A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site and Tor payment site offline.

https://threatpost.com/revil-servers-offline-governments/175675/

The platform’s Content Delivery Network and core features are being used to send malicious files—including RATs–across its network of 150 million users, putting corporate workplaces at risk.

https://threatpost.com/threat-actors-abuse-discord-to-push-malware/175663/

A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.

https://threatpost.com/ta551-tactics-sliver-red-teaming/175651/

If AvosLocker stole Gigabyte’s master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.

https://threatpost.com/gigabyte-avoslocker-ransomware-gang/175642/

Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.

https://threatpost.com/cybersecurity-failing-ransomware/175637/

Chicago-based Ferrara acknowledged an Oct. 9 attack that encrypted some systems and disrupted production.

https://threatpost.com/ransomware-candy-corn-halloween/175630/

Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on, or auctioning off, ripped-off channels.

https://threatpost.com/google-youtube-channel-hijackers-cryptocurrency-scams/175617/

Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that’s as potent as it is ancient.

https://threatpost.com/apt-commodity-rats-microsoft-bug/175601/

The group is likely nation-state-backed and is mounting an ongoing spy campaign using custom malware and stealthy tactics.

https://threatpost.com/apt-harvester-telco-government-data/175585/

The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It’s kept up attacks through 2021 and is working on retooling its arsenal yet again.

https://threatpost.com/lyceum-apt-tunisian-firms/175579/

An advisory by the CISA, FBI and NSA reveals hallmark tactics of and shares defense tips against the cybercriminal group that’s picked up where its predecessor DarkSide left off.

https://threatpost.com/feds-warn-blackmatter-ransomware-gang-is-poised-to-strike/175567/

TA505 – cybercrime trailblazers with ever-evolving TTPs – have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages.

https://threatpost.com/ta505-retooled-flawedgrace-rat/175559/

Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing ‘security champions’ to help small businesses.

https://threatpost.com/accountability-cybersecurity/175571/

Companies are worried that the highly privileged password app could let attackers deep inside an enterprise’s footprint, says Redscan’s George Glass.

https://threatpost.com/podcast-zoho-solarwinds/175553/

A major cyberattack resulted in data being stolen, too, but Sinclair’s not sure which information is now in the hands of the crooks.

https://threatpost.com/sinclair-ransomware-tv-stations/175548/

The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea.

https://threatpost.com/twitter-suspends-security-researchers/175524/

The group – which also created BazarLoader and the Conti ransomware – has juiced its distribution tactics to threaten enterprises more than ever.

https://threatpost.com/trickbot-cybercrime-elite-affiliates/175510/

Fortinet’s Derek Manky discusses a recent global survey showing that two-thirds of organizations suffered at least one ransomware attack, while half were hit multiple times.

https://threatpost.com/podcast-67-percent-orgs-ransomware/175339/

The new Necro Python exploit targets Visual Tool DVRs used in surveillance systems.

https://threatpost.com/freakout-botnet-dvrs-monero-cryptominers/175467/

Microsoft’s October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is a zero-day being used to deliver the MysterySnail RAT to Windows servers.

https://threatpost.com/microsoft-patch-tuesday-bug-exploited-mysterysnail-espionage-campaign/175431/