The Security Blog From Gridinsoft

FBI Seized ALPHV/BlackCat Ransomware Darknet Site

ALPHV Site Taken Down by the FBI

On December 19, 2023, one of the ALPHV/BlackCat ransomware sites was taken down by the FBI. The typical FBI banner…

Kinsta Alerts About Phishing Campaign on Google Ads

Kinsta, a prominent WordPress hosting provider, has issued a warning to its customers regarding a concerning new trend in cyberattacks.…

JetBrains Vulnerability Exploited by CozyBear Hackers

JetBrain’s TeamCity servers became a target to a Russian-backed attacker CozyBear. Using a vulnerability discovered back in March 2023, hackers…

QakBot is Back With a New Email Spam Campaign

Qakbot appears to be back online after the network destruction in the Operation Duck Hunt. Microsoft Threat Intelligence team reports…

KraftHeinz Hacked by Snatch Ransomware Gang

The global food and beverage company KraftHeinz became a target of an infamous Snatch ransomware gang. Hackers listed the company…

Snatch Ransomware Claims Hacking KraftHeinz

KraftHeinz Hacked by Snatch Ransomware Gang

The global food and beverage company KraftHeinz became a target of an infamous Snatch ransomware gang. Hackers listed the company on its Darknet leak site. This is yet another hack…

Ukraine's Biggest Cellular Carrier Kyivstar Hacked

Kyivstar, Ukraine’s Biggest Cell Carrier, Hacked

On Tuesday, December 12, 2023, Ukraine’s largest cellular operator Kyivstar got its network infrastructure ruined. This is a result of a hack that was most likely executed by a Russian…

New Apache Struts 2 RCE Vulnerability Discovered

New Apache Struts 2 Vulnerability Allows for RCE

A newly discovered critical security flaw in Apache Struts 2, a widely used open-source web application framework, has spurred an urgent call for users to patch their systems. The flaw,…

Researchers Uncover Malicious Loan Apps With 12 Million Users

Malicious Loan Apps in Play Store Decieved 12M Users

Eighteen malicious loan apps on the Google Play Store, posing as legitimate financial services, have scammed users. They offer high-interest-rate loans while harvesting their personal and financial data for malicious…

PoolParty Injection Techniques Circumvent Top Security Solutions

PoolParty Injection Techniques Circumvent EDR Solutions

A set of process injection techniques, named PoolParty, was presented at the Black Hat Europe 2023 conference. A set of 8 tricks allows to force running any malicious code, and…

WordPress Releases Patch for Critical Security Vulnerability

WordPress Critical Vulnerability Fixed in Patch 6.4.2

WordPress has rolled out version 6.4.2, addressing a critical remote code execution (RCE) vulnerability. Discovered by the project’s security team, the vulnerability could potentially be exploited by threat actors to…

AeroBlade is targeting the U.S. aerospace industry

AeroBlade TA Spies On U.S. Aerospace Industry

Cybersecurity experts have uncovered a sophisticated cyberespionage campaign targeting a prominent U.S. aerospace organization. The threat actor, identified as AeroBlade, executed a spear phishing attack, raising serious questions about the…

ColdFusion Vulnerability Exploited to Infiltrate Servers of a Federal Agency

Federal Agency Hacked With ColdFusion Vulnerability

A vulnerability in Adobe’s ColdFusion allowed hackers to breach two public-facing servers at a federal agency. The Cybersecurity and Infrastructure Security Agency (CISA) published a report explaining the way it…

Sierra Wireless AirLink Routers Have 21 Vulnerabilities

Sierra AirLink Vulnerabilities Expose Critical Infrastructure

The grand total of 21 security flaws was discovered in Sierra Wireless AirLink routers firmware. The vulnerabilities allow for remote code injection, unauthenticated access, DoS attacks, and else. As such…

Microsoft alerted about New Cactus ransomware

Microsoft Alerts of New Cactus Ransomware Attacks

Microsoft has raised the alarm about a growing wave of ransomware attacks utilizing malvertising tactics to spread Cactus ransomware. The sophisticated malware campaign hinges on deploying DanaBot as an initial…

Hackers Gain Access to Sensitive Data in 23andMe Database

23andMe Data Leak Exposes Nearly 7 Million Users’ Sensitive Data

Nearly 7 million clients of a genetic testing and biotechnology company 23andMe fell victim to a data leak in October. Hackers got unauthorized access and extracted profile data, affecting a…

Outlook Vulnerability Exploited In The Wild

Outlook Vulnerability Exploited by Russian Hackers

A vulnerability in Microsoft Outlook is under active exploitation – that is the worrying notification from Microsoft. World largest software developer warns about Russian state-sponsored hackers using this breach to…