ransomware

Week in review: MOVEit Transfer critical zero-day vulnerability, Kali Linux 2023.2 released

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: MOVEit Transfer zero-day attacks: The latest infoProgress Software has updated the security advisory and confirmed that the vulnerability (still without a CVE number) is a SQL injection vulnerability in the MOVEit Transfer web application that could allow an unauthenticated attacker …

Week in review: MOVEit Transfer critical zero-day vulnerability, Kali Linux 2023.2 released Read More »

ALPHV/BlackCat ransomware attack against Casepoint under investigation

U.S. legal discovery tech service provider Casepoint has launched a probe into a possible cyberattack following claims by the ALPHV/BlackCat ransomware operation purporting the theft of 2TB of sensitive data from the firm, according to TechCrunch. Article Link: ALPHV/BlackCat ransomware attack against Casepoint under investigation | SC MediaRead more

New Linux Ransomware BlackSuit is similar to Royal ransomware

Experts noticed that the new Linux ransomware BlackSuit has significant similarities with the Royal ransomware family. Royal ransomware is one of the most notable ransomware families of 2022, it made the headlines in early May 2023 with the attack against the IT systems in Dallas, Texas. The human-operated Royal ransomware first appeared on the threat landscape in September 2022, it has …

New Linux Ransomware BlackSuit is similar to Royal ransomware Read More »

New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal

Jun 03, 2023Ravie LakshmananEndpoint Security / Linux An analysis of the Linux variant of a new ransomware strain called BlackSuit has covered significant similarities with another ransomware family called Royal. Trend Micro, which examined an x64 VMware ESXi version targeting Linux machines, said it identified an “extremely high degree of similarity” between Royal and BlackSuit. …

New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal Read More »

Update now! MOVEit Transfer vulnerability actively exploited

On May 31, 2023, Progress Software released a security bulletin about a critical vulnerability in MOVEit Transfer. The security bulletin states: “a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an un-authenticated attacker to gain unauthorized access to MOVEit Transfer’s database. Depending on the database engine being used …

Update now! MOVEit Transfer vulnerability actively exploited Read More »

Hackers Using MOVEit Flaw to Deploy Web Shells, Steal Data

Governance & Risk Management , Patch Management Mandiant Said TTPs of Threat Group Behind Exploiting MOVEit Appear Similar to FIN11 Michael Novinson (MichaelNovinson) • June 2, 2023     Adversaries are taking advantage of a recently patched vulnerability in Progress Software’s managed file transfer product to deploy web shells and steal data. See Also: Live …

Hackers Using MOVEit Flaw to Deploy Web Shells, Steal Data Read More »

The Week in Ransomware – June 2nd 2023 – Whodunit?

It has been a fairly quiet week regarding ransomware, with only a few reports released and no new significant attacks. However, we may have a rebrand in the making, and a ransomware operation is likely behind a new zero-day data-theft campaign, so we have some news to talk about. Read more

Legal services platform used by SEC, Pentagon investigating ransomware attack claims

A legal document platform used by several arms of the U.S. government is investigating claims by a ransomware group that it has been attacked. Casepoint, based outside of Washington, D.C., provides organizations with a platform to post legal documents for litigation, investigations and compliance. In April the company signed a five-year deal with the United …

Legal services platform used by SEC, Pentagon investigating ransomware attack claims Read More »

The White House says Section 702 is critical for cybersecurity, yet public evidence is sparse

The White House says Section 702 is critical for cybersecurity, yet public evidence is sparse | CyberScoop Skip to main content Advertisement Advertisement Close Government An FBI official told CyberScoop that a “plurality” of Section 702 searches pertain to investigations into nation-state cyberattacks. Senate Intelligence Committee Co-Chair Mark Warner, seen here at the U.S. Capitol …

The White House says Section 702 is critical for cybersecurity, yet public evidence is sparse Read More »

Cyber Security Today, Week in Review for the week ending Friday, June 2, 2023

Welcome to Cyber Security Today. This is the Week in Review for the week ending June 2nd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S. In a few minutes Terry Cutler of Montreal’s Cyology Labs will be here to comment on some of the latest news. But first …

Cyber Security Today, Week in Review for the week ending Friday, June 2, 2023 Read More »

Two Years Since the Colonial Pipeline Hack, Here’s What We’ve Learned

By Matt Morris, Global Managing Director of Two years have passed since the notorious Colonial Pipeline hack, an incident that plunged the nation into a state of emergency, causing fuel disruptions in airlines and commercial sectors, and triggering panic-buying among consumers leading to a sharp rise in gas prices. In May 2021, the hack infiltrated …

Two Years Since the Colonial Pipeline Hack, Here’s What We’ve Learned Read More »

CVE-2023-34362: MOVEIt Transfer Critical Zero-Day Vulnerability Exploited in the Wild

CVE-2023-34362: MOVEIt Transfer Critical Zero-Day Vulnerability Exploited in the Wild Discovery of a new zero-day vulnerability in MOVEit Transfer becomes the second zero-day disclosed in a managed file transfer solution in 2023, with reports suggesting that threat actors have stolen data from a number of organizations. Background On May 31, Progress Software Corporation (“Progress Software”), …

CVE-2023-34362: MOVEIt Transfer Critical Zero-Day Vulnerability Exploited in the Wild Read More »

Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised

Enzo Biochem, a biotechnology company renowned for producing and distributing DNA-based tests designed to identify viral and bacterial diseases, has recently confirmed in a filing with the Securities and Exchange Commission (SEC) that it fell victim to a ransomware attack.  The malicious cyber assault has exposed the confidential information of 2.47 million patients, including names, …

Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised Read More »

Live Webinar | The Duality of AI & ChatGPT in Enabling and Preventing Ransomware

Markus Bauer Senior Technology Evangelist EMEA, Acronis Markus holds a degree as Information Electronics Engineer and has more than 25 years of experience in the IT industry with extensive expertise in Business Development, Marketing, Sales, Presales, and distribution of products and services. He held various Sales and Channel positions in which he, amongst other things, …

Live Webinar | The Duality of AI & ChatGPT in Enabling and Preventing Ransomware Read More »

Point32Health ransomware attack exposed info of 2.5M people

After the recent ransomware attack, Point32Health disclosed a data breach that impacted 2.5 million Harvard Pilgrim Health Care subscribers. In April, the non-profit health insurer Point32Health took systems offline in response to a ransomware attack that took place on April 17. The insurer immediately launched an investigation into the incident with the help of third-party …

Point32Health ransomware attack exposed info of 2.5M people Read More »

New QBot Malware Campaign Exploits WordPad for Infection

A recent QBot malware campaign has been observed leveraging a DLL hijacking vulnerability in the WordPad utility application to evade detection by security measures. Exploiting Windows programs for malicious purposes is an increasingly prevalent trend observed among threat actors. According to ProxyLife, a cybersecurity specialist and member of Cryptolaemus, the recently discovered QBot phishing campaign …

New QBot Malware Campaign Exploits WordPad for Infection Read More »

How to Protect Operational Technology (OT) from Cyber Threats

By Jayakumar (Jay) Kurup, Global Sales Engineering Director at Securing operational technology (OT) creates unique challenges. Zero tolerance of downtime in factories, ports, banks, treatment plants, and other OT environments means that standard security practices like patch management or deploying protective solutions onto endpoints can be almost impossible to uphold. Sometimes this is due to …

How to Protect Operational Technology (OT) from Cyber Threats Read More »

Malicious PyPI Packages Use Compiled Python Code to Bypass Detection

Security researchers at ReversingLabs have discovered a novel attack that used compiled Python code to evade detection.  According to ReversingLabs reverse engineer Karlo Zanki, this could be the first instance of a supply chain attack capitalizing on the direct execution capability of Python byte code (PYC) files. The method introduces another supply chain vulnerability for …

Malicious PyPI Packages Use Compiled Python Code to Bypass Detection Read More »

Phishing attacks increasingly sophisticated: Cat and mouse – and no end in sight

Phishing is one of the most popular types of cyberattacks. In the corporate environment, social engineering fraudsters prefer to exploit employees as a vulnerability to obtain sensitive information such as log-in and financial data or to trigger malicious actions.  Although numerous tools and procedures for e-mail security are already available on the market, phishing continues …

Phishing attacks increasingly sophisticated: Cat and mouse – and no end in sight Read More »

Materiality: It’s Not Always Straightforward

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires companies operating in critical infrastructure sectors to report covered cyber incidents within 72 hours of the companies’ reasonable belief that a cyber incident has occurred, and report within 24 hours after a ransom payment.  The U.S. Securities and Exchange Commission has stepped in …

Materiality: It’s Not Always Straightforward Read More »

Compliance and Risk Management: It’s a Juggling Act

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires companies operating in critical infrastructure sectors to report covered cyber incidents within 72 hours of the companies’ reasonable belief that a cyber incident has occurred, and report within 24 hours after a ransom payment.  The U.S. Securities and Exchange Commission has stepped in …

Compliance and Risk Management: It’s a Juggling Act Read More »

Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards

by Paul Ducklin Researchers at firmware and supply-chain security company Eclypsium claim to have found what they have rather dramatically dubbed a “backdoor” in hundreds of motherboard models from well-known hardware maker Gigabyte. In fact, Eclypsium’s headline refers to it not merely as a backdoor, but all in uppper case as a BACKDOOR. The good …

Researchers claim Windows “backdoor” affects hundreds of Gigabyte motherboards Read More »

Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer

Point32Health is the second-largest health insurer in Massachusetts. The company revealed that 2.5 million Harvard Pilgrim Health Care customers were affected by a recent ransomware attack. Hackers exfiltrated files with customers’ names, addresses, Social Security numbers, health insurance information, tax information, and comprehensive medical histories. Point31Health has not fully restored the Harvard Pilgrim Health Care …

Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer Read More »