cRyPtHoN™ INFOSEC (EN)
18 Jul 2025 15:52
Russian vodka producer reports disruptions after ransomware attack
More than 2,000 WineLab liquor stores across Russia have remained shut for three days following a ransomware attack on their parent company, one of Russia’s largest alcohol producers. Signs on WineLab doors said the stores were closed due to “technical issues.”
The attack crippled parts of the Novabev Group’s infrastructure, affecting WineLab’s point-of-sale systems and online services. The company confirmed that the attackers had demanded a ransom but said it refused to negotiate.
https://therecord.media/novabev-russia-vodka-maker-ransomware-attack
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Jul 2025 15:49
GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia
In a recent incident response (IR) case, we discovered highly customized malware targeting Exchange infrastructure within government environments. Analysis of detection logs and clues within the sample suggests that the Exchange server was likely compromised via a known N-day vulnerability. Our in-depth analysis of the malware revealed a sophisticated, multi-functional backdoor that can be dynamically extended with arbitrary functionality through the download of additional modules.
https://securelist.com/ghostcontainer/116953/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Jul 2025 15:46
AGX Financeira Allegedly Breached – Millions of Brazilians’ Data for Sale
Brazilian financial company AGX Financeira is allegedly the latest victim of a significant data breach. A threat actor has posted...
24GB of Internal Data from UK Energy Firm Baxter Kelly Allegedly for Sale
A threat actor is allegedly selling a significant 24GB dataset purportedly belonging to Baxter Kelly Ltd, a prominent company in...
Akira Ransomware Group Continues Attack Spree – Allegedly Compromising 12 Companies in 72 Hours
The Akira ransomware group has allegedly intensified its campaign, adding 12 new victims to its dark web data leak portal...
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Jul 2025 15:42
Google sues 25 alleged BadBox 2.0 botnet operators, all of whom are in China
Ads giant complains of damage to its reputation and finances ... and crime, too
Google has filed a lawsuit against 25 unnamed individuals in China it accuses of breaking into more than 10 million devices worldwide and using them to build a botnet, called BadBox 2.0, and then to carry out other cybercrimes and fraud.
https://www.theregister.com/2025/07/17/google_sues_25_unnamed_chinese/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Jul 2025 15:39
Your office printer could be the easiest backdoor into company networks - so update now
Printers go neglected throughout their lifecycle, causing a major security risk
Hackers could be using your business printer as an easy backdoor into your corporate network and all of the devices connected to it, experts have warned.
A new report from HP Wolf Security outlines how most enterprises neglect their printers throughout the device’s lifecycle, finding just a third (36%) of those surveyed apply firmware updates as soon as they’re available.
https://www.techradar.com/pro/security/your-office-printer-could-be-the-easiest-backdoor-into-company-networks-so-update-now
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Jul 2025 15:36
Anne Arundel Dermatology data breach impacts 1.9 million people
Hackers breached Anne Arundel Dermatology systems for three months, potentially exposing personal and health data of 1.9 million people.
https://securityaffairs.com/180100/data-breach/anne-arundel-dermatology-data-breach-impacts-1-9-million-people.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Jul 2025 14:37
Cortex
Cortex is developed by TheHive Project to help SOCs, CSIRTs, and security researchers analyze observables at scale from a single interface. It supports analysis of IP addresses, URLs, domain names, file hashes, and more, either individually or in bulk, via a web interface or REST API.
Fluentd
Fluentd is a data collector that unifies data collection and delivery, making data easier to process and understand.
Security Onion
Security Onion provides network visibility, host visibility, intrusion detection honeypots, log management, and case management
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Jul 2025 14:32
Compumedics data breach leaks patient info from a dozen hospitals and clinics
Australian medical manufacturer Compumedics this week confirmed it notified at least 320,404 people of a March 2025 data breach that compromised the following patient info:
🌀 Names
🌀 Social Security numbers
🌀 Health insurance info
🌀 Dates of birth
🌀 Demographic info
🌀 Medical record numbers
🌀 Treatments and diagnoses
🌀 Dates of treatment
🌀 Provider names
🌀 Sleep study details and results
https://www.comparitech.com/news/compumedics-data-breach-leaks-patient-info-from-a-dozen-hospitals-and-clinics/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Jul 2025 14:22
Oracle Patches 200 Vulnerabilities With July 2025 CPU
Oracle’s July 2025 Critical Patch Update contains 309 security patches that address approximately 200 unique CVEs.
Oracle has released 309 new security patches as part of its July 2025 Critical Patch Update (CPU), including 127 fixes for vulnerabilities that are remotely exploitable without authentication.
https://www.securityweek.com/oracle-patches-200-vulnerabilities-with-july-2025-cpu/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Jul 2025 14:20
Operation Eastwood shutters 100+ servers used to DDoS websites supporting Ukraine
Two Russian suspects in cuffs, seven warrants out
International cops shut down more than 100 servers belonging to the pro-Russian NoName057(16) network this week as part of the Europol-led Operation Eastwood.
The joint law enforcement effort involved 19 countries across Europe and North America, and resulted in two arrests of Russian nationals, one in France and one in Spain.
https://www.theregister.com/2025/07/16/russian_hacktivist_bust/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Jul 2025 14:16
Hackers hijack Microsoft Teams to spread malware to certain firms - find out if you're at risk
Victims are carefully picked
Security researchers are warning about an ongoing campaign leveraging Microsoft Teams calls to deploy a piece of malware called Matanbuchus 3.0.
As per cybersec outfit Morphisec, an unidentified hacking group first carefully picks its victims, and then reaches out via Microsoft Teams, posing as an external IT team.
https://www.techradar.com/pro/security/hackers-hijack-microsoft-teams-to-spread-malware-to-certain-firms-find-out-if-youre-at-risk
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Jul 2025 14:12
Belk Suffers Major Data Breach; Law Firm Investigates Class Action
The popular U.S. department store chain Belk is under scrutiny following a cyberattack that may have compromised sensitive customer information. The Belk data breach has drawn attention, particularly after the hacking group DragonForce claimed responsibility for attack. According to the law firm Schubert Jonckheer & Kolbe LLP, which is actively investigating the data breach, Belk identified unauthorized access to its network between May 7 and 11, 2025.
https://thecyberexpress.com/belk-data-breach/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
16 Jul 2025 16:27
Talos IR ransomware engagements and the significance of timeliness in incident response
As ransomware threat actors continuously decrease their dwell time — here defined as the duration between initial access and encryption — it is increasingly imperative to be mindful of timeliness in incident response engagements (Infosecurity Magazine, CyberScoop, Orca, ThreatDown). Early intervention and remediation can significantly mitigate or even wholly prevent repercussions of ransomware attacks, such as financial loss, reputational damage and legal repercussions, as exemplified by a comparison of two recent Talos IR engagements.
https://blog.talosintelligence.com/talos-ir-ransomware-engagements-and-the-significance-of-timeliness-in-incident-response/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
16 Jul 2025 16:23
Ukraine-aligned hackers claim cyberattack on major Russian drone supplier
Ukrainian military intelligence and allied hacker groups said they carried out a large-scale cyberattack against a major Russian drone supplier, disrupting its operations.
In a statement on Telegram, two well-known Ukrainian volunteer hacker groups — the Ukrainian Cyber Alliance (UAC) and Black Owl (BO Team) — claimed to have accessed and destroyed terabytes of technical data from Gaskar Group, a Russian developer and manufacturer of unmanned aerial vehicles, including those reportedly used to attack Ukraine.
https://therecord.media/ukraine-hackers-claim-attack-russia-gaskar-group-drone-maker
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
16 Jul 2025 16:06
UK Pet Owners Targeted by Fake Microchip Renewal Scams
Microchip renewal scam targets UK pet owners using leaked data from insecure registries. Emails appear legit but aim to steal money and personal info.
UK pet owners are being hit with convincing scam emails demanding microchip registration renewals, and the source of the problem appears to lie deeper than just spam. A recent investigation by Pen Test Partners has revealed serious security issues in how microchip data is stored and accessed, giving scammers the tools they need to convincingly imitate official registries.
https://hackread.com/uk-pet-owners-targeted-fake-microchip-renewal-scams/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Jul 2025 15:51
Over 5.4 Million Affected in Healthcare Data Breach at Episource
A data breach at medical billing company Episource has exposed the personal and health information of more than 5.4 million people across the US.
The breach, discovered on February 6 2025, allowed cybercriminals to access and copy files containing sensitive data.
https://www.infosecurity-magazine.com/news/54-million-affected-episource/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Jul 2025 15:47
1.4 Million Affected by Data Breach at Virginia Radiology Practice
Radiology Associates of Richmond has disclosed a data breach impacting protected health and personal information.
Radiology Associates of Richmond has disclosed a data breach affecting more than 1.4 million individuals.
A data security incident notice posted on its website reveals that the healthcare organization’s systems were accessed by hackers for a period of several days in April 2024.
https://www.securityweek.com/1-4-million-affected-by-data-breach-at-virginia-radiology-practice/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Jul 2025 15:43
OpenAI: GPT-5 is coming, "we'll see" if it creates a shockwave
OpenAI's next foundational and state-of-the-art model, GPT-5, is still on its way after a delay. OpenAI won't tell us the release date for now.
In a conversation with a user on X, OpenAI's researcher Xikun Zhand confirmed that GPT-5 is still coming.
https://www.bleepingcomputer.com/news/artificial-intelligence/openai-gpt-5-is-coming-well-see-if-it-creates-a-shockwave/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Jul 2025 15:40
Hackers are trying to steal passwords and sensitive data from users of Signal clone
Hackers are targeting a previously reported bug in the Signal clone app TeleMessage in an effort to steal users’ private data, according to security researchers and a U.S. government agency.
https://techcrunch.com/2025/07/17/hackers-are-trying-to-steal-passwords-and-sensitive-data-from-users-of-signal-clone/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Jul 2025 15:37
Cambodia Cracks Down on Cybercrime: 1,000+ Arrests Across Five Provinces
Within a single week, the Cambodia cybercrime crackdown arrested over 1,000 suspects linked to operations spanning at least five provinces, including Phnom Penh, Sihanoukville, Poipet, Kratie, and Pursat. The detentions included 85 Cambodians and hundreds of foreigners, from Vietnam, China, Taiwan, Indonesia, Myanmar, Bangladesh, and more.
https://thecyberexpress.com/cambodia-cybercrime-crackdown/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
18 Jul 2025 15:34
Sid Meier’s Civilization VI: Platinum Edition is free to claim on the Epic Games Store
The Epic Games Store is giving away Sid Meier's Civilization VI. It's yours to keep forever once you claim it.
Normally, we don't write about free games here. But I think this one is worth mentioning.
Civilization VI, or Civ 6, as it is called by fans, was released in 2016. The 4x game was given away previously on Epic Games Store in 2020. That was just the base game, the Platinum Edition comes with quite a bit of additional content. So if you already claimed it 5 years ago, you can claim the DLCs now.
https://www.ghacks.net/2025/07/18/sid-meiers-civilization-vi-platinum-edition-is-free-to-claim-on-the-epic-games-store/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Jul 2025 14:33
MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities
In early February 2025, Talos observed a cluster of invoice payment and billing-themed phishing emails that appeared to target Ukrainian entities. These emails included compressed archive attachments (e.g., ZIP, 7Zip or RAR) containing at least one JavaScript file that used several layers of obfuscation to disguise a PowerShell downloader. The execution of the JavaScript and PowerShell script resulted in the download and execution of SmokeLoader on the victim system. Talos assessed the JavaScript downloaders to be the Emmenthal loader, based on notable similarities between the obfuscation methods observed in the collected samples and those described by Orange Cyberdefense.
https://blog.talosintelligence.com/maas-operation-using-emmenhtal-and-amadey-linked-to-threats-against-ukrainian-entities/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Jul 2025 14:30
Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks
More than $2 billion in cryptocurrency was stolen by hackers in the first half of 2025, according to the blockchain security firm Chainalysis.
Most of the total comes from the $1.5 billion stolen from Dubai-based crypto platform Bybit in February by hackers connected to North Korea.
https://therecord.media/chainalysis-crypto-stolen-billions
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Jul 2025 14:21
DEVMAN Ransomware Group Allegedly Breaches Thai Ministry of Labour
The Thai Ministry of Labour (MOL) has allegedly become the latest victim of the notorious DEVMAN ransomware group. The group has claimed to have exfiltrated 300GB of sensitive data and is demanding a $15 million ransom. The Ministry of Labour is a critical government body in Thailand, responsible for overseeing labor relations, social security, and employment services for the nation’s workforce. The potential compromise of such an institution raises serious concerns about the security of sensitive citizen and government data.
https://dailydarkweb.net/devman-ransomware-group-allegedly-breaches-thai-ministry-of-labour/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Jul 2025 14:18
UK retail giant Co-op confirms hackers stole all 6.5 million customer records
The chief executive of U.K. retail conglomerate Co-op on Wednesday said that hackers had stolen the personal data of all of the company’s customers during an April cyberattack.
https://techcrunch.com/2025/07/16/uk-retail-giant-co-op-confirms-hackers-stole-all-6-5-million-customer-records/
https://www.bbc.com/news/articles/cql0ple066po
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Jul 2025 14:15
Important Notice – Data Breach Notification
We advise that a data breach occurred on 23 June 2025 which may have affected your personal information held by the following entities or other associated entities:
🌀 United Australia Party
🌀 Trumpets of Patriots
What happened
On 23 June 2025, we identified unauthorised access to our servers resulting in access to, and the possible exfiltration of, certain data records. We were the subject of a ransomware cyber-attack.
https://www.unitedaustraliaparty.org.au/important-notice-data-breach-notification/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
17 Jul 2025 14:10
UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations
UNC6148 targets SonicWall devices with Overstep malware, using a backdoor and rootkit for data theft, extortion, or ransomware.
Google’s Threat Intelligence Group warns that a threat actor tracked as UNC6148 has been targeting SonicWall SMA appliances with new malware dubbed Overstep. Active since at least October 2024, the group uses a backdoor and user-mode rootkit to potentially enable data theft, extortion, or ransomware attacks. While these activities suggest financial motives, researchers have not yet confirmed them definitively.
https://securityaffairs.com/180035/hacking/unc6148-deploys-overstep-malware-on-sonicwall-devices-possibly-for-ransomware-operations.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
16 Jul 2025 16:26
Chicago-area school district notifies 11.5K people of data breach compromising student records, SSNs, finances, and medical info
Indian Springs School District 109 yesterday confirmed it notified 11,542 people of an October 2024 data breach that compromised the following personal info:
🌀 Names
🌀 Social Security numbers
🌀 Contact info
🌀 Student ID numbers
🌀 State-issued ID numbers
🌀 Class schedules
🌀 Transcript info
🌀 Medical info
🌀 Health insurance info
🌀 Parent/guardian names
🌀 504 Plan or IEP info
🌀 Race/ethnicity info
🌀 Financial aid info
🌀 Financial account info
https://www.comparitech.com/news/chicago-area-school-district-notifies-11-5k-people-of-data-breach-compromising-student-records-ssns-finances-and-medical-info/
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
16 Jul 2025 16:09
Falco: Open-source cloud-native runtime security tool for Linux
Falco is an open-source runtime security tool for Linux systems, built for cloud-native environments. It monitors the system in real time to spot unusual activity and possible security threats.
Falco is a graduated project from the Cloud Native Computing Foundation (CNCF) and is used in production by many organizations.
https://github.com/falcosecurity/falco
📡@
📡@
📡@
📡@
📡@
Читать полностью…
cRyPtHoN™ INFOSEC (EN)
16 Jul 2025 16:05
Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors
Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service (DDoS) attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter.
"Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed," Omer Yoachimik and Jorge Pacheco said. "Cloudflare blocked over 6,500 hyper-volumetric DDoS attacks, an average of 71 per day."
https://thehackernews.com/2025/07/hyper-volumetric-ddos-attacks-reach.html
📡@
📡@
📡@
📡@
📡@
Читать полностью…
4200