#NSA warns “fast flux” threatens national #security. What is fast flux anyway?

A technique that hostile nation-states & financially motivated #ransomware groups are using to hide their operations poses a threat to critical #infrastructure & national security, the NSA has warned.

The technique is known as #FastFlux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed
#privacy

https://arstechnica.com/security/2025/04/nsa-warns-that-overlooked-botnet-technique-threatens-national-security/

#HuntersInternational shifts from #ransomware to pure data extortion

https://www.bleepingcomputer.com/news/security/hunters-international-rebrands-as-world-leaks-in-shift-to-data-extortion/

#Ransomware

rheinmetall[.]com (#Rheinmetall #Defence)

Group Name: #babuk2
https://m.ransomware.live/id/cmhlaW5tZXRhbGwuY29tIChSaGVpbm1ldGFsbCBEZWZlbmNlKUBiYWJ1azI=

#Texas #StateBar warns of data breach after #INC #ransomware claims attack

https://www.bleepingcomputer.com/news/security/texas-state-bar-warns-of-data-breach-after-inc-ransomware-claims-attack/

16 months after they experienced a ransomware attack, Dameron Hospital notifies those affected:

https://databreaches.net/2025/04/04/16-months-after-they-experienced-a-ransomware-attack-dameron-hospital-notifies-those-affected/

HellCat - the ransomware gang that has been known to demand payment... in baguettes!

Are they rolling in the dough? Bread all about it in my article on the Tripwire blog: https://www.tripwire.com/state-of-security/hellcat-ransomware-what-you-need-know

Ransomware-Angriff: Regionale Verkehrsbetriebe Baden-Wettingen (RVBW) #Ransomware #Einbruch #Datendiebstahl #TeamInfoSec #cyberangriff https://www.security-incidents.de/sicherheitsvorfaelle/ransomware_angriff_regionale-verkehrsbetriebe-8982.php

Meine Datenschutz und Privatsphäre Übersicht 2025, für die Allgemeinheit

Teilen er­be­ten

als PDF:

https://cryptpad.digitalcourage.de/file/#/2/file/NdmBgSYkRCto8B+JmJkE9mQ4/

 #DSGVO #TDDDG ( #unplugtrump )
#Datenschutz #Privatsphäre #sicherheit #Verschlüsselung
#encryption #WEtell #SoloKey #NitroKey #Email #Cybersecurity #Pixelfed #Massenűberwachung
#Google #Metadaten #WhatsApp #Threema #Cryptpad #Signal
#Hateaid #Cyberstalking #Messenger #Browser #Youtube #NewPipe #Chatkontrolle #nichtszuverbergen #ÜberwachungsKapitalismus #Microsoft #Apple #Windows #Linux #Matrix #Mastodon #Friendica #Fediverse #Mastodir #Loops #2FA #Ransomware #Foss #VeraCrypt #HateAid #Coreboot #Volksverpetzer #Netzpolitik #Digitalisierung #FragdenStaat #Shiftphone  #OpenSource #GrapheneOS #CCC #Mail #Mullvad #PGP #GnuPG #DNS #Gaming #linuxgaming #Lutris #Protondb #eOS #Enshittification
#Bloatware #TPM #Murena  #LiberaPay #GnuTaler #Taler #PreppingforFuture
#FediLZ #BlueLZ #InstaLZ #ThreatModel
#FLOSS #UEFI #Medienkompetenz

DragonForce Claims to Be Taking Over RansomHub Ransomware Infrastructure https://thecyberexpress.com/dragonforce-claims-to-be-taking-over-ransomhub/ #DragonForceransomware #TheCyberExpressNews #TheCyberExpress #FirewallDaily #Ransomware #CyberNews #RansomHub

DragonForce appears to be taking over the infrastructure of RansomHub, the largest ransomware group. A huge scoop courtesy of the Cyble threat intelligence research team. #Ransomware #Cybersecurity #ThreatIntelligence

https://thecyberexpress.com/dragonforce-claims-to-be-taking-over-ransomhub/

An international ransomware group has claimed responsibility for a cyberattack against Australian IVF provider Genea, exfiltrating an alleged 700GB of sensitive patient data spanning six years and posting samples on the dark web to validate the breach. Despite Genea securing an interim NSW Supreme Court injunction to prohibit dissemination, the leaked data remained online as of mid-Wednesday, with affected patients not directly notified at the time. Cybersecurity experts note this tactic is typical ransomware pressure behavior, and the group—linked to prior supply chain incidents—has not issued public ransom demands. Genea, criticized for limited patient communication and lack of immediate support services, confirmed the breach involved personal and medical information and is working with the Australian government’s cyber coordination team, while urging clients to remain vigilant against identity fraud and phishing attempts. #CyberSecurity #Ransomware https://www.abc.net.au/news/2025-02-26/genea-ivf-cyber-incident-ransomware/104985242

Ready for a fresh day of Cyber horrors? Me neither!

Oh well, here you go: https://opalsec.ghost.io/daily-news-update-wednesday-april-2-2025-australia-melbourne/

Here's a few of the key items to be aware of:

Palo Alto GlobalProtect Scans: Observed a significant spike in scans targeting Palo Alto Network GlobalProtect login portals, possibly prior to new exploit releases. Time to audit those logs!

China as Top Cyber Threat: Gen. Paul Nakasone (former NSA/Cyber Command Head) highlights China's unprecedented cyber activities, including malicious code in critical infrastructure and rapid exploitation of vulnerabilities. It's time to rethink our defense strategies!

North Korean IT Worker Expansion: North Korean "IT warriors" are infiltrating European companies, using fake identities to secure remote work and fund their regime. Stay vigilant and double-check those remote hires!

Identity Flaws in Breaches: A new report indicates 60% of incidents involved an identity attack, with compromised valid accounts being a top initial access vector. Focus on robust MFA, least privilege, and AD security!

Read the full post for all the details and more actionable insights, and if you want all this straight to your inbox, you're in luck! https://opalsec.ghost.io/daily-news-update-wednesday-april-2-2025-australia-melbourne/#/portal/signup

There's a certain irony in a company that offers cyber security services getting hacked, but for Hexicor's many customers across Australia that irony may be lost.

#cybersecurity #ransomware

https://www.cyberdaily.au/security/11927-exclusive-killsec-claims-ransomware-attack-on-queensland-it-services-firm-hexicor

»Gmail Gets End-To-End Encryption From Google As 21'st Birthday Present:
[…] Google Claims To Have Invented An Entirely New Type Of Encryption For Gmail Users […]«

This is not an April joke and yes Google offers OpenPGP for Gmail Accounts. This is not difficult to set up but too many people are too lazy in my opinion.

https://www.forbes.com/sites/daveywinder/2025/04/01/gmail-gets-end-to-end-encryption-from-google-as-21st-birthday-present/

Die Cyber-#Forensikerinnen Melanie Kubli und Tabea Nordieker bei der Arbeit: Der Schweizer Tagesanzeiger hat einen detaillierten und spannenden Bericht über die Arbeit der beiden IT-Spezialistinnen bei einem #Ransomware-Vorfall veröffentlicht - und wie sie mit #Cybercrime-Gruppierungen wie zB #Akira erfolgreich verhandeln - lesenswert und vielen Dank für das Engagement in der #Cybersicherheit!

https://www.tagesanzeiger.ch/digitale-forensikerinnen-sie-verhandeln-mit-hackern-444497033587 #cybersecurity

Retail giant #SamsClub investigates #Clop #ransomware breach claims

https://www.bleepingcomputer.com/news/security/retail-giant-sams-club-investigates-clop-ransomware-breach-claims/

£3 million fine for healthcare MSP with sloppy security after it was hit by ransomware attack.

Sensitive data related to almost 80,000 people exposed, and NHS services disrupted.

Read more in my article on the Exponential-e blog: https://www.exponential-e.com/blog/3-million-fine-for-healthcare-msp-with-sloppy-security-after-it-was-hit-by-ransomware-attack

A little ray of sunshine:

The Journal Times, part of Lee Enterprises, had been seriously impacted by the #ransomware attack by Qilin in February. Today, they announced that they are back to full strength: https://journaltimes.com/opinion/column/article_856d2fed-473b-4683-bbf4-61e8fd157830.html

Sincere congrats to them after what was almost two months of intensive and dedicated efforts to fully recover.

Here's another notification where it sounds like the victim paid the extortion demand but doesn't come right out and say that. Instead, their notification letter says that the data had temporarily been posted online but "The data is no longer posted on the dark web and, at this time, Kronick has no reason to believe this data was retained by the unknown third party or that any additional data was taken."

They don't name the attackers, but this was an incident involving #Rhysida that Rhysida had claimed on August 22, 2024.

Given how often we are told that these ransomware groups do retain data even after pinky-swearing and providing videos of it supposedly being destroyed forever, should entities like the law firm above say they have no reason to believe that their data was retained?

The notification letter by Kronick Moskovitz Tiedemann & Girard can be found at https://oag.ca.gov/system/files/KMTG_Individual%20Notice%20Letter%20Sample%203.28.2025_0.pdf

Hackers breached Oracle's Cerner servers after January 22, stealing patient data to extort US medical providers. The FBI is now investigating. #Oracle #Cerner #CyberSecurity #DataBreach #FBI #HealthcareSecurity #MedicalData #TechNews #Ransomware