Ghost ransomware crew continues to haunt IT depts with scarily bad infosec

The operators of Ghost ransomware continue to claim victims and score payments, but keeping the crooks at bay is possible by patching known vulnerabilities and some basic infosec actions, according to a joint advisory issued Wednesday by the FBI and US Cybersecurity and Infrastructure Security Agency. The Feds warned orgs to beware of this spectral menace, which is known to have infected critical infrastructure and entities in every sector of a typical economy, and which has been observed scoring ransoms as recently as January. It is said to have racked up victims in more than 70 countries, including some in its China homeland.

Updated Shadowpad Malware Leads to Ransomware Deployment

In November 2024, we had two incident response cases in Europe with similar C&C servers and other TTPs, suggesting a single threat actor behind both operations. Both incidents involved Shadowpad, a malware family that has been used by multiple advanced Chinese threat actors to perform espionage. Hunting for similar TTPs, we found a total of 21 companies being targeted with similar malware toolkit in the last 7 months. Nine of them in Europe, eight in Asia, three in the Middle East, and one in South America. We found eight different industries being affected, with more than half of the targets being in the Manufacturing industry. They are listed in the Victimology section.

Fingerprint Heists: How your browser fingerprint can be stolen and used by fraudsters

Fraudsters are continuously seeking innovative ways to exploit unsuspecting internet users. One of the latest and most concerning techniques revolves around browser fingerprinting — a method that allows cybercriminals to steal unique digital identifiers associated with user online activity. What makes browser fingerprinting particularly alarming is its invisibility. The victim might not even know that the fingerprint has been captured or misused. Fraudsters can bypass security measures, impersonate victims on trusted platforms, and commit fraudulent activities—all without triggering suspicion from security systems that rely on these fingerprints for authentication.

BlackBasta Ransomware Chatlogs Leaked Online

Netherlands-based threat intelligence firm Prodaft revealed on February 20 that internal chatlogs from the BlackBasta ransomware gang have been leaked online. BlackBasta is a ransomware strain that was first detected in April 2022. Early on, cyber threat intelligence experts assessed that the members of the group behind the ransomware were associated with other top-tier ransomware groups, especially Conti and REvil. Yelisey Bohuslavskiy, Partner and Chief Research Officer at Red Sense, believes BlackBasta is a merger of the two defunct groups.

Google Cloud’s Multi-Factor Authentication Mandate: Setting a Standard or Creating an Illusion of Security?

Google Cloud recently announced that it will require all users to adopt multi-factor authentication (MFA) by the end of 2025, joining other major cloud providers like Amazon Web Services (AWS) and Microsoft Azure in mandating this critical security measure. As the threat landscape intensifies, with phishing and credential theft becoming common attack vectors, Google’s phased rollout of mandatory MFA marks a major step in the evolution of cloud security. Starting in November 2024, administrators will begin receiving guidance on implementing MFA, leading up to mandatory MFA for all new and existing users in early 2025, and eventually expanding to federated accounts by the end of the year.