Recent research by Sophos reveals that compromised logins are now the leading method for ransomware delivery, surpassing traditional software vulnerabilities. This shift means that attackers are increasingly using phishing, brute force attacks, and other identity-based threats to gain access to networks. As a result, organizations may be at greater risk if they do not enhance their security measures around user credentials. Companies should prioritize employee training on recognizing phishing attempts and implement multi-factor authentication to bolster defenses. This change in attack vectors highlights the need for a more proactive approach to cybersecurity, particularly in safeguarding login credentials.
The ransomware group D1R has claimed responsibility for accessing a database belonging to Synopsys, reportedly containing 40,000 entries. They allege that this information was then used to target Bosch, suggesting that sensitive intellectual property was stolen in the process. Synopsys has denied these claims, which raises questions about the security of their systems and the potential impact on Bosch and other companies. If the claims are true, it could mean serious repercussions for the affected organizations, including financial losses and reputational damage. The situation underscores the ongoing challenges companies face in protecting their data from cybercriminals.
On July 13, the U.S. Treasury's Office of Foreign Assets Control sanctioned a VPN provider named 1VPNS and a cryptor seller for their roles in facilitating ransomware attacks that have inflicted billions of dollars in losses on critical infrastructure. These sanctions target two individuals and the company for supplying essential tools and infrastructure to various ransomware groups. The actions aim to disrupt the operations of these gangs that have been wreaking havoc on businesses and institutions across the U.S. by demanding hefty ransoms. This move underscores the government's ongoing efforts to combat cybercrime and protect essential services from further exploitation. By cutting off the resources that enable these cybercriminals, authorities hope to reduce their operational capabilities significantly.
The D1R cybercrime group has claimed responsibility for stealing sensitive data from both Synopsys and Bosch, threatening to release the information unless a ransom is paid. However, Synopsys has conducted an investigation and found no evidence that any data breach occurred on their end. This situation raises concerns about the potential for misinformation and the tactics used by cybercriminals to instill fear and pressure companies into paying ransoms. It also highlights the need for organizations to remain vigilant and prepared for such threats, even when claims do not hold up under scrutiny. The implications of these threats can be significant, particularly for companies that handle sensitive data, as they can affect reputation and trust among customers.
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has taken action against a VPN service named First VPN Service (1VPNS) and two individuals for their involvement in supporting ransomware activities. This VPN is accused of providing tools that facilitate ransomware attacks, particularly targeting American users. The sanctions aim to disrupt the operations of cybercriminals who exploit such services to carry out malicious activities. The U.S. government is sending a strong message that it will hold accountable those who enable cybercrime, especially as ransomware attacks continue to pose significant risks to individuals and organizations. This development highlights the ongoing battle against cyber threats and the importance of regulatory measures to combat them.
This week's cybersecurity news highlights several significant threats, including vulnerabilities in Citrix's ShareFile that could be exploited by attackers. These vulnerabilities allow unauthorized access to sensitive data, putting companies that use ShareFile at risk. Additionally, a new ransomware strain, dubbed Citrix Bleed 2, has emerged, targeting organizations and demanding payment in exchange for restoring access to encrypted files. Researchers also noted an increase in AI-driven coding attacks, where attackers utilize artificial intelligence to find and exploit software bugs faster than they can be patched. This situation is concerning as many organizations still have unresolved vulnerabilities from previous years, indicating that outdated fixes are a persistent problem. Companies need to prioritize updating their systems and addressing known vulnerabilities to mitigate these risks.
Angelo Martino, a former ransomware negotiator at DigitalMint, has been sentenced to 70 months in prison for his role in betraying clients during ransomware negotiations. Starting in April 2023, Martino leaked sensitive information to the BlackCat ransomware group, including details about victims' negotiating positions and insurance policy limits. This breach of trust not only compromised the confidentiality of clients relying on DigitalMint's expertise but also aided BlackCat in executing further ransomware attacks. The case highlights the risks posed by insiders in cybersecurity, illustrating how an individual's actions can significantly impact organizations already vulnerable to cyber threats. Companies need to ensure robust monitoring and vetting processes to prevent similar incidents in the future.
An Armenian man has admitted his involvement in the Ryuk ransomware scheme, which has been responsible for numerous high-profile cyberattacks. Ryuk ransomware typically targets large organizations and demands hefty ransoms to restore access to encrypted data. The man was extradited from Ukraine to the United States to face charges, marking a significant step in holding perpetrators of ransomware attacks accountable. This case not only highlights the ongoing threat posed by ransomware but also underscores international cooperation in tackling cybercrime. As these types of attacks continue to disrupt businesses and public services, this guilty plea serves as a reminder of the need for robust cybersecurity measures across all sectors.
The Department of Homeland Security (DHS) has reported a significant data breach involving one of its databases, although specific details about the extent of the breach or the data compromised have not been disclosed. Meanwhile, Adobe is increasing the frequency of its security updates to better protect users from vulnerabilities, responding to the growing number of cyber threats. In another development, Canadian authorities have successfully disrupted ransomware operations, which is a crucial step in combating the rise of these attacks. Additionally, a data breach at AssuranceAmerica has put the personal information of around 7 million individuals at risk. This series of events illustrates the ongoing challenges organizations face in safeguarding sensitive data and the need for improved security measures across various sectors.
Hackread – Cybersecurity News, Data Breaches, AI and More
Actively Exploited
Angelo Martino, a former ransomware negotiator, has been sentenced to 70 months in prison for his role in facilitating extortion activities for the BlackCat ransomware group. Martino assisted in negotiating ransom payments and mishandled sensitive client information during cyberattacks against U.S. victims. His actions contributed to the financial and operational distress of the affected organizations, highlighting the ongoing issues with ransomware and the involvement of intermediaries in these crimes. This case serves as a reminder of the legal consequences for those who support cybercriminal operations, as well as the need for organizations to protect their data from exploitation.
A new ransomware known as GodDamn is making waves in the cybersecurity community for its ability to exploit a malicious driver to bypass security measures. This ransomware utilizes remote desktop applications to move stealthily across networks, allowing it to install the PoisonX kernel driver. Once in place, this driver can disable existing cybersecurity protections, making systems more vulnerable to attacks. This development is concerning for organizations relying on traditional security measures, as it highlights the evolving tactics of cybercriminals. Companies need to be vigilant and ensure their networks are protected against this form of exploitation.
Angelo Martino, a former ransomware negotiator, was sentenced to 70 months in prison for his role in aiding the BlackCat ransomware gang. While he was supposed to negotiate on behalf of five victims, he instead shared sensitive information with the attackers, effectively betraying his clients. This case highlights the risks associated with ransomware negotiations, where trust is critical. Martino’s actions not only compromised the victims but also raised concerns about the integrity of professionals in the cybersecurity field. His sentencing serves as a warning that aiding cybercriminals can lead to severe legal consequences.
GigaWiper is a newly identified piece of malware that combines different malicious functions, including a standalone wiper, ransomware encryption, and a multi-pass wiping command. This malware is designed for system-level sabotage, making it particularly dangerous for both individuals and organizations. Researchers have noted that it could severely disrupt operations by permanently deleting important data and encrypting files for ransom. The full impact of GigaWiper is still being assessed, but its destructive capabilities raise significant concerns for cybersecurity professionals and users alike. Companies need to be vigilant and implement strong security measures to protect against such invasive attacks.
A former employee of DigitalMint, a cybersecurity incident response firm, has been sentenced to 70 months in prison for his involvement in BlackCat (ALPHV) ransomware attacks targeting U.S. companies. The individual acted as a negotiator for ransom payments, facilitating the extortion of various organizations. This incident emphasizes the ongoing threat posed by ransomware groups like BlackCat, which have been known to exploit vulnerabilities in corporate networks to encrypt data and demand hefty ransoms. The sentencing serves as a warning to others in the cybersecurity field about the legal consequences of engaging in criminal activities related to ransomware. It also highlights the challenges companies face in protecting against such sophisticated attacks.
Anastasia Tikhonova from Group-IB emphasizes the importance of integrating software supply chain security into daily operations rather than treating it as a one-time compliance task. In a recent video, she advocates for the active use of Software Bill of Materials (SBOM) for various security processes, including vulnerability assessments and incident responses. Drawing insights from Group-IB’s High-Tech Crime Trend Report 2026, she warns that supply chain attacks are becoming more sophisticated, often linking phishing, ransomware, and data breaches through the trust companies place in their suppliers. This shift means organizations need to be proactive in managing their software supply chain risks to protect against these evolving threats. Acknowledging that these vulnerabilities can have widespread implications, Tikhonova encourages teams to make security a daily habit.