Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
TM RedHotCyber 320x100 042514
Banner Ancharia Desktop 1 1

Tag: Malware

Play Ransomware Claims Attack on MIPS Technologies

Pietro Melillo 18/07/2024

In the last few hours, the Data Leak site of the ransomware gang Play Ransomware has published a new claim: the giant MIPS Technologies (www.mips.com) has been the victim of an attack. Although the official publication is scheduled for July 19, 2024, the site has already made some details public, raising concerns among the company’s partners and customers. Play Ransomware Play Ransomware is one of the many ransomware gangs that have emerged in recent years. These criminal groups operate by encrypting victims’ data and demanding a ransom for restoration. Play Ransomware is distinguished by its strategy of publishing stolen data on Data

RHC interviews Ransomcortex, the gang targeting Hospitals. “pay the ransom, we won’t even spare the CEO’s family.”

RHC Dark Lab 15/07/2024

Ransomcortex is a new cyber ransomware gang that resonates menacingly in the healthcare sector. This group has quickly attracted attention for its specialization in attacks on healthcare facilities, striking four institutions in a matter of days, including three in Brazil and one in Canada. This group demonstrated extraordinary efficiency and a clear “on target” strategy, highlighting the vulnerability of a sector already under tremendous pressure. Ransomcortex’s targeted focus on healthcare organizations raises crucial questions: why this sector and what are the real targets of these criminals? Extremely sensitive and valuable health information is a tempting target for financial fraud, extortion, and black

Hospitals tremble! Ransomcortex arrives. ransomware gang targeting healthcare facilities

RHC Dark Lab 12/07/2024

Recently, the landscape of cyber threats has been enriched by the emergence of a new ransomware group named “Ransomcortex”. This group is distinguished by its specialization in attacking healthcare facilities, having already collected four victims within a few days of its first appearance. Among these, three are Brazilian healthcare facilities and one is Canadian. The preference for attacks on the healthcare sector is not new, but Ransomcortex represents a significant evolution of this trend. Historical Context The interest of cybercriminals in healthcare organizations dates back several years, but recently there has been a significant increase in these attacks. One of the first

RHC interviews Vanir Group. Former affiliates of LockBit, Karakurt and Knight united to extort money: ‘Hire professionals, don’t be cheap’

RHC Dark Lab 12/07/2024

New threat actors often emerge every day to destabilize the digital foundations of organizations around the world. One of the most recent and disturbing cybergangs uncovered by Darklab of Red Hot Cyber team is the VANIR group, a collective known for its ruthless ransomware operations. This exclusive interview, conducted by Dark Lab group, sheds light on an enemy as mysterious as it is dangerous. “You have to know the demons to learn how to counter them.” This phrase, frequently quoted by Red Hot Cyber in conferences and articles, underscores the importance of understanding the modus operandi of cyber criminals. Knowing the “demons”

Critical Vulnerabilities in Splunk Enterprise Enable Remote Code Execution

Pietro Melillo 03/07/2024

Splunk, a leading provider of software for searching, monitoring, and analyzing machine-generated big data, has released urgent security updates for its flagship product, Splunk Enterprise. These updates address multiple critical vulnerabilities that pose significant security risks, including the potential for remote code execution (RCE). The affected versions include 9.0.x, 9.1.x, and 9.2.x, and the vulnerabilities were identified by both internal and external security researchers. Key Vulnerabilities Addressed The critical vulnerabilities patched in these updates are as follows: Additional Vulnerabilities In addition to the aforementioned critical issues, several Cross-Site Scripting (XSS) vulnerabilities have been addressed. XSS vulnerabilities allow attackers to inject malicious scripts

Cambridge University Press & Assessment Ends Up in the DLS of INC Ransomware

Pietro Melillo 29/06/2024

In a recent cyberattack, the cybercriminal group known as “INC Ransomware” declared that they had breached the systems of Cambridge University Press & Assessment, employing a double extortion strategy. This tactic, increasingly common among ransomware groups, involves the theft and encryption of the victim’s data, followed by the threat of publicly disclosing the data if a ransom is not paid. The Attack on Cambridge University Press & Assessment On June 24, 2024, the INC Ransomware group published information related to the attack on their disclosure blog, including stolen documents as proof of the intrusion. Cambridge University Press & Assessment, one of the

Cyber ​​catastrophe in sight? The new Bug on MOVEit has an Online PoC Exploit

RHC Dark Lab 27/06/2024

In the realm of cybersecurity, vulnerabilities constantly represent a significant risk for businesses and institutions. Many system administrators may recall CVE-2023-34362 from last year, a catastrophic vulnerability in Progress MOVEit Transfer that shook the industry, affecting high-profile victims like the BBC and the FBI. Sensitive data was leaked and destroyed as the cl0p ransomware gang exploited zero-day vulnerabilities to steal data, leaving a trail of chaos. Today, a new threat emerges on the horizon: the CVE-2024-5806 vulnerability. The Past: CVE-2023-34362 CVE-2023-34362 (https://nvd.nist.gov/vuln/detail/CVE-2023-34362) represents one of the most critical vulnerabilities that hit Progress MOVEit Transfer, a widely used software for secure file transfer.

KillSec Announces New Ransomware-as-a-Service (RaaS) Platform

RHC Dark Lab 26/06/2024

June 25, 2024 – KillSec, a well-known hacktivist group, has announced the launch of their latest offering on their Telegram channel: KillSec RaaS (Ransomware-as-a-Service). This new platform promises to enhance the capabilities of aspiring cybercriminals by providing advanced tools and user-friendly features. Post from KillSec’s Telegram Channel Advanced Locker in C++ One of the main features of KillSec RaaS is its advanced locker, written in C++. This programming language is known for its efficiency and performance, making the locker both powerful and fast. The locker is designed to encrypt files on the victim’s machine, rendering them inaccessible without a decryption key, which

lockbit

LockBit: The Bluff of Double Extortion Against the Federal Reserve

RHC Dark Lab 26/06/2024

In recent years, the cybersecurity landscape has been dominated by the growing threat posed by ransomware groups. Among these, LockBit has emerged as one of the most notorious and feared. However, a recent event has called their credibility into question: the announcement of a supposed double extortion against the Federal Reserve, which turned out to be a bluff. The Context: Who is LockBit? LockBit is a cybercriminal group known for using ransomware as their main weapon. Active since 2019, this group specializes in targeted attacks against large companies and institutions. Their attack strategy is often based on the technique of “double extortion,”

Category