2022, Authentication, Backups and VPN - Cyber Security Informer

From Backup to Backdoor: Exploitation of CVE-2022-36537 in R1Soft Server Backup Manager

Fox IT

FEBRUARY 22, 2023

During a recent incident response case, we found traces of an adversary leveraging ConnectWise R1Soft Server Backup Manager software (hereinafter: R1Soft server software). The adversary used it as an initial point of access and as a platform to control downstream systems connected via the R1Soft Backup Agent.

Backups

Backups Software Authentication Internet

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. Threat actors are wiping NAS and backup devices. We talked about NAS devices and ransomware in the weekly review 37/2022.”

Ransomware

Ransomware Backups VPN Authentication

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. Threat actors are wiping NAS and backup devices. We talked about NAS devices and ransomware in the weekly review 37/2022.”

Ransomware

Ransomware Backups VPN Authentication

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Ransomware: February 2022 review

Malwarebytes

MARCH 10, 2022

In this February 2022 ransomware review, we go over some the most successful ransomware incidents based on both open source and dark web intelligence. Observed since: February 2022 Ransomware note: read_me.html Ransomware extension: <original file name> [vote2024forjb@protonmail[.]com].encryptedJB SFile (Escal). LockBit 2.0.

Ransomware

Ransomware Phishing Accountability Technology

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

Krebs on Security

APRIL 22, 2022

In most cases, this involved social engineering employees at the targeted firm into adding one of their computers or mobiles to the list of devices allowed to authenticate with the company’s virtual private network (VPN). By February 2022, LAPSUS$ had pivoted to targeting high-tech firms based in the United States.

Mobile

Mobile Computers and Electronics VPN Marketing

Venus ransomware targets remote desktop services

Malwarebytes

OCTOBER 20, 2022

Since at least August 2022, Venus has been causing chaos and has become rather visible lately. — MalwareHunterTeam (@malwrhunterteam) October 6, 2022. — MalwareHunterTeam (@malwrhunterteam) October 6, 2022. If you're able to use rate limiting alongside your VPN login too, then so much the better.

Ransomware

Ransomware Encryption VPN Passwords

Portnox Cloud: NAC Product Review

eSecurity Planet

APRIL 19, 2023

Portnox is a private company that specializes in network access security with nearly 1,000 customers and closed a Series A fundraising with Elsewhere Partners for $22 million in 2022. authentication to gather endpoint information for reporting and enforcement. Agents Portnox does not require an agent.

IoT

IoT Authentication VPN Backups

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team is a ransomware and data extortion group that has been active since at least June 2022. The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

QNAP users are recommended to disable UPnP port forwarding on routers

Security Affairs

APRIL 19, 2022

UPnP is an insecure protocol, it uses network UDP multicasts, and doesn’t support encryption and authentication. ” The vendor also recommends enabling the VPN server function on the user router to access QNAP NAS from the Internet. You can schedule updates to avoid interrupting backup/sync or other tasks.

VPN

VPN Internet Internet Firewall

Multiple schools hit by Vice Society ransomware attack

Malwarebytes

JANUARY 15, 2023

One of the primary schools highlighted, Pates Grammar School, was affected on or around the September 28, 2022. Ensure your RDP points are locked down with a good password and multi-factor authentication. Backup your data. Backups are the last line of defence against an attack that encrypts your data.

Ransomware

Ransomware Backups Education VPN

Internet Safety Month: 7 tips for staying safe online while on vacation

Malwarebytes

JUNE 20, 2022

Then make backups of the files in them. Make sure you lock your accounts behind two-factor authentication (2FA). Feel free to use a VPN. But if you still can’t shake the feeling of being “exposed,” use a VPN you trust. Your devices need some prepping, too. Turn off Bluetooth connectivity.

Internet

Internet Internet VPN Scams

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting. Enforce MFA on all VPN connections [ D3-MFA ].

Telecommunications

Telecommunications Authentication Passwords Accountability

US agencies issue warning about DAIXIN Team ransomware

Malwarebytes

OCTOBER 26, 2022

First spotted in June 2022, the DAIXIN Team quickly got the government's attention after executing multiple ransomware attacks against organizations in the health and public health sector. The advisory reports that DAIXIN Team has been seen gaining initial access to victims' systems through their VPN severs. The DAIXIN leak site.

Ransomware

Ransomware Healthcare Phishing VPN

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

The alert includes indicators of compromise (IoCs) associated with BlackCat/ALPHV, as of mid-February 2022. Regularly back up data, air gap, and password-protect backup copies offline. Use multifactor authentication where possible. Consider installing and using a virtual private network (VPN).

Ransomware

Ransomware Antivirus Passwords Malware

Karakurt extortion group: Threat profile

Malwarebytes

JUNE 14, 2022

Mitigate your risk: [link] pic.twitter.com/0ft8mPediO — Jen Easterly (@CISAJen) June 1, 2022. The NCC Group’s Cyber Incident Response Team (CIRT) spotlighted Karakurt activities in February 2022. Known ransom demands ranged from $25K to $13M in Bitcoin. Here are some ways to do that.

Ransomware

Ransomware VPN Accountability Cybercrime

15 Cybersecurity Measures for the Cloud Era

Security Affairs

APRIL 8, 2022

Authentication. Two-factor authentication is another important security measure for the cloud era. Increasingly, passwordless authentication is becoming the norm. When you access the internet through a VPN, your data is encrypted and routed through a secure tunnel. Use a reputable cloud service provider.

Cybersecurity

Cybersecurity Passwords Penetration Testing Encryption

Ransomware reinfections on the rise from improper remediation

Malwarebytes

OCTOBER 1, 2023

Ransomware woes doubled by reinfection after improper remediation In November 2022, a small trades contractor in Alberta, Canada, received an alert for an elevated account running unauthorized commands and dumping credentials. By December 2022, they were encrypted with ransomware again. Small IT teams need something different.

Ransomware

Ransomware Small Business Passwords Malware

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

MAY 2, 2024

Multi-factor authentication : Protects stolen credentials against use by requiring more than a simple username and password combination for access to resources. Passwordless authentication : Eliminates passwords in favor of other types of authentication such as passkeys, SSO, biometrics, or email access. 50% cloud targets.

Cybersecurity

Cybersecurity DDOS Penetration Testing Passwords

Cyber Security Informer

From Backup to Backdoor: Exploitation of CVE-2022-36537 in R1Soft Server Backup Manager

Akira ransomware targets Finnish organizations

Webinars

Trending Sources

Akira ransomware targets Finnish organizations

Webinars

Ransomware: February 2022 review

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

Venus ransomware targets remote desktop services

Portnox Cloud: NAC Product Review

Daixin Team targets health organizations with ransomware, US agencies warn

QNAP users are recommended to disable UPnP port forwarding on routers

Multiple schools hit by Vice Society ransomware attack

Internet Safety Month: 7 tips for staying safe online while on vacation

China-linked threat actors have breached telcos and network service providers

US agencies issue warning about DAIXIN Team ransomware

BlackCat Ransomware gang breached over 60 orgs worldwide

Karakurt extortion group: Threat profile

15 Cybersecurity Measures for the Cloud Era

Ransomware reinfections on the rise from improper remediation

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

Stay Connected