The security specialists at BleepingComputer spotted the problem, with forum users reporting the infection after installing self-declared W10 updates from illegal “warez” repositories. These sites offer pirated and cracked versions of paid software, and they’re infamous for being filled with easy targets for those who want to spread malware. The Magniber program hidden in these bogus updates encrypts targeted portions of the user’s storage drive, then demands an anonymous transfer of Bitcoin equal to about $2,600 USD in order to get your files back. The price goes up if you wait more than a few days, and there’s no known workaround to free your files without opening your wallet.

Why 58% of marketers aren’t concerned. Verification of accounts. Removing bots. Free speech. These were among the reasons marketers are feeling optimistic about Musk owning Twitter. Here’s a sampling of comments: [...]

Security firm Mandiant has released details about a threat actor it has named UNC3524, which infiltrates and resides for long periods in Windows environments where it can collect emails in bulk. The active backdoor is named QUIETEXIT and it is based on the Dropbear SSH client-server software which is generally used in environments with low memory and processor resources.

In this blog post, we introduce UNC3524, a newly discovered suspected espionage threat actor that, to date, heavily targets the emails of employees that focus on corporate development, mergers and acquisitions, and large corporate transactions. On the surface, their targeting of individuals involved in corporate transactions suggests a financial motivation; however, their ability to remain undetected for an order of magnitude longer than the average dwell time of 21 days in 2021, as reported in M-Trends 2022, suggests an espionage mandate. Part of the group’s success at achieving such a long dwell time can be credited to their choice to install backdoors on appliances within victim environments that do not support security tools, such as anti-virus or endpoint protection. The high level of operational security, low malware footprint, adept evasive skills, and a large Internet of Things (IoT) device botnet set this group apart and emphasize the “advanced” in Advanced Persistent Threat. UNC3524 also takes persistence seriously. Each time a victim environment removed their access, the group wasted no time re-compromising the environment with a variety of mechanisms, immediately restarting their data theft campaign. We are sharing the tools, tactics, and procedures used by UNC3524 to help organizations hunt for and protect against their operations.

Kellogg Community College announced on May 1 that the technology issues that started days before were caused by a ransomware attack. Due to the ongoing attack, all KCC campuses are closed until further notice.

Over the last week, the NATO Cooperative Cyber Defense Center of Excellence hosted the 10th edition of one of the world's largest annual interactive cybersecurity drills.

Over 2,000 participants from 32 countries formed teams and logged in remotely to help defend regions of Berylia — an imaginary island nation in conflict with its Southern neighbor, Crimsonia — represented by organizers in Tallinn, Estonia's capital city. Participants included cybersecurity experts from governments and private companies, as well as academics.

Ransomware is the “business pandemic.” Warnings have been issued by multiple agencies around the world to alert businesses to increase their protection and awareness. Most recently, the Department of Health and Human Services (HHS) has issued a warning to health care organizations related to what it calls “an exceptionally aggressive” ransomware group known as Hive.

Hive has been active since June of last year, but according to the HHS, has been more active of late targeting health care organizations with “double extortion” threats. The group is described as “financially motivated,” demanding payment to unlock data it has encrypted and also threatening to publicly release unencrypted data, selling it on “name and shame” dark web sites according to the HHS alert.

Tenet, one of the largest for-profit health systems in the U.S., said it experienced a "cybersecurity incident" last week that disrupted some acute care operations.

Most critical functions have been restored, while affected facilities are beginning to resume normal operations, according to a statement on Tuesday from the Texas-based operator.

The malware, which caused the computers of visitors to the city's official webpage to generate cryptocurrency without their knowledge, was detected and removed over the weekend.