Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout
Source: The Hacker News
The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner. "ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is blatantly obvious when you check the source code of the new takedown notice."
'The Weirdest Trend in Cybersecurity': Nation-States Returning to USBs
Source: Dark Reading
Nation-state cyber threat groups are once again turning to USBs to compromise highly guarded government organizations and critical infrastructure facilities. Having fallen out of fashion for some time, and certainly not helped by COVID lockdowns, USBs are once again proving an effective way for high-level threat actors to physically bypass security at particularly sensitive organizations.
Alert: Info Stealers Target Stored Browser Credentials
Source: Data Breach Today
Typing passwords is a drag. Ever-helpful browser makers and online services know this and offer to save them for you. The problem is: Hackers know it too, only their idea is to steal the saved passwords that users have conveniently left exposed inside browsers or in cookie files.
Hacked WordPress sites use visitors' browsers to hack other sites
Source: Bleeping Computer
Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. The campaign was first spotted by website cybersecurity firm Sucuri, which has been tracking a threat actor known for breaching sites to inject crypto wallet drainer scripts.
Rhysida Offers to Sell Children's Hospital Data for $3.4M
Source: Data Breach Today
Ransomware group Rhysida is offering to sell "exclusive data" stolen from a Chicago pediatric hospital for $3.4 million on the dark web, while the hospital struggles to recover its IT systems, including its electronic health records and patient portal, one month after the attack.