Articles By This Author

Spain flag
Cybercrime Featured Government

Spanish government falls victim to Ryuk ransomware attack

The Spanish government has fallen victim to a ransomware attack on Tuesday that impacted the IT systems of the Servicio Público de Empleo Estatal (SEPE), the agency that manages and pays out government unemployment benefits. The incident affected the agency’s backend systems and public website.

Microsoft Exchange
Featured Technology

More than 46,000 Exchange servers still unpatched

More than 46,000 of a total of 250,000 Exchange email servers are still unpatched against four critical vulnerabilities that have been under heavy attacks over the past few days. For the past days, DIVD has scanned the internet for Exchange servers, verified if the patch was installed, and then moved to notify organizations that have failed to update.

Sky ECC
Cybercrime Featured

Belgian and Dutch police take down encrypted criminal chat platform Sky ECC

Law enforcement agencies from the Netherlands and Belgium have shut down today Sky ECC, a company that provided a secure encrypted messaging platform to criminals organizations across the world. Authorities said they infiltrated the platform in mid-February 2021 and have managed to intercept live messages exchanged through the company’s servers.

handcuffs arrest
Cybercrime Featured

GandCrab ransomware distributor arrested in South Korea

South Korean national police have announced today the arrest of a 20-year-old suspect on charges of distributing and infecting victims with the GandCrab ransomware. The suspect, whose name was not released, operated as a customer of the GandCrab Ransomware-as-a-Service (RaaS) cybercrime operation.

ProxyLogon
Cybercrime Featured Nation-state Technology

Attacks on Exchange servers expand from nation-states to cryptominers

The ongoing mass exploitation campaign targeting Microsoft Exchange email servers has expanded in less than a week to include attacks from multiple nation-state hacking groups and cybercrime operations alike. The attacks —first disclosed last week by Microsoft— are related to four vulnerabilities that security researchers are calling ProxyLogon.

SolarWinds
Featured Technology

Attacks on SolarWinds Servers Also Linked To Chinese Threat Actor

Secureworks links the second threat actor exploiting SolarWinds Orion servers to a Chinese threat actor it calls Spiral. This is the group who exploited CVE-2020-10148 (Orion API authentication bypass) to install the SUPERNOVA web shell on Orion servers throughout late 2020.

Flubot arrests
Cybercrime Featured

FluBot Malware Gang Arrested in Barcelona

Catalan police arrested four suspects last week on suspicion of managing FluBot, an Android malware strain that infected at least 60,000 devices, with most victims located in Spain. Four men, aged between 19 and 27, were arrested in Barcelona on Tuesday, March 2.

CPU, Processor
Featured Technology

New Side-Channel Attack Targets the CPU Ring Bus for the First Time

In a paper published today, a team of academics from the University of Illinois at Urbana-Champaign have published details about a new side-channel attack against the internal architecture of modern CPUs. In a research paper published tonight and titled “Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical,” UIUC researchers looked at a part of modern multi-core CPUs that hasn’t been analyzed before —namely, the ring interconnect.

Phone call, telephone
Cybercrime Featured

Ransomware Gang Threatens To Launch DDoS Attacks, Call Reporters and Business Partners

The operators of the REvil (aka Sodinokibi) ransomware said they plan to expand their arsenal of extortion tactics against victims who refuse to pay ransom demands. New tactics will include calling journalists or business partners to expose a victim’s breach and launching DDoS attacks against a company’s IT infrastructure in order to delay recovery efforts.

DNS
Featured Government Technology

NSA and CISA promote PDNS concept

The US National Security Agency and the Cybersecurity and Infrastructure Security Agency have published this week a joint advisory urging companies to adopt DNS-based security solutions as part of a concept the agencies are calling Protective DNS (PDNS).