Accountability, Backups, Firmware and VPN

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

The Daixin Team group gains initial access to victims through virtual private network (VPN) servers. In one successful attack, the attackers likely exploited an unpatched vulnerability in the organization’s VPN server. In another compromise, the group leveraged on compromised credentials to access a legacy VPN server.

Ransomware

Ransomware VPN Cybercrime Accountability

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

Implement network segmentation and maintain offline backups of data to ensure limited interruption to the organization. Regularly back up data, password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. Consider installing and using a VPN.

Ransomware

Ransomware DDOS Passwords Backups

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

SecureWorld News

OCTOBER 8, 2023

Use the 3-2-1 backup rule. Periodically, at least once a quarter, review the security settings of your social media accounts and the apps linked to them. Be vigilant about duplicate accounts of people you know. When configuring your home network, utilize a standard/regular user account with restricted access.

Firmware

Firmware IoT Accountability Passwords

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

The good news is in the latter attack the victims restored its backups. The FBI provided the following mitigations to protect against ransomware attacks: Regularly back up data, air gap, and password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as they are released.

Ransomware

Ransomware Passwords Backups Firmware

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

eSecurity Planet

MARCH 21, 2022

Inactive Accounts and Default Configurations. Hackers gained initial access by brute-forcing an existing account via “a simple, predictable password” to enroll a new device in the MFA procedures, the agencies said. MFA was automatically disabled because the account was inactive for a long period.

VPN

VPN Accountability Authentication Passwords

BlackCat Ransomware gang breached over 60 orgs worldwide

Security Affairs

APRIL 25, 2022

Below are recommended mitigations included in the alert: Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts. Regularly back up data, air gap, and password-protect backup copies offline. Consider installing and using a virtual private network (VPN).

Ransomware

Ransomware Antivirus Passwords Malware

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts using weak passwords. Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords.”

Ransomware

Ransomware Encryption Passwords Internet

How To Set Up a Firewall in 8 Easy Steps + Best Practices

eSecurity Planet

APRIL 30, 2024

Set Secure Firewall Rules & ACLs To prevent unwanted access and ensure effective traffic management, secure your firewall through updating firmware to resolve vulnerabilities and adopting proper configurations prior to installing firewalls in production. Create administrative accounts with read-only access to logs for auditing.

Firewall

Firewall Architecture Firmware Risk

Ransomware: February 2022 review

Malwarebytes

MARCH 10, 2022

Observed since: September 2019 Ransomware note: Restore-My-Files.txt Ransomware extension: lockbit Kill Chain: Brute force attack on a web server containing an outdated VPN service > LockBit Sample hash: 9feed0c7fa8c1d32390e1c168051267df61f11b048ec62aa5b8e66f60e8083af. Use double authentication when logging into accounts or services.

Ransomware

Ransomware Phishing Accountability Technology

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The alert provides a list of mitigations to stay protected from ransomware families: Recommended Mitigations • Regularly back up data, air gap, and password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as they are released. • Consider installing and using a VPN.

Ransomware

Ransomware Encryption Passwords Malware

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

The FBI notice includes the following recommendations: Regularly back up data, air gap, and password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as they are released. Avoid reusing passwords for multiple accounts. Consider installing and using a VPN.

Ransomware

Ransomware Manufacturing Passwords Internet

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

Regularly back up data, air gap, and password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. • Regularly change passwords to network systems and accounts, and avoid reusing passwords for different accounts. .

Passwords

Passwords Government Firmware Accountability

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

“According to open-source reporting, DarkSide actors have previously been observed gaining initial access through phishing and exploiting remotely accessible accounts and systems and Virtual Desktop Infrastructure (VDI) (Phishing [ T1566] , Exploit Public-Facing Application [ T1190 ], External Remote Services [ T1133 ]).[

Ransomware

Ransomware Healthcare Phishing Risk

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

Below is a list of recommended mitigations from the FBI, which it issued along with an alert on Conti ransomware late last week: Regularly back up data, air gap, and password protect backup copies offline. Install updates/patch operating systems, software, and firmware as soon as they are released. Consider installing and using a VPN.

Healthcare

Healthcare Ransomware Encryption Passwords

Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

eSecurity Planet

MARCH 1, 2023

You need to have a reasonable level of trust in the devices connecting to any network, so any policies you can set to require things like antivirus , updated operating systems and VPNs will protect both the network and its users. Limiting use of a device’s administrator account where possible for greater personal device security.

Wireless

Wireless Encryption Authentication IoT

The Biggest Lessons about Vulnerabilities at RSAC 2021

eSecurity Planet

MAY 28, 2021

Prevent Rely solely on offline backups Disallow unnecessary file sharing. From BIOS and firmware to UEFI code, VBOS is an attack vector that requires more attention. While the design of a unified extensible firmware interface (UEFI) overcame BIOS limitations, both components critical to computer operation are an increasing target.

Software

Software Firmware DNS VPN

IoT Secure Development Guide

Pen Test Partners

OCTOBER 9, 2023

There is no concrete method to follow as it will rely on contents of the decomposed design from Step 2, but typical examples might include the following: Intellectual property in the device firmware. Deploy malicious firmware. link] [link] Have a software/firmware update mechanism. Cryptographic keys on the device or pod.

IoT

IoT Firmware Mobile Manufacturing

How to Improve SD-WAN Security

eSecurity Planet

MAY 19, 2022

Most have a handful of built-in security capabilities to offer foundational network security, including Internet Protocol Security (IPsec) virtual private networks ( VPN ), stateful firewalls , and essential threat detection and response. Not every SD-WAN solution is equal, but they all come with some level of security functionality.

Firewall

Firewall Architecture Software Backups

Cyber Security Informer

Daixin Team targets health organizations with ransomware, US agencies warn

Avoslocker ransomware gang targets US critical infrastructure

Webinars

Trending Sources

Beyond the Office: Securing Home Devices and Networks Against Corporate Breaches

Webinars

FBI warns of ransomware attacks targeting the food and agriculture sector

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities

BlackCat Ransomware gang breached over 60 orgs worldwide

New Checkmate ransomware target QNAP NAS devices

How To Set Up a Firewall in 8 Easy Steps + Best Practices

Ransomware: February 2022 review

FBI published a flash alert on Mamba Ransomware attacks

FBI warns of ransomware threat to food and agriculture

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

US CISA and FBI publish joint alert on DarkSide ransomware

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Wireless Security: WEP, WPA, WPA2 and WPA3 Explained

The Biggest Lessons about Vulnerabilities at RSAC 2021

IoT Secure Development Guide

How to Improve SD-WAN Security

Stay Connected