"Researchers from Kaspersky discovered a vulnerability in the encryption process of the Yanluowang ransomware that can be exploited to recover the files encrypted by the malware without paying the ransom.
The Yanluowang ransomware was first spotted by researchers from Symantec Threat Hunter Team in October 2021, the malware was used in highly targeted attacks against large enterprises.
"Threat actors have launched a new marketplace called Industrial Spy that sells stolen data from breached companies, as well as offering free stolen data to its members.
"Microsoft and a consortium of cybersecurity companies took legal and technical steps to disrupt the ZLoader botnet, seizing control of 65 domains that were used to control and communicate with the infected hosts.
"The RaidForums hacker forum, used mainly for trading and selling stolen databases, has been shut down and its domain seized by U.S. law enforcement during Operation TOURNIQUET, an action coordinated by Europol that involved law enforcement agencies in several countries.
RaidForum’s administrator and two of his accomplices have been arrested, and the infrastructure of the illegal marketplace is now under the control of law enforcement."
"Anonymous has taken Operation OpRussia a step further by targeting Aerogas, Forest, and Petrovsky Fort, which happened to be giants in their respective industries."
TLP1 : Green
"NB65 hacking group created its ransomware based on the leaked source code of the Conti ransomware and targets Russia."
TLP1 : Green
"Microsoft on Thursday announced it has obtained a court order to take over seven domains used by Russia-linked cyberespionage group APT28 in attacks against Ukraine.
The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.
"Nos últimos dias foi identificada uma segunda vaga de um esquema malicioso relativo a lojas online falsas que visam atingir utilizadores de algumas marcas populares, incluindo a Puma (hxxxps://www.puma-portugal.]com)."
TLP1 : Green
"Trend Micro has advised customers to update its Apex Central technology following the discovery of web-based attacks targeting a newly discovered vulnerability.
Both hosted and on-premises versions of the Apex Central web-based centralized management console are vulnerable to a file upload vulnerability that poses a remote code execution (RCE) risk.
"A new WhatsApp phishing campaign impersonating WhatsApp's voice message feature has been discovered, attempting to spread information-stealing malware to at least 27,655 email addresses.
This phishing campaign aims to lead the recipient through a series of steps that will ultimately end with the installation of an information-stealing malware infection, opening the way to credential theft.
