Tag: BACKUP

Elysium Ransomware: A New Variant of the Ghost Family Targeting Critical Infrastructure
Summary: A new ransomware variant called Elysium, linked to the Ghost ransomware family, targets critical sectors like healthcare and government. The attackers exploit outdated applications to gain access and deploy various tools to execute a multi-stage attack. Elysium disrupts recovery efforts by targeting backups and encrypting files with a specific extension while demanding a ransom in Monero for decryption.…
Read More
Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025
Summary: The State of Backup and Recovery Report 2025 highlights the challenges IT professionals face in securing business-critical data within increasingly complex environments. Key insights reveal declining confidence in backup systems, rising operational burdens, and significant gaps in disaster recovery capabilities, particularly as organizations rapidly adopt cloud solutions.…
Read More
This advisory details the tactics, techniques, and procedures (TTPs) associated with the Medusa ransomware variant. Medusa, operating as a ransomware-as-a-service (RaaS), has affected over 300 victims across various critical infrastructure sectors since its inception in June 2021. The advisory provides insights into initial access methods, lateral movement tactics, and a double extortion model employed by Medusa actors.…
Read More
Microsoft Fixes 7 Zero-Days and 57 Vulnerabilities in March 2025 Patch Tuesday – PRSOL:CC
March 2025 Patch Tuesday from Microsoft addresses 57 vulnerabilities, including 6 actively exploited zero-day vulnerabilities. The critical vulnerabilities primarily include remote code execution flaws, and details on other related updates and the context of exploitations are elaborated in this article. Affected: Microsoft products, Windows operating system, Microsoft Edge

Keypoints :

Microsoft’s March 2025 Patch Tuesday released 57 security updates.…
Read More
Microsoft Fixes 7 Zero-Days and 57 Vulnerabilities in March 2025 Patch Tuesday – PRSOL:CC
Summary: Microsoft released its March 2025 Patch Tuesday updates, addressing 57 vulnerabilities, including six actively exploited zero-days and six “Critical” remote code execution vulnerabilities. Key issues include elevation of privilege and information disclosure vulnerabilities primarily associated with Windows and Office applications. Users are advised to apply these updates promptly to mitigate potential attacks leveraging these vulnerabilities.…
Read More
Windows 11 KB5053598 & KB5053602 cumulative updates released
Summary: Microsoft has released mandatory cumulative updates KB5053598 and KB5053602 for Windows 11 versions 24H2 and 23H2, addressing security vulnerabilities discovered in previous months. The updates also introduce significant new features and changes, along with fixing various bugs to enhance system performance. Users can install the updates through Windows Update or manually from the Microsoft Update Catalog.…
Read More
Quantum leap: Passwords in the new era of computing security
Summary: The National Institute of Standards and Technology (NIST) has released its first finalized post-quantum encryption standards to protect against potential threats posed by quantum computers. These new standards are essential as traditional cryptographic methods may become vulnerable to quantum attacks. Organizations need to adapt their security measures, particularly in password protection, to mitigate the risks associated with advancing quantum technologies.…
Read More
⚡ THN Weekly Recap: New Attacks, Old Tricks, Bigger Impact
Summary: The evolving landscape of cyber threats raises critical concerns around cybersecurity resilience, particularly as state-sponsored groups and new ransomware tactics emerge. Notable events this week include charges against Chinese nationals for hacking and the dismantling of Garantex, a cryptocurrency exchange linked to money laundering. This edition explores the complexities of modern cyber threats and ongoing countermeasures by global law enforcement.…
Read More
Who are Hellcat Ransomware Group? | Bridewell
The Hellcat Ransomware Group is a newly identified Ransomware-as-a-Service (RaaS) threat group, recognized for targeting various organizations, especially in telecommunications and government sectors. Their operations reveal sophisticated tactics, including phishing, exploitation of public-facing applications, and deployment of PowerShell for maintaining persistence. The group has shown strong ties with other ransomware actors and employs unique methods for data exfiltration.…
Read More
Dark Web Profile: Ghost (Cring) Ransomware – SOCRadar® Cyber Intelligence Inc.
The Ghost (Cring) ransomware is a critical cybersecurity threat primarily targeting organizations with vulnerable systems, including healthcare, finance, government, and education sectors. This ransomware employs sophisticated techniques such as exploiting vulnerabilities, lateral movement, and advanced evasion methods to encrypt sensitive data and demand ransom payments. Affected: healthcare, financial services, government, critical infrastructure, manufacturing, education, professional services, retail, e-commerce

Keypoints :

Ghost (Cring) ransomware has been active since at least 2021, targeting vulnerable internet-facing systems.…
Read More

Victim: Pampili (pampili.com.br) Country : BR Actor: fog Source: http://xbkv2qey6u3gd3qxcojynrt4h5sgrhkar6whuo74wo63hijnn677jnyd.onion/posts/67c715cc03e546ad96cc5e55/ Discovered: 2025-03-04 16:30:18.816044 Published: 2025-03-04 00:00:00.000000 Description :Data size: 36.3 GB Indicates a substantial amount of information or files Could be relevant for backup, storage, or transfer considerations May involve various file formats or types Important for data management and organization Potential performance implications for processing or accessing this data Consideration for cloud storage options if applicable

About Country: Brazil Country Code: BR

Brazil has emerged as a significant player in the global landscape of cybersecurity, facing unique challenges and opportunities.…

Read More
Rubrik rotates authentication keys after log server breach
Summary: Rubrik reported a breach of one of its servers that hosted log files, prompting the company to rotate potentially leaked authentication keys. The incident has been confirmed as isolated, with no evidence of unauthorized access to customer data or internal code. Rubrik reassured that the breach was not part of a ransomware attack and did not receive any communication from the threat actor involved.…
Read More
EU’s New Product Liability Directive & Its Cybersecurity Impact
Summary: The European Union has updated its product liability rules to include software products, SaaS, and AI, launching a new Product Liability Directive (PLD) that enhances manufacturer accountability and consumer protection. This shift, effective from December 2024, imposes new obligations related to cybersecurity and software updates, while also influencing businesses globally that engage with the EU market.…
Read More

Victim: K**d.edu Country : Actor: flocker Source: http://flock4cvoeqm4c62gyohvmncx6ck2e7ugvyqgyxqtrumklhd5ptwzpqd.onion/?p=400 Discovered: 2025-03-03 12:52:26.097068 Published: 2025-03-03 00:00:00.000000 Description : Certainly! Here are the key points formatted as requested:Addressed to the board of K* y e Ownership of the system at kd.edu Backup of data has been taken Further details or previous communications may have been included

About Country: Estonia Country Code = EE

Estonia is often hailed as a pioneer in the realm of cybersecurity, given its progressive approach to digital governance and online services.…

Read More
RST TI Report Digest: 03 Mar 2025
This week’s threat intelligence report from RST Cloud analyzes various cybersecurity threats targeting different sectors and establishments. Noteworthy attacks include FatalRAT impacting industrial organizations in the Asia-Pacific region, with an advanced delivery mechanism utilizing DLL sideloading. The Silent Killers report discusses a large-scale exploitation of legacy drivers, while other reports cover threats like Koi Stealer, AMOS Stealer, and attackers affiliated with the Hellcat and Silver Fox groups targeting governmental and healthcare sectors, respectively.…
Read More