Eric Swotinsky

The RansomEXX ransomware gang is claiming responsibility for the cyberattack against Bombardier Recreational Products (BRP), which was disclosed by the company on August 8, 2022.

Greece's largest distributor of natural gas, National Natural Gas System Operator S.A. (or DEFSA), has stated that they've suffered a limited-scope data breach and IT system outage following a cyberattack. Further details were confirmed after their data was leaked by the Ragnar Locker ransomware gang.

South Staffordshire Water, a British company that supplies clean water to 1.6 million consumers, has confirmed that they were disrupted by a cyberattack. Fortunately, the attack only affected office IT systems and did not impact the water distribution systems, so the water supply is safe.

Cybercrime group RansomHouse claims to have compromised eight Italian districts. The group has published 2.1 TB of exfiltrated data from the IT infrastructures of the union of Tuscan municipalities, in the metropolitan city of Florence.

Argentina's Judiciary of Córdoba has shut down its IT systems and online portal after suffering a ransomware attack, claimed by the new 'PLAY' ransomware operation. The Judiciary confirmed that it has engaged with Microsoft, Cisco and other local specialists to investigate the attack.

Multi-national tech conglomerate Cisco has confirmed that the Yanluowang ransomware gang breached its corporate network in late May, and that the group tried to extort them by threatening to leak stolen files online. The Yanluowang gang claims to have stolen 2.8 GB of data, consisting of approximately 3,100 files which Cisco has described as "not sensitive."

The United Kingdom's National Health Service (NHS) 111 emergency services are affected by a significant and ongoing outage. It was triggered by a cyberattack that hit the systems of Advanced, a British managed services provider (MSP).

German electronics manufacturer Semikron has reported that they were hit by a ransomware attack. The LV ransomware group has claimed responsibility for this attack, and is threatening to leak 2 TB worth of stolen data if their ransom demands are not met.

The ALPHV/BlackCat ransomware gang claims to have stolen more than 150 GB of data from Creos Luxembourg S.A., a company which manages natural gas pipelines and electrical networks in the Grand Duchy of Luxembourg. The alleged stolen data consists of 180,000 files, including contracts, agreements, passports, bills and emails.

Researchers have observed a new post-exploitation attack framework in the wild. Manjusaka, as it's called, can be deployed as an alternative to the popular Cobalt Strike toolset ⁠— or parallel to it for redundancy.

A new report from Palo Alto's Unit 42 found it only takes 15 minutes after the publication of a new CVE for the first cybercriminals to begin scanning potentially vulnerable targets. Within a few hours, the first active exploitation attempts have already started.

Security researchers have discovered that QBot malware is now using the legitimate Windows Calculator app for DLL side-loading attacks. The method continues to be used in current malspam campaigns.