Multi-national tech conglomerate Cisco has confirmed that the Yanluowang ransomware gang breached its corporate network in late May, and that the group tried to extort them by threatening to leak stolen files online. The Yanluowang gang claims to have stolen 2.8 GB of data, consisting of approximately 3,100 files which Cisco has described as "not sensitive."
German electronics manufacturer Semikron has reported that they were hit by a ransomware attack. The LV ransomware group has claimed responsibility for this attack, and is threatening to leak 2 TB worth of stolen data if their ransom demands are not met.
The ALPHV/BlackCat ransomware gang claims to have stolen more than 150 GB of data from Creos Luxembourg S.A., a company which manages natural gas pipelines and electrical networks in the Grand Duchy of Luxembourg. The alleged stolen data consists of 180,000 files, including contracts, agreements, passports, bills and emails.
Researchers have observed a new post-exploitation attack framework in the wild. Manjusaka, as it's called, can be deployed as an alternative to the popular Cobalt Strike toolset — or parallel to it for redundancy.
Security researchers have discovered that QBot malware is now using the legitimate Windows Calculator app for DLL side-loading attacks. The method continues to be used in current malspam campaigns.
A new version of MLNK Builder, a link generation tool popular among cybercriminals, has emerged on the dark web. The updated feature set focuses on antivirus evasion and masquerading techniques, using icons of popular legitimate applications and file formats.
Symbiote is a new Linux malware that steals users’ data and provides a backdoor to threat actors. It was discovered in June, 2022 and is characterized as a very stealthy malware. It uses a lot of evasion techniques, such as hooking functions, capturing TCP traffic and hiding its own files. It collects users' data and exfiltrates it on DNS servers.
The Knauf Group, a German-based multinational producer of construction materials, has announced that it's been the target of a cyberattack. The incident took place on the night of June 29, forcing its global IT team to shut down email systems, although communications were still possible via mobile devices and Microsoft Teams.
The Japanese video game giant Bandai Namco, known for publishing franchises like Elden Ring, Pac-Man and Tekken, has been hit by BlackCat/AlphV ransomware.
Google has released updates for its popular Chrome browser to remediate several vulnerabilities, including a high-severity vulnerability that has already been exploited in the wild. This marks the fourth zero-day vulnerability that had to be patched in Chrome this year.
On March 16, 2022, security specialists identified a new version of BlackCat ransomware (so named because the software displays a black cat on the victim’s payment site). These experts also noted that some previous YARA rules no longer match, which will make it difficult to find malicious files.
An unpatched remote code execution vulnerability in the Microsoft Windows Support Diagnostic Tool (MSDT), which is being tracked as CVE-2022-30192, is being exploited in phishing campaigns that are targeting U.S. and European government organizations.