Attackers are exploiting a recently-patched, critical vulnerability in F5 devices that have not yet been updated. The unauthenticated remote command execution flaw (CVE-2021-22986) exists in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure, and could allow attackers to take full control over a vulnerable system.
Cybercrime as-a-service , Fraud Management & Cybercrime , Malware as-a-Service Fresh Ransomware-as-a-Service Operations Seek Affiliates for Extorting New Victims Mathew J. Schwartz (euroinfosec) • August 26, 2021 Extracts from ransomware operators’ ransom notes and data-leak sites After a string of high-profile hits in the middle of this year, a number of the largest…
Justice Department Tracked the Payment to an FBI-Controlled Bitcoin Wallet Doug Olenick (DougOlenick) • June 7, 2021 The U.S. Justice Department on Monday reported it recouped $2.3 million of the $4.4 million ransom Colonial Pipeline Co. paid following a May 7 DarkSide ransomware attack. The DOJ’s Ransomware and Digital Extortion Task Force…
A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry. Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor’s tactics by going beyond the usual…
Crooks stole driver’s license numbers from Geico auto insurer | IT Security News 20. April 2021 Car insurance provider Geico has suffered a data breach, attackers have stolen the driver’s licenses for policyholders for several weeks. Geico, the second-largest auto insurer in the U.S., has suffered a data breach, threat actors exploited a now-fixed bug in…
Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management Director of HSE, Nation’s Healthcare System, Describes the Costs Akshaya Asokan (asokan_akshaya) • June 24, 2021 The recovery costs for the May ransomware attack on Health Service Executive, Ireland’s publicly funded healthcare system, is likely to total…
New Pingback Malware Using ICMP Tunneling to Evade C&C Detection | IT Security News 4. May 2021 Researchers on Tuesday disclosed a novel malware that uses a variety of tricks to stay under the radar and evade detection, while stealthily capable of executing arbitrary commands on infected systems.Called ‘Pingback,’ the Windows malware leverages Internet Control…
