Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
Enterprise BusinessLog 320x200 1
Banner Ancharia Desktop 1 1

Tag: forum underground

Ransomware Gangs weaponize Windows Defender Application Control (WDAC) to disable EDR products.

Alex Necula 13/01/2025

In the past days we saw that Ransomware Gangs use WDAC to disable EDR products. I have known this type of attack for a year when a guy posts a similar technique on Twitter, but this is the first time that was used in Ransomware Attacks. So, it’s time to explain how it works and how to check it. First, the WDAC is a feature of Microsoft that is very similar to App Locker. We need to download Application Control Wizard from Microsoft webpage. After we install it, we can open it and define the policy. Here we can do two things,

Harley-Davidson Targeted by Cyber ​​Criminals: 888 Claims Data Breach

RHC Dark Lab 31/12/2024

Recently, a threat actor on an underground forum posted an alleged data breach. According to reports, the famous American company Harley-Davidson has been the victim of a data breach that has exposed thousands of sensitive information relating to its customers. At this time we cannot confirm the veracity of the news, as the organization has not yet released any official press release on its website regarding the incident. Therefore, this article should be considered as an “intelligence source”. Details of the alleged infringement According to the threat actor, the data breach would have taken place in December 2024 and would have exposed

IntelBroker Claims Tesla Charging Database Breach

Redazione RHC 20/11/2024

Recently, the threat actor known as IntelBroker , posted an alleged data breach. The post, which appeared on the BreachForums platform, claims that Tesla’s charging station database has been compromised and made available for download. At this time we cannot confirm the veracity of the news, as the organization has not yet released any official press release on its website regarding the incident. Therefore, this article should be considered as an “intelligence source”. Introduction on the violation The post, published on BreachForums, revealed that the Tesla charging station database has been made available for download. According to the announcement, the database contains approximately 116,000 records

The Story Of Conti Ransomware – Origins and Evolution of the RaaS Model (Episode 1)

Alessio Stefan 30/09/2024

Ransomware, a malware designed to encrypt data making them restorable only with the use of a private key. Relatively simple math is all that threat actors out there needs to disrupt networks around the globe, once lock out you can get your plain data back just in one way : cripto payment. The real first Ransomware ever discovered was made by Joseph L. Popp Jr. with his malware called AIDS. Isolated in 1989, the program was stored inside a Floppy Disk with the label “AIDS Information Introductory”, sent in the email of 20,000 of WHO conference in Stockholm. Once opened the C:

RHC Interviews Lynx Ransomware. The cyber-gang offering Pentest services ensuring privacy

RHC Dark Lab 23/09/2024

In July 2024, the Lynx group burst into the RaaS world, which from the outset demonstrated above-average aggressiveness and success in attacks with a total of 22 victims featured on their Data Leak Site (also available in the clearnet). Lynx’s victim categories are mainly Construction (ex:/ Miller Boskus Lack Architects and True Blue Environmental), Finance (ex:/ Pyle Group) and Hotel (ex:/ Warwick Hotels & Resorts andRiverside Resort Hotel & Casino). Lynx performs double extortion techniques and a high frequency of attacks in the U.S. but also in the UK, Canada, and Australia. The group describes their activities as exclusively “financially motivated” and

Category