Security Affairs

JUNE 29, 2023

Data protection firm Arcserve addressed an authentication bypass vulnerability in its Unified Data Protection (UDP) backup software. Data protection vendor Arcserve addressed a high-severity bypass authentication flaw, tracked as CVE-2023-26258, in its Unified Data Protection (UDP) backup software.

Authentication 98

Authentication Backups Ransomware Software 98

SecureWorld News

JANUARY 16, 2025

A report from 2023 revealed that 67% of energy and utility companies faced ransomware attacks, with many incidents exploiting unpatched vulnerabilities. Multi-factor authentication (MFA): MFA ensures that access to critical systems is granted only after verifying user credentials through multiple channels.

Energy and Utilities 109

Energy and Utilities IoT Artificial Intelligence Backups 109

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Broken Authentication 5. Broken Authentication 5. Mitigation: implement authentication and authorization controls according to the role-based access model.

Passwords 140

Passwords Authentication Architecture Risk 140

Security Affairs

APRIL 8, 2023

US CISA has added Veritas Backup Exec flaws, which were exploited in ransomware attacks, to its Known Exploited Vulnerabilities catalog. The CVE-2023-26083 flaw in the Arm Mali GPU driver is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report.

Backups 98

Backups Spyware Ransomware Education 98

eSecurity Planet

DECEMBER 18, 2023

And WordPress sites are vulnerable to code injection through plugin Backup Migration. December 11, 2023 Sonar Finds Three Vulnerabilities in Open-Source Firewall pfSense Type of vulnerability: Cross-site scripting and command injection. If a threat actor has the Dataproc IP address, they can access it without authenticating themselves.

Backups 113

Backups Firewall Engineering Software 113

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. Threat actors are wiping NAS and backup devices. The Finish researchers pointed out that the attack cannot bypass multi-step authentication.

Ransomware 137

Ransomware Backups VPN Authentication 137

SecureList

JANUARY 17, 2025

It performs user authentication, version check, configuration setup, and provides the initial environment to process the upper layer protocol (PDU). As a result, the head unit becomes accessible for a long time, switching between an authenticated state and anti-theft mode. The upper layer protocol has a binary format.

Backups 123

Backups Architecture Firmware Software 123

Malwarebytes

MAY 3, 2023

Following criticism, Google has decided to bring end-to-end encryption (E2EE) to its Google Authenticator cloud backups. The search giant recently introduced a feature that allows users back up two-factor authentication ( 2FA ) tokens to the cloud, but the lack of encryption caused some commentators to warn people off using it.

Authentication 98

Authentication Encryption Backups Accountability 98

CyberSecurity Insiders

DECEMBER 21, 2022

However, while few things may be certain in life, with rising global conflicts, a looming recession, and the continued use of weak and breached credentials, we can be sure that more cyberattacks will be on the horizon in 2023.

Social Engineering 134

Social Engineering Passwords Password Management Phishing 134

Malwarebytes

MAY 1, 2025

In 2023, famous YouTube tech personality Linus Sebastian suffered a hack of three different YouTube channels associated with his company, Linus Media Group. These attachments could contain malware that steals passwords, data, and multifactor authentication codes. Create offsite, offline backups. Dont get attacked twice.

Small Business 109

Small Business Cybersecurity Scams Passwords 109

SecureWorld News

NOVEMBER 13, 2024

The MOVEit vulnerability (CVE-2023-34362), first exploited in May 2023, allowed unauthenticated attackers to gain unauthorized access to vulnerable systems. The MOVEit data theft and extortion attacks in May 2023 impacted a significant number of individuals and organizations globally.

Data breaches 117

Data breaches Identity Theft Education Software 117

Malwarebytes

DECEMBER 13, 2023

In November there were 457 total ransomware victims, making it the most active month for ransomware gangs in 2023 so far besides May. The top stories of the month include ALPHV’s shutdown, an increased focus on the healthcare sector, and high-profile attacks on Toyota, Boeing, and more using a Citrix Bleed vulnerability (CVE-2023-4966).

Ransomware 128

Ransomware Healthcare Encryption Backups 128

Anton on Security

JANUARY 3, 2023

We anticipate an increase in targeting of identities that allow cross-platform authentication as actors recognise the value in compromising identities rather than endpoints. ” [A.C. — this this data point is from 2020 , so treat this as a low boundary in 2023. Now, go and read the report!

Cybersecurity 185

Cybersecurity Backups DDOS Ransomware 185

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. Threat actors are wiping NAS and backup devices. The Finish researchers pointed out that the attack cannot bypass multi-step authentication.

Ransomware 124

Ransomware Backups VPN Authentication 124

Thales Cloud Protection & Licensing

MARCH 29, 2023

World Backup Day 2023: Five Essential Cyber Hygiene Tips madhav Thu, 03/30/2023 - 05:54 World Backup Day , celebrated each year on March 31st, is a day created to promote backing up data from your devices. Using multi-factor authentication (MFA) when possible is also recommended.

Backups 71

Backups Encryption Passwords Ransomware 71

NetSpi Executives

DECEMBER 21, 2023

NetSPI has updated Attack Surface Management (ASM) coverage for CVE-2023-42793 and released a Breach and Attack Simulation (BAS) Playbook that allows you to quickly test if you have detection coverage for the TTPS used in a recent campaign by Russian Foreign Intelligence Service Actors also known as APT 29. Let’s talk.

Backups 114

Backups Authentication Internet Internet 114

Thales Cloud Protection & Licensing

OCTOBER 24, 2024

The regulations were most recently updated on November 1, 2023, with phased effective dates starting on December 1, 2023. Update the incident response plan to include procedures such as the internal process for responding to cybersecurity events, recovery from backups, and conducting a root cause analysis after an event.

Financial Services 62

Financial Services Cybersecurity CISO Backups 62

WIRED Threat Level

DECEMBER 7, 2022

The company will also soon support the use of physical authentication keys with Apple ID, and is adding contact verification for iMessage in 2023.

Backups 93

Backups Encryption Authentication Hacking 93

The Last Watchdog

SEPTEMBER 25, 2023

million in 2023, according to IBM’s Cost of a Data Breach Report, and over 700,000 small businesses were targeted in cybersecurity attacks in 2020, according to the Small Business Association. Cloud vendors often handle the security and backup processes automatically, so examine your technology and see if that is the case.

Small Business 222

Small Business Cybersecurity Technology Accountability 222

SecureList

JUNE 26, 2023

In this report, we have analyzed the key threats to small and medium-sized companies in 2022 and 2023, and provided advice on how to stay safe. Malware attacks Between January 1 and May 18, 2023, 2,392 SMB employees encountered malware or unwanted software disguised as business applications, with 2,478 unique files distributed this way.

Cybercrime 123

Cybercrime Phishing Banking Malware 123

Security Affairs

NOVEMBER 13, 2023

The gang claims to have stolen a huge amount of sensitive data from the company and threatens to publish it if Boeing does not contact them within the initial deadline (02 Nov, 2023 13:25:39 UTC, later postponed to 10 Nov, 2023). The attack targeted elements of the parts and distribution business run by its global services division.

Ransomware 138

Ransomware Authentication Backups Manufacturing 138

Malwarebytes

JUNE 9, 2023

Known ransomware attacks by gang, May 2023 This isn't the first time this year a gang has overhauled LockBit and climbed to the top spot on our monthly charts. Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. A new norm? Don’t get attacked twice.

Ransomware 98

Ransomware Education Encryption Software 98

Malwarebytes

NOVEMBER 24, 2023

Known ransomware attacks by ransomware group, October 2023 Mandiant states it is currently tracking four distinct uncategorized groups involved in exploiting this vulnerability. The CVE for the vulnerability known as Citrix Bleed is CVE-2023-4966 ( CVSS score 9.4 Create offsite, offline backups. out of 10).

Government 141

Government Ransomware Backups Software 141

Security Affairs

MAY 9, 2024

Researchers from Juniper Threat Labs reported that threat actors are exploiting recently disclosed Ivanti Connect Secure (ICS) vulnerabilities CVE-2023-46805 and CVE-2024-21887 to drop the payload of the Mirai botnet. The flaw CVE-2023-46805 (CVSS score 8.2) The flaw CVE-2023-46805 (CVSS score 8.2) x and Ivanti Policy Secure.

Authentication 136

Authentication Backups Cyber threats Malware 136

Security Affairs

JANUARY 11, 2023

Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day. One of the flaws addressed this month, tracked as CVE-2023-21674 (CVSS score 8.8), is listed as being in the wild at the time of release. Another issue fixed by Microsoft is the CVE-2023-21549 (CVSS Score 8.8)

Internet 98

Internet Internet Backups Hacking 98

Jane Frankland

MAY 3, 2025

While details remain sparse, reports suggest social engineering tactics like phishing, SIM swapping, and multi-factor authentication (MFA) fatigue attacks may have been used to infiltrate systems. These backups must be secured against unauthorised access and tested frequently to ensure they function as intended.

Cyber Attacks 100

Cyber Attacks Retail Cyber threats Backups 100

Fox IT

FEBRUARY 22, 2023

During a recent incident response case, we found traces of an adversary leveraging ConnectWise R1Soft Server Backup Manager software (hereinafter: R1Soft server software). The adversary used it as an initial point of access and as a platform to control downstream systems connected via the R1Soft Backup Agent.

Backups 69

Backups Software Authentication Internet 69

eSecurity Planet

MAY 27, 2025

While Luna Moth has targeted several industries, the FBI reports that US-based law firms have become a prime target since spring 2023, likely due to the valuable and confidential data they handle. Enable two-factor authentication across all systems. Maintain regular backups of sensitive data.

Phishing 67

Phishing Scams Antivirus Backups 67

CyberSecurity Insiders

MAY 13, 2023

Organizations must prioritize email security measures that block malicious attachments, educate employees about ransomware threats, and establish robust data backup and recovery processes. Email is a primary delivery method for ransomware attacks, with attackers using malicious attachments or links to infect systems.

Phishing 111

Phishing Encryption Education Small Business 111

Security Affairs

MARCH 13, 2025

Notably, they target CVE-2024-1709 (ScreenConnect authentication bypass) and CVE-2023-48788 (Fortinet EMS SQL injection) to infiltrate systems. Encryption is executed using gaze.exe , which disables security tools, deletes backups, and encrypts files with AES-256 before dropping a ransom note.

Ransomware 71

Ransomware Encryption Cryptocurrency Insurance 71

Malwarebytes

DECEMBER 8, 2022

iMessage Contact Key Verification and Security Keys for Apple ID will be available globally in 2023. The feature will start rolling out to the rest of the world in early 2023. For users who opt in, Security Keys strengthen Apple’s two-factor authentication by requiring a hardware security key as one of the two factors.

Backups 98

Backups Encryption Authentication Data breaches 98

Security Affairs

MAY 12, 2024

In December 2023, Elliptic and Corvus Insurance published a joint research that revealed the group accumulated at least $107 million in Bitcoin ransom payments since early 2022. It has been used to attack more than 329 organizations globally and has grown to become the fourth-most active strain of ransomware by number of victims in 2022-2023.”

Ransomware 143

Ransomware Hacking Healthcare Cybercrime 143

Security Affairs

APRIL 28, 2024

“Luckily, I was able to get access to the latest version of SANnav in May 2023 (the latest version was 2.2.2 “Luckily, I was able to get access to the latest version of SANnav in May 2023 (the latest version was 2.2.2 version was sent to Brocade PSIRT in May 2023 and they finally aknowledged the vulnerabilities.

Firewall 126

Firewall Authentication Backups Architecture 126

IT Security Guru

MAY 20, 2024

In 2023, an astonishing 50 per cent of companies in the UK reported experiencing some form of cybersecurity breach or attack. Implement Multi-Factor Authentication Multi-factor authentication (MFA) requires multiple verification methods to access an account online, significantly enhancing protection.

Cybersecurity 131

Cybersecurity Backups Cyber threats Mobile 131

Security Affairs

JANUARY 24, 2024

Threat actors are wiping NAS and backup devices. Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices.

Ransomware 139

Ransomware VPN Government Retail 139

Security Boulevard

JANUARY 3, 2023

We anticipate an increase in targeting of identities that allow cross-platform authentication as actors recognise the value in compromising identities rather than endpoints. ” [A.C. — this this data point is from 2020 , so treat this as a low boundary in 2023. Monitor for events on backups and create alerts for these”.

Cybersecurity 98

Cybersecurity Backups DDOS Ransomware 98

CyberSecurity Insiders

MAY 6, 2021

To those who go for more premium plans, a site backup plan of up to 200GB keeps the data continuity intact at the time of disasters. If possible, turn on 2-factor authentication for important online services. About World Password Day- Every year, the first Thursday in May is being promoted as the World Password Day.

Passwords 128

Passwords Firewall DDOS Malware 128