate (INCD) published the Guide to Securing Remote Access Software to provide organizations with an overview of common remote access exploitations and associated tactics, techniques, and procedures (TTPs). The Guide…
-
Vulnerability Summary for the Week of May 29, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which…
-
Progress Software Releases Security Advisory for MOVEit Transfer
Progress Software has released a security advisory for a vulnerability in MOVEit Transfer—a Managed File Transfer Software. A cyber threat actor could exploit this vulnerability to take over an affected system. CISA urgers users and organizations to review the MOVEit Transfer Advisory, follow the mitigation steps, apply the necessary updates, and hunt for any malicious activity.…
-
Vulnerability Summary for the Week of May 22, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD…
-
CISA Warns of Hurricane/Typhoon-Related Scams
CISA urges users to remain on alert for malicious cyber activity following a natural disaster such as a hurricane or typhoon, as attackers target potential disaster victims by leveraging social engineering tactics, techniques, and procedures (TTPs). Social engineering TTPs include phishing attacks that use email or malicious websites to solicit personal information by posing as…
-
Vice Society: One of the Most Impactful Ransomware Gangs of 2022
Vice Society (also known as Vice Spider, DEV-0832, and Vanilla Tempest) is identified as a Russian-based group specializing in intrusion, exfiltration, and extortion. Operating since the summer of 2021, Vice Society sets itself apart from other ransomware groups by deviating from the typical ransomware-as-a-service (RaaS) model. Instead of developing their own custom ransomware payload, they…