SEXi Ransomware Rebrands, Keeps Old Methods | Void Banshee APT Exploits Microsoft Zero-Day in Spear-Phishing Attacks

Dark Reading Weekly [TechWeb]( Follow Dark Reading: [RSS]( July 18, 2024 LATEST SECURITY NEWS & COMMENTARY [SEXi Ransomware Rebrands as 'APT Inc.,' Keeps Old Methods]( The cybercrime group demands ransoms of varying degrees, from thousands to even millions of dollars — in some cases, 2 bitcoin per encrypted customer. [Void Banshee APT Exploits Microsoft Zero-Day in Spear-Phishing Attacks]( The threat group used CVE-2024-38112 and a "zombie" version of IE to spread Atlantida Stealer through purported PDF versions of reference books. [Iranian Cyber Threat Group Drops New Backdoor, 'BugSleep']( The group — which has targeted Israel, Saudi Arabia, and other nations — often uses spear phishing and legitimate remote management tools but is developing a brand-new homegrown toolset. [Security End-Run: 'AuKill' Shuts Down Windows-Reliant EDR Processes]( Russian threat actor FIN17 has shifted gears multiple times in recent years, focusing now on helping ransomware groups be even more covertly effective. [Orgs Are Finally Making Moves to Mitigate GenAI Risks]( With AI use ramping up rapidly, a growing number of enterprise security teams have begun putting controls in place to protect sensitive data from accidental exposure and leaks. [West African Crime Syndicate Taken Down by Interpol Operation]( Law enforcement managed to arrest numerous members of Black Axe, a notorious group engaged in a wide variety of criminal activity. [Microsoft: Scattered Spider Widens Web With RansomHub & Qilin]( The gang already uses varied tools in its attacks, such as phishing, SIM swapping, and MFA fatigue. ['Trial' DDoS Attacks on French Sites Portend Greater Olympics Threats]( Russian hacktivists claim DDoS attacks against basic tourist websites. Is it real, or just smoke and mirrors? [Snowflake Account Attacks Driven by Exposed Legitimate Credentials]( Credential management gets a boost with the latest infostealers' extortion campaign built on info stolen from cloud storage systems. [Name That Toon: Near Miss]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [7 Tips for Navigating Cybersecurity Risks in M&As]( Careful planning and proactive measures can ensure smooth and secure transitions, paving the way for a successful merger or acquisition. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [DPRK Hackers Tweak Malware to Lure MacOS Users into Video Calls]( North Korean espionage campaign delivers updated BeaverTail info stealer by spoofing legitimate video calling service, researcher finds. [Rite Aid Becomes RansomHub's Latest Victim After Data Breach]( The breach affects older customer information involved in purchases made from June 6, 2017, up until July 30, 2018. [Cloud Security, PowerShell Expertise Emerge as Key SOC Analyst Skills]( SOC analysts should also cultivate skills like incident handling and response, threat hunting, digital forensics, Python, and bash scripting. [MORE]( PRODUCTS & RELEASES [Top 5 Mistakes Businesses Make When Implementing Zero Trust]( [QBE Insurance Launches Global Cyber Coverage With QCyberProtect]( [MxD Research Reveals Major Disconnect Between Perceived and Actual Cybersecurity Capabilities in US Manufacturing]( [BlueVoyant Unveils Edge Security Operations Platform]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Threat Actors Ramp Up Use of Encoded URLs to Bypass Secure Email]( The tactic is not new, but there has been a steady increase in its use as of this spring. LATEST FROM THE EDGE [Training at Black Hat to Focus on Equipping Cybersecurity Leaders With Soft Skills]( A two-day presentation will examine the social-behavioral aspects of cybersecurity leadership to drive team success. LATEST FROM DR TECHNOLOGY [Unprecedented: Cloud Giants, Feds Team on Unified Security Intelligence]( The Cloud Safe Task Force aims to unite the US government and cloud service providers, like Amazon, Google, IBM, Microsoft, and Oracle, to provide a "National Cyber Feed": a continuous threat-monitoring tool for federal agencies. LATEST FROM DR GLOBAL [Shadowroot Ransomware Lures Turkish Victims via Phishing Attacks]( The ransomware is rudimentary with basic functionalities, likely having been created by an inexperienced developer — but it's effective at locking up files and sucking up memory capacity. WEBINARS - [Enhance Cloud Security with Cloud-Native Security]( In this webinar, learn how your current cloud security measures may be falling short as you shift to cloud-native, and what new tools and processes you will need to put in place to stay ahead of attackers. - [Tales of a Modern Data Breach: The Rise of Mobile Attacks]( Modern breaches now happen in minutes, not months. Threat actors are exploiting the fact that mobile devices are more susceptible to social engineering, enabling them to gain direct access to cloud infrastructure with legitimate credentials and swiftly compromise data. Recent ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [2023 OT Cybersecurity Year in Review]( - [OT Threat Intelligence Report: Fuxnet ICS Malware]( - [5 Critical Controls for World-Class OT Cybersecurity]( - [State of Enterprise Cloud Security]( - [Google Cloud Threat Horizons Report, H1 2024]( - [Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights]( - [Generative AI Gifts]( [View More White Papers >>]( FEATURED REPORTS - [2024 InformationWeek US IT Salary Report]( [View More Dark Reading Reports >>]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=124649&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_07.18.24&sp_cid=54335&utm_content=DR_NL_Dark%20Reading%20Weekly_07.18.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#6f If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)