Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
Fortinet 320x100px
Redhotcyber Banner Sito 970x120px Uscita 101125

Tag: dark web

RHC interviews Vanir Group. Former affiliates of LockBit, Karakurt and Knight united to extort money: ‘Hire professionals, don’t be cheap’

RHC Dark Lab 12/07/2024

New threat actors often emerge every day to destabilize the digital foundations of organizations around the world. One of the most recent and disturbing cybergangs uncovered by Darklab of Red Hot Cyber team is the VANIR group, a collective known for its ruthless ransomware operations. This exclusive interview, conducted by Dark Lab group, sheds light on an enemy as mysterious as it is dangerous. “You have to know the demons to learn how to counter them.” This phrase, frequently quoted by Red Hot Cyber in conferences and articles, underscores the importance of understanding the modus operandi of cyber criminals. Knowing the “demons”

Cambridge University Press & Assessment Ends Up in the DLS of INC Ransomware

Pietro Melillo 29/06/2024

In a recent cyberattack, the cybercriminal group known as “INC Ransomware” declared that they had breached the systems of Cambridge University Press & Assessment, employing a double extortion strategy. This tactic, increasingly common among ransomware groups, involves the theft and encryption of the victim’s data, followed by the threat of publicly disclosing the data if a ransom is not paid. The Attack on Cambridge University Press & Assessment On June 24, 2024, the INC Ransomware group published information related to the attack on their disclosure blog, including stolen documents as proof of the intrusion. Cambridge University Press & Assessment, one of the

Threat Actor “DragonForce” Seeks New Partners 

RHC Dark Lab 27/06/2024

A recent post on a dark web forum reveals that a cybercriminal group known as “DragonForce” is actively seeking new partners to join their Ransomware-as-a-Service (RaaS) operation. This recruitment drive is aimed at expanding their capabilities by incorporating specialists from various fields, particularly access specialists and pentesters, or teams of pentesters. Recruitment Details According to the post, DragonForce is offering an attractive partnership deal to entice skilled individuals and teams: Operational Capabilities The post highlights several key features of DragonForce’s operation that are designed to support their partners: Organizational Structure DragonForce operates with a defined organizational structure, maintaining a hierarchical system to

Cyber ​​catastrophe in sight? The new Bug on MOVEit has an Online PoC Exploit

RHC Dark Lab 27/06/2024

In the realm of cybersecurity, vulnerabilities constantly represent a significant risk for businesses and institutions. Many system administrators may recall CVE-2023-34362 from last year, a catastrophic vulnerability in Progress MOVEit Transfer that shook the industry, affecting high-profile victims like the BBC and the FBI. Sensitive data was leaked and destroyed as the cl0p ransomware gang exploited zero-day vulnerabilities to steal data, leaving a trail of chaos. Today, a new threat emerges on the horizon: the CVE-2024-5806 vulnerability. The Past: CVE-2023-34362 CVE-2023-34362 (https://nvd.nist.gov/vuln/detail/CVE-2023-34362) represents one of the most critical vulnerabilities that hit Progress MOVEit Transfer, a widely used software for secure file transfer.

ClamAV

ClamAV and signatures generation

Andrea Cavallini 02/05/2024

Threat intelligence has many fields of application, starting from control of infrastructures using automation processes to security increasing the perimeter of applications and solutions in general. One of the most common applications of this concept is antimalware tools, which enterprise antivirus solutions are preferable rather than open sources due to two main aspects: enterprise solutions are covered by official support in case of any type of problem (even if this is not always true due to different type of subscriptions) and signatures in the enterprise tools are more precise and updated than open sources. What can we do to perform a significant

Category