2021, Accountability, Backups and Information Security

ALPHV/BlackCat ransomware affiliate targets Veritas Backup solution bugs

Security Affairs

APRIL 4, 2023

An ALPHV/BlackCat ransomware affiliate was spotted exploiting vulnerabilities in the Veritas Backup solution. An affiliate of the ALPHV/BlackCat ransomware gang, tracked as UNC4466, was observed exploiting three vulnerabilities in the Veritas Backup solution to gain initial access to the target network. CVSS score: 8.1).

Backups

Backups Ransomware Authentication Penetration Testing

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 8, 2023

US CISA has added Veritas Backup Exec flaws, which were exploited in ransomware attacks, to its Known Exploited Vulnerabilities catalog. Unlike other ALPHV affiliates, UNC4466 doesn’t rely on stolen credentials for initial access to victim environments.

Backups

Backups Spyware Ransomware Education

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST.

Passwords

Passwords Authentication Architecture Risk

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

The worst cyber attacks of 2021

Security Affairs

JANUARY 3, 2022

Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? The US Cybersecurity and Infrastructure Security Agency (CISA) also issued the Emergency Directive 21-02 in response to the disclosure of zero-day vulnerabilities in Microsoft Exchange.

Cyber Attacks

Cyber Attacks Ransomware Insurance Hacking

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.”

Ransomware

Ransomware Firmware Antivirus Accountability

Twilio breach let attackers access Authy two-factor accounts of 93 users

Security Affairs

AUGUST 29, 2022

Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. The company has more than 5,000 employees in 17 countries, and its revenues in 2021 are US$2.84 We have since identified and removed unauthorized devices from these Authy accounts.”

Accountability

Accountability Authentication Phishing Data breaches

Cyber Security Roundup for April 2021

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. FatFace CEO Liz Evans released a statement which said “ On 17th January 2021 FatFace identified some suspicious activity within its IT systems. Covid Fraud: £34.5m

Energy and Utilities

Energy and Utilities Ransomware Banking Hacking

Microsoft AI research division accidentally exposed 38TB of sensitive data

Security Affairs

SEPTEMBER 18, 2023

The exposed data exposed a disk backup of two employees’ workstations containing secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. “The researchers shared their files using an Azure feature called SAS tokens, which allows you to share data from Azure Storage accounts.” 5, 2021 Oct.

Accountability

Accountability Backups Risk Passwords

CISA, FBI, NSA warn of the increased globalized threat of ransomware

Security Affairs

FEBRUARY 12, 2022

and Australia have published a joint advisory warning of an increased globalised threat of ransomware worldwide in 2021. Almost any sector was hit by sophisticated, high-impact ransomware attacks, including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors.

Ransomware

Ransomware Backups Encryption Accountability

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

.” The PIN provides a series of examples of ransomware attacks impacting food and agriculture sector businesses, such as an attack that took place in January 2021 against an identified US farm that resulted in losses of approximately $9 million due to the disruption of the farming operations. Disable hyperlinks in received emails.

Ransomware

Ransomware Passwords Backups Firmware

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Regularly back up data, password protect backup copies offline. Avoid reusing passwords for multiple accounts.

Ransomware

Ransomware DDOS Passwords Backups

FBI issued a flash alert on Lockbit ransomware operation

Security Affairs

FEBRUARY 5, 2022

The LockBit ransomware gang has been active since September 2019, in June 2021 the group announced the LockBit 2.0 ” The FBI flash alert also includes mitigations to prevent LockBit ransomware infections: Require all accounts with password logins (e.g., Like other ransomware gangs, Lockbit 2.0

Ransomware

Ransomware Backups Encryption Accountability

Google disrupts the Glupteba botnet

Security Affairs

DECEMBER 7, 2021

The IT giant also removed 1,183 Google accounts, 908 cloud projects, and 870 Google Ads accounts used by the operators. Glupteba disruption over last year: 63M Google Docs 1,183 Google Accounts, 908 Cloud Projects, and 870 Google Ads accounts. — Shane Huntley (@ShaneHuntley) December 7, 2021. .

Backups

Backups Advertising Accountability Malware

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

Security Affairs

AUGUST 9, 2021

The Australian Cyber Security Centre (ACSC) warns of a surge of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021. The Australian Cyber Security Centre (ACSC) warns of an escalation in LockBit 2.0 ransomware attacks against Australian organizations in multiple industry sectors starting July 2021.

Ransomware

Ransomware Retail Manufacturing Encryption

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Security Affairs

FEBRUARY 14, 2022

Secret Service (USSS) to provide information on BlackByte ransomware. As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).” ” reads the advisory.

Ransomware

Ransomware Accountability Firmware Antivirus

NYT Journalist’s iPhone infected twice with NSO Group’sPegasus spyware

Security Affairs

OCTOBER 25, 2021

Threat actors infected the iPhone of New York Times journalist Ben Hubbard with NSO Group’s Pegasus spyware between June 2018 to June 2021. The device was compromised two times, in July 2020 and June 2021. “The deleted items all had timestamps greater than June 9, 2021 11:56:46 GMT and less than June 16, 2021 8:46:17 GMT.

Spyware

Spyware Hacking Backups Accountability

Vice Society ransomware also exploits PrintNightmare flaws in its attack

Security Affairs

AUGUST 13, 2021

The PrintNightmare flaws (tracked as ( CVE-2021-1675 , CVE-2021-34527 , and CVE-2021-36958 ) reside in the Windows Print Spooler service, print drivers, and the Windows Point and Print feature. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Ransomware

Ransomware Backups Education Malware

Microsoft experts linked the Raspberry Robin malware to Evil Corp operation

Security Affairs

JULY 29, 2022

The malware uses TOR exit nodes as a backup C2 infrastructure. The malware was first spotted in September 2021, the experts observed Raspberry Robin targeting organizations in the technology and manufacturing industries. Around November 2021, DEV-0243 started to deploy the LockBit 2.0 exe to execute a malicious command.

Malware

Malware Backups Manufacturing Accountability

DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure

Security Affairs

FEBRUARY 10, 2023

Threat actors generate domains, personas, and accounts; and identify cryptocurrency services to conduct their ransomware operations. Threat actors use various exploits of common vulnerabilities, including CVE 2021-44228 , CVE-2021-20038 , and CVE-2022-24990. They communicate with victims via Proton Mail email accounts.

Ransomware

Ransomware Healthcare Cryptocurrency Government

Microsoft: Raspberry Robin worm already infected hundreds of networks

Security Affairs

JULY 3, 2022

The malware uses TOR exit nodes as a backup C2 infrastructure. The malware was first spotted in September 2021, the experts observed Raspberry Robin targeting organizations in the technology and manufacturing industries. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.

Manufacturing

Manufacturing Malware Backups Technology

Audio equipment maker Bose Corporation discloses a ransomware attack

Security Affairs

MAY 25, 2021

. “I am writing to inform you that Bose Corporation, located at The Mountain Road, Framingham, MA 01701, experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across Bose’s environment. systems on March 7, 2021.” Changed access keys for all service accounts.

Ransomware

Ransomware Malware Cyber Attacks Backups

Microsoft Fights Off Another Record DDoS Attack as Incidents Soar

eSecurity Planet

JANUARY 28, 2022

Microsoft in November fended off a massive distributed denial-of-service (DDoS) attack in its Azure cloud that officials said was the largest ever recorded, the latest in a wave of record attacks that washed over the IT industry in the second half of 2021. As in the first six months, most attacks were short-lived.

DDOS

DDOS IoT Engineering DNS

Conti ransomware gang targets Microsoft Exchange servers with ProxyShell exploits

Security Affairs

SEPTEMBER 3, 2021

The three vulnerabilities used in ProxyShell attacks are: CVE-2021-34473 – Pre-auth Path Confusion leads to ACL Bypass (Patched in April by KB5001779 ) CVE-2021-34523 – Elevation of Privilege on Exchange PowerShell Backend (Patched in April by KB5001779 ) CVE-2021-31207 – Post-auth Arbitrary-File-Write leads to RCE (Patched in May by KB5003435 ).

Ransomware

Ransomware Backups Hacking Encryption

Security Affairs newsletter Round 303

Security Affairs

FEBRUARY 28, 2021

Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com Experts warn of threat actors abusing Google Alerts to deliver unwanted programs FBI warns of the consequences of telephony denial-of-service (TDoS) attacks An attacker was able to siphon audio feeds from multiple Clubhouse rooms Georgetown County has yet to recover from a sophisticated (..)

Spyware

Spyware Backups Manufacturing Data breaches

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications

Telecommunications Authentication Passwords Accountability

‘doorLock’ – A persistent denial of service flaw affecting iOS 15.2 – iOS 14.7

Security Affairs

JANUARY 3, 2022

Spiniolas speculates that Apple is aware of the flaw since August 10, 2021, but the IT giant has yet to address it. The only way to recover the removed data will be to restore a working backup. Restoring a device and signing back into the iCloud account linked to the HomeKit device will again trigger the bug.

Accountability

Accountability Backups Hacking Ransomware

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

In March 2021, government experts observed state sponsored hackers scanning the internet for servers vulnerable to the above flaws, the attackers were probing systems on ports 4443, 8443, and 10443. Regularly back up data, air gap, and password protect backup copies offline. Implement network segmentation.

Passwords

Passwords Government Firmware Accountability

Raspberry Robin spreads via removable USB devices

Security Affairs

MAY 7, 2022

“Raspberry Robin is Red Canary’s name for a cluster of activity we first observed in September 2021 involving a worm that is often installed via USB drive.” The malware uses TOR exit nodes as a backup C2 infrastructure. ” reads the advisory published by Red Canary. exe to execute a malicious command.

Malware

Malware Backups Manufacturing Hacking

Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA

Security Affairs

SEPTEMBER 1, 2021

. “Although FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday, malicious cyber actors have launched serious ransomware attacks during other holidays and weekends in 2021.” Securing and monitoring Remote Desktop Protocol endpoints.

Ransomware

Ransomware Risk Encryption Passwords

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The malware uses TOR exit nodes as a backup C2 infrastructure. The malware was first spotted in September 2021, the experts observed it targeting organizations in the technology and manufacturing industries. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.

Government

Government Malware Telecommunications Cybercrime

Ongoing Raspberry Robin campaign leverages compromised QNAP devices

Security Affairs

JULY 9, 2022

The malware uses TOR exit nodes as a backup C2 infrastructure. The malware was first spotted in September 2021, the experts observed Raspberry Robin targeting organizations in the technology and manufacturing industries. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.

Malware

Malware Manufacturing Backups Technology

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Security Affairs

OCTOBER 27, 2022

The malware uses TOR exit nodes as a backup C2 infrastructure. The malware was first spotted in September 2021, the experts observed Raspberry Robin targeting organizations in the technology and manufacturing industries. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.

Ransomware

Ransomware Malware Data collection Encryption

Pegasus Project – how governments use Pegasus spyware against journalists

Security Affairs

JULY 19, 2021

As part of The Pegasus Project, the experts identified that at least 180 journalists in 20 countries were the targets of a massive surveillance activity with NSO spyware between 2016 to June 2021. The evidence demonstrates that governments used Pegasus to intimidate journalists and critical media. Exposing Pegasus infrastructure.

Spyware

Spyware Government Surveillance Media

Epsilon Red – our research reveals more than 3.5 thousand servers are still vulnerable

Security Affairs

JUNE 25, 2021

This specific ransomware variant is attempting to propagate using a variety of recently discovered Microsoft Exchange server vulnerabilities, such as CVE-2020-1472 , CVE-2021-26855 , CVE-2021-27065 to drop ransomware on the affected hosts. This includes the use of zero-knowledge online backup of crucial information.

Antivirus

Antivirus Ransomware Backups Encryption

How to Develop an Incident Response Plan

eSecurity Planet

DECEMBER 9, 2021

See our top picks for the Best Incident Response Tools and Software for 2021. For example, we might nominate: The IT security manager to handle a ransomware incident; Our external accountant to investigate financial fraud; or. The building manager to handle threats to physical security at a specific office.

Insurance

Insurance Backups Data breaches Ransomware

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The malware uses TOR exit nodes as a backup C2 infrastructure. The malware was first spotted in September 2021, the experts observed it targeting organizations in the technology and manufacturing industries. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL.

Government

Government Malware Telecommunications Cybercrime

The ultimate guide to Cyber risk management

CyberSecurity Insiders

FEBRUARY 2, 2022

Ambitious information security experts serve as a critical part of cyber risk management. The corporation is responsible for structuring IT and information security activities to protect its data resources, such as hardware, software, and procedures. Information. Traditional Components. SecSDLC Components.

Cyber Risk

Cyber Risk Risk Architecture Identity Theft

School district IT leaders grade their handling of past malware attacks

SC Magazine

MARCH 15, 2021

Information security leaders at these two districts shared their war stories last week at the K-12 Cybersecurity Leadership Symposium, hosted by the K12 Security Information Exchange (K12 SIX) – the first-ever ISAC specifically created with local school districts in mind.

Malware

Malware Backups Education Ransomware

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

According to Coveware, a company that offers incident response services to organizations impacted by ransomware attacks, Conti is the second most common ransomware family that victim organizations have reported in the first quarter of 2021. Avoid reusing passwords for multiple accounts. Focus on cyber security awareness and training.

Healthcare

Healthcare Ransomware Encryption Passwords

15 Best Cybersecurity Blogs To Read

Spinone

OCTOBER 10, 2019

Here you can find security-related news on many topics: Apps, IoT, Cloud, and much more. DarkReading Twitter account has more than 200k followers, a very solid number for the cybersecurity industry. Security Through Education Security Through Education is one of the best information security blogs.

Cybersecurity

Cybersecurity IoT Antivirus Education

Common Techniques Hackers Use to Penetrate Systems and How to Protect Your Organization

ForAllSecure

APRIL 26, 2023

of polled executives report that their organizations' accounting and financial data were targeted by cyber adversaries.” ” And, “Nearly half (48.8%) of C-suite and other executives expect the number and size of cyber events targeting their organizations’ accounting and financial data to increase in the year ahead.”

Social Engineering

Social Engineering Passwords Engineering Software

Ransomware world in 2021: who, how and why

SecureList

MAY 12, 2021

Botmasters and account resellers are tasked with providing initial access inside the victim’s network. For a more detailed overview we chose two of the most noteworthy Big Game Hunting ransomware in 2021. REvil operators have demanded the highest ransoms in 2021. The first one is the REvil (aka Sodinokibi) gang.

Ransomware

Ransomware Encryption Malware Cybercrime

The Biggest Lessons about Vulnerabilities at RSAC 2021

eSecurity Planet

MAY 28, 2021

We look at three RSAC 2021 sessions and some of the most daunting vulnerabilities presented by the SANS Institute, Cybersecurity and Infrastructure Security Agency (CISA), and Varonis Systems. Also Read: And the Winner of the 2021 RSA Innovation Contest is… SANS: Five dangerous new attack techniques and vulnerabilities.

Software

Software Firmware DNS VPN

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

Webroot

FEBRUARY 10, 2022

Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be compromised by ransomware in 2021. In our 2021 Webroot BrightCloud ® Threat Report , we found overall infection rates to be rising fastest in the healthcare, non-profit and arts/entertainment/recreation industries.

Ransomware

Ransomware Small Business Backups Threat Reports

ALPHV/BlackCat ransomware affiliate targets Veritas Backup solution bugs

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

Webinars

Trending Sources

Top 10 web application vulnerabilities in 2021–2023

Webinars

The worst cyber attacks of 2021

Ranzy Locker ransomware hit tens of US companies in 2021

Twilio breach let attackers access Authy two-factor accounts of 93 users

Cyber Security Roundup for April 2021

Microsoft AI research division accidentally exposed 38TB of sensitive data

CISA, FBI, NSA warn of the increased globalized threat of ransomware

FBI warns of ransomware attacks targeting the food and agriculture sector

Avoslocker ransomware gang targets US critical infrastructure

FBI issued a flash alert on Lockbit ransomware operation

Google disrupts the Glupteba botnet

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

BlackByte ransomware breached at least 3 US critical infrastructure organizations

NYT Journalist’s iPhone infected twice with NSO Group’sPegasus spyware

Vice Society ransomware also exploits PrintNightmare flaws in its attack

Microsoft experts linked the Raspberry Robin malware to Evil Corp operation

DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure

Microsoft: Raspberry Robin worm already infected hundreds of networks

Audio equipment maker Bose Corporation discloses a ransomware attack

Microsoft Fights Off Another Record DDoS Attack as Incidents Soar

Conti ransomware gang targets Microsoft Exchange servers with ProxyShell exploits

Security Affairs newsletter Round 303

China-linked threat actors have breached telcos and network service providers

‘doorLock’ – A persistent denial of service flaw affecting iOS 15.2 – iOS 14.7

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Raspberry Robin spreads via removable USB devices

Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA

Raspberry Robin malware used in attacks against Telecom and Governments

Ongoing Raspberry Robin campaign leverages compromised QNAP devices

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Pegasus Project – how governments use Pegasus spyware against journalists

Epsilon Red – our research reveals more than 3.5 thousand servers are still vulnerable

How to Develop an Incident Response Plan

Raspberry Robin malware used in attacks against Telecom and Governments

The ultimate guide to Cyber risk management

School district IT leaders grade their handling of past malware attacks

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

15 Best Cybersecurity Blogs To Read

Common Techniques Hackers Use to Penetrate Systems and How to Protect Your Organization

Ransomware world in 2021: who, how and why

The Biggest Lessons about Vulnerabilities at RSAC 2021

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

Stay Connected