MOVEit Repackaged and Recycled

The largest repackage and re-post of an old leak In November 2024, a hacker known as “Nam3L3ss” allegedly released previously undisclosed data from the MOVEit breach in May 2023. This leak consisted of millions of records, including sensitive employee and big brand corporate information, significantly escalating the breach’s impact. Digging into this story reveals that […]

Infostealer Malware: An Introduction

Infostealer malware represents one of the most underrated threats to corporate and consumer information security today. These sophisticated remote access Trojans (RATs) silently infect computers and systematically exfiltrate massive amounts of sensitive information from the host to threat actors’ command and control (C2) infrastructure. Their primary targets include: Once the information has been exfiltrated, it […]

Actualités cybercriminelles: une brèche de sécurité pour une agence de vérification d'antécédents, une reprise de possession de blogue rançongiciel, une querelle entre forums et la double arrestation de "J.P. Morgan"

Fond bleu foncé avec le logo de Leaky Weekly sur le côté gauche dans un cercle. À droite se trouve un ovale vert avec « Podcast » à l'intérieur. En dessous se trouve le texte en blanc : « Background Check Organization Breach, A Repossessed Ransomware Blog, Feuding Forums, and the Double Arrest of « JP Morgan » »

There’s so much to keep up with in the world of cybercrime…especially for security practitioners. Leaky Weekly is a bi-weekly podcast hosted by security researcher Nick Ascoli as he dives into the most pressing stories on data leaks, cybercrime, and the dark web in the last week or so. On this episode of Leaky Weekly, […]

Ransomware in Context: 2024, A Year of Tumultuous Change

Gradient blue background. There is a light orange oval with the white text "BLOG" inside of it. Below it there's white text: "Ransomware in Context: 2024, A Year of Tumultuous Change" with a light orange arrow pointing down.

2024 has started off dramatic shifts in the ransomware landscape. In December of 2023 international law enforcement took down the BlackCat leaks site, leading to the group removing all ethical restrictions for their affiliates and declaring all organizations in Western Europe and the United States viable targets to include nuclear power plants and childrens hospitals. […]

LockBit’s Conversation on XSS Forum with an Initial Access Broker

Gradient blue background. There is a light orange oval with the white text "BLOG" inside of it. Below it there's white text: "LockBit's Conversation on XSS Forum with an Initial Access Broker" with a light orange arrow pointing down.

In February of 2024, admins of the Russian hacking forum XSS banned the primary LockBit account active on the forum. The ban was the result of a dispute between LockBit, and an initial access broker operating under the username “aa.”  The following is a conversation between AA and LockBit, posted on XSS as aa sought […]

Threat Spotlight: Data Extortion Ransomware Threats

A navy background with the white text "Data Extortion Ransomware Threats"

Over the last few years, the ransomware landscape has changed significantly. Between 2022 and 2023, ransomware attacks increased by more than 100% year-over-year, with more attacks consisting of double and triple extortion. At a high level, the categories of ransomware can be defined as: Modern ransomware attacks are no longer a lone individual sitting at […]