CyberSecurity news
FlagThis - #threatdetection
|
Pradeep Bairaboina@Tech Monitor
//
The Play ransomware group has been actively targeting organizations worldwide since June 2022, with the FBI reporting that approximately 900 entities have been compromised as of May 2025. These attacks span across North America, South America, and Europe, targeting a diverse range of businesses and critical infrastructure. The group employs a "double extortion" tactic, exfiltrating sensitive data before encrypting systems, putting additional pressure on victims to pay the ransom.
The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have issued updated advisories regarding the Play ransomware, highlighting new tactics, techniques, and procedures (TTPs) employed by the group. One notable tactic includes exploiting vulnerabilities in the SimpleHelp remote access tool. Specifically, multiple ransomware groups, including those affiliated with Play, have been actively targeting the CVE-2024-57727 path traversal vulnerability, which allows attackers to download arbitrary files from the SimpleHelp server. The advisories also note that Play operators regularly contact victims via phone, threatening to release stolen data if ransom demands are not met. To mitigate the threat posed by Play ransomware, authorities recommend several proactive security measures, including implementing multifactor authentication, maintaining offline data backups, and developing and testing a recovery plan. It is also critical to keep all operating systems, software, and firmware updated to patch known vulnerabilities. SimpleHelp has released security updates to address the exploited vulnerabilities and strongly urges customers to apply these fixes immediately. While Play ransomware has been linked to attacks on critical infrastructure, including nine attacks impacting healthcare, experts recommend constant vigilance and proactive security strategies across all sectors.
Share:
References :
Classification:
@www.bigdatawire.com
//
Dataminr and IBM are making significant strides in leveraging agentic AI to enhance security operations. Dataminr has introduced Dataminr Intel Agents, an autonomous AI capability designed to provide contextual analysis of emerging events, threats, and risks. These Intel Agents are part of a broader AI roadmap aimed at improving real-time decision-making by providing continuously updated insights derived from public and proprietary data. This allows organizations to respond faster and more effectively to dynamic situations, sorting through the noise to understand what matters most in real-time.
IBM is also delivering autonomous security operations through agentic AI, with new capabilities designed to transform cybersecurity operations. This includes driving efficiency and precision in threat hunting, detection, investigation, and response. IBM is launching Autonomous Threat Operations Machine (ATOM), an agentic AI system designed for autonomous threat triage, investigation, and remediation with minimal human intervention. ATOM is powered by IBM's Threat Detection and Response (TDR) services, leveraging an AI agentic framework and orchestration engine to augment existing security analytics solutions. These advancements are critical as cybersecurity faces a unique moment where AI-enhanced threat intelligence can give defenders an advantage over evolving threats. Agentic AI is redefining the cybersecurity landscape, creating new opportunities and demanding a rethinking of how to secure AI. By automating threat hunting and improving detection and response processes, companies like Dataminr and IBM are helping organizations unlock new value from security operations and free up valuable security resources, enabling them to focus on high-priority threats.
Share:
References :
Classification:
|