-
Clop hackers enter ransomware phase after massive GoAnywhere hack
After a month of silence, the group finally began to demand money from the victims of the latest attack.In mid-February, the Clop ransomware gang publicly claimed to have stolen the data of more than 130 companies through a zero-day vulnerability in Fortra's GoAnwhere MFT product. Now the group has begun extorting money from companies whose data was stolen in the hack.Since the public announcement by Clop, only 2 of the 130 companies they have announced, Community Health Systems and Hatch Bank, have officially confirmed that their data was indeed stolen during the attack on the...
-
Iron Tiger hackers distribute Linux version of their SysUpdate malware
The hacker group APT27, also known as "Iron Tiger", has prepared a new version of its SysUpdate malware for Linux. The remote access program allows attackers to target more services in use in the enterprise.Hackers first tested the Linux version of the software in July 2022, according to a new Trend Micro report. However, it wasn't until October 2022 that a few payloads started showing up in the wild (ITW).The new malware variant is written in C++ using the Asio library. And its functionality, in general, is very similar to the Windows version of SysUpdate.The...
-
Bitdefender releases decryptor for new MortalKombat threat
Security company Bitdefender has released a free decryptor for the MortalKombat ransomware, with which victims can recover their files without paying a ransom.MortalKombat ransomware was discovered in January 2023 by the Cisco Talos team. The ransomware primarily targets systems in the US, UK, Turkey, and the Philippines. At the moment, nothing is known about its developers and operating model. The name of the ransomware and the wallpaper it drops on the victim system are a reference to the Mortal Kombat media franchise, according to analysts.The MortalKombat decryptor is a separate executable file that does not...
-
Coaxil - god of death
For many drug users, expensive substances are not available, so they always bought synthetic substitutes and drugs.Special demand, previously used coaxil. This drug was considered harmless, it was used to treat heroin and alcohol addiction. But, many resourceful comrades came up with the idea of using coaxil as an intoxicant.In general, coaxil is a simple antidepressant. It can be bought at any pharmacy. The instructions say that it is not addictive. But in reality, it is not. Provokes an increase in activity and euphoria, similar to the effect of heroin.In high doses, this drug is...
-
New GoBruteforcer Botnet Targets phpMyAdmin, MySQL, FTP, Postgres Applications
Malware operators are expected to adapt it for all possible platforms.A recently discovered Golang-based botnet called GoBruteforcer scans and infects web servers running "phpMyAdmin", "MySQL", "FTP" and "Postgres" services. This was stated by security researchers from Palo Alto Networks Unit 42, who were the first to discover the botnet in the wild.According to experts, GoBruteforcer is compatible with x86, x64 and ARM architectures. Malware enumerates accounts with weak or default passwords to compromise vulnerable *nix devices.For each target IP address, the malware starts looking for "phpMyAdmin", "MySQL", "FTP", and "Postgres" services. After detecting an open...
-
Parallax RAT attacks cryptocurrency companies with sophisticated malware injection techniques
Cryptocurrency organizations have become a new target for attack as part of a malicious campaign to distribute the Parallax RAT remote access trojan. Malware “uses injection techniques to hide in legitimate processes, making it harder to detect,” according to a new Uptycs report. "Once the Trojan has been successfully injected, the attackers can interact with their victim via Windows Notepad, which likely serves as a communication channel."Parallax RAT gives hackers remote access to compromised computers. It comes with features for uploading and downloading files, as well as recording keystrokes and screenshots.Parallax has been in use...
-
New framework for post-exploitation Exfiltrator-22 from the creators of LockBit
Security company CYFIRMA said that unknown hackers are promoting a new framework called "Exfiltrator-22" designed to spread ransomware on corporate networks and evade detection.The researchers claim that Exfiltrator-22 was created by former Lockbit 3.0 affiliates who are experts in anti-analysis and defense evasion, offering a robust solution for a monthly fee.Prices for the Exfiltrator-22 range from $1,000 per month to $5,000 for a lifetime license, offering ongoing updates and support. Buyers of the framework are provided with an admin panel hosted on a bulletproof VPS server (Bulletproof VPS, Bulletproof hosting), from where they can manage...
-
An information security specialist in one tweet wrote a PoC exploit for a critical vulnerability in Microsoft Word
The expert shortened the code to 140 characters to bring more administrators to the problem.Researcher and information security expert Joshua Drake tweeted a PoC exploit code for a critical RCE vulnerability in Microsoft Word.The RCE vulnerability CVE-2023-21716 was fixed in February and allows an attacker to achieve remote code execution without prior authentication - a hacker can simply send a malicious RTF file to the victim by email.Drake was the first to discover a vulnerability in the "wwlib.dll" library of the Office suite and reported it in a detailed report to Microsoft.According to Drake's report,...
-
To pay or not to pay - that is the question
What should be considered by companies that are faced with ransomware?As ransomware attacks become more common and sophisticated, the decision to pay or not pay a ransom becomes more difficult.It is difficult to know for sure what proportion of ransomware victims worldwide transfer money to hackers. Some reports for 2021 put this figure at around two-thirds of the time.Paying the ransom can often seem like the most reasonable way to solve a problem. However, it is critical to consider the potential impact and long-term impact on the business. For example, there is no guarantee that...
-
Which countries have the best marijuana?
The hemp revolution is steadily sweeping the planet, contributing not only to world pop culture, but also to the budgets of many countries. Humanity is gradually realizing the potential benefits of cannabis. Today we will talk about countries known for their culture of cannabis consumption and varieties created on their territory.IndiaIndian cultural and spiritual traditions have been closely associated with cannabis for thousands of years. Regarded as one of the 5 sacred plants, marijuana has been successfully used in the Indian subcontinent as early as 2000 BC. Unfortunately, in 1961, the country signed an international...
