REvil Ransomware’s Servers Mysteriously Come Back Online

in cybersecurity •  last month 

Howard University announced Monday that they are investigating a ransomware attack and canceled classes Tuesday. Now, university officials are canceling online and hybrid classes Wednesday, too. In-person classes will take place.


Source: https://QUE.com

According to school officials, their information technology team detected unusual activity on the school’s network last Friday.

Due to the unusual activity, the school’s Enterprise Technology Services (ETS) intentionally shut down the university’s network to investigate.

continue reading: https://wjla.com/news/local/howard-university-investigates-alleged-ransomware-attack

DoD Forms New Task Force To Shore Up Supply Chain
DoD FoThe Defense Department has created a new task force dedicated to addressing ongoing challenges with its supply chain visibility and resiliency, including ways to mitigate risk.

Gregory Kausner, who is currently handling the duties of under secretary of defense for acquisition and sustainment, stood up the Supply Chain Resiliency Working Group on Aug. 30, the Pentagon said last week.

continue reading: https://breakingdefense.com/2021/09/dod-forms-new-task-force-to-shore-up-supply-chain/

Microsoft issues Windows attack warning that uses malicious Office filesrms New Task Force To Shore Up Supply Chain
Attackers are actively exploiting a Microsoft remote code execution vulnerability using malicious Office files, the tech giant has warned. The vulnerability known as CVE-2021-40444 affects Windows Servers from version 2008 and Windows 7 through 10. What attackers are doing is sending potential victims an Office file and tricking them into opening it. That file automatically opens Internet Explorer to load the bad actor’s web page, which has an ActiveX control that downloads malware onto the victim’s computer.

continue reading: https://news.yahoo.com/microsoft-windows-vulnerability-malicious-office-files-105010735.html

REvil Ransomware’s Servers Mysteriously Come Back Online
The dark web servers for the REvil ransomware operation have suddenly turned back on after an almost two-month absence. It is unclear if this marks their ransomware gang’s return or the servers being turned on by law enforcement.

On July 2nd, the REvil ransomware gang, aka Sodinokibi, used a zero-day vulnerability in the Kaseya VSA remote management software to encrypt approximately 60 managed service providers (MSPs) and over 1,500 of their business customers.

continue reading: https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/

Researchers Pinpoint Ransomware Gangs’ Ideal Enterprise Victims
Researchers with threat intelligence company KELA have recently analyzed 48 active threads on underground (dark web) marketplaces made by threat actors looking to buy access to organizations’ systems, assets and networks, and have found that at least 40% of the postings were by active participants in the ransomware-as-a-service (RaaS) supply chain (operators, or affiliates, or middlemen).

continue reading: https://www.helpnetsecurity.com/2021/09/08/ransomware-victims/

Operation Chimaera: TeamTNT Hacking Group Strikes Thousands of Victims Worldwide
On Wednesday, cybersecurity researchers from AT&T Alien Labs published a report on a new campaign, dubbed Chimaera, that is thought to have begun on July 25, 2021 — based on command-and-control (C2) server logs — and one that has revealed an increased reliance on open source tools by the threat group.

TeamTNT was first spotted last year and was connected to the installation of cryptocurrency mining malware on vulnerable Docker containers. Trend Micro has also found that the group attempts to steal AWS credentials to propagate on more servers, and Cado Security contributed the more recent discovery of TeamTNT targeting Kubernetes installations.

continue reading: https://www.zdnet.com/article/operation-chimaera-teamtnt-hacking-group-strikes-thousands-of-victims-worldwide/

Cybersecurity Student Scams Senior Out of $55K
A British cybersecurity student has scammed an elderly woman out of thousands of dollars by pretending to be a member of Amazon’s technical support team.

Twenty-four-year-old Ramesh Karaturi contacted his victim over the phone and persuaded her to believe that cyber-attackers had compromised her Amazon account.

Karaturi’s victim, who Cleveland Police said was a Scottish resident in her 60s, was then manipulated into installing what she thought was “protective anti-virus software” onto her computer.

continue reading: https://www.infosecurity-magazine.com/news/cybersecurity-student-scams-senior/

Read more Cyber Security News at https://QUE.com/tag/cybersecurity/

Thank you for reading and stay safe.
@yehey [ Witness ]

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE BLURT!
Sort Order:  

Congratulations, your post has been curated by @dsc-r2cornell. You can use the tag #R2cornell. Also, find us on Discord

Manually curated by @blessed-girl

logo3 Discord.png

Felicitaciones, su publicación ha sido votada por @ dsc-r2cornell. Puedes usar el tag #R2cornell. También, nos puedes encontrar en Discord