Treasury Sanctions Iran’s Nobitex Exchange as Ransomware Gangs Bypass VPN MFA

The US Treasury sanctioned Nobitex, Iran’s largest crypto exchange, for facilitating ransomware-linked and terrorism-related payments, while separate research shows ransomware affiliates bypassing MFA on SonicWall VPN appliances. Here’s this week’s ransomware roundup covering both the cash-out and entry-point sides of the attack pipeline.

Read more

ShinyHunters-Linked Attackers Walked Into Salesforce Through Trust, Not Vulnerabilities

Microsoft mapped how ShinyHunters-linked attackers spent a year walking into corporate Salesforce environments through abused OAuth trust connections rather than any platform vulnerability. Combined with a ransomware attack on the Orleans Parish Sheriff’s Office and INC ransomware’s rise to 830 claimed victims, here’s this week’s ransomware landscape.

Read more

BlueHammer Exploited by Ransomware Gangs as a $1 Million Payment Raises Questions

CISA confirms ransomware gangs are exploiting a new Microsoft Defender flaw called BlueHammer, while a US government entity paid $1 million to a group called Kairos that researchers doubt is even a real ransomware gang. Plus Hasbro confirms a breach and new EDR-killing toolkits emerge. Here’s this week’s ransomware roundup.

Read more