Authentication, Backups, Encryption and Information Security

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

Security Affairs

JANUARY 24, 2023

GoTo is notifying customers that its development environment was breached in November 2022, attackers stole customers’ backups and encryption key. “Upon learning of the incident, we immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement. .

Backups

Backups Encryption Data breaches Passwords

Experts published PoC exploits for Arcserve UDP authentication bypass issue

Security Affairs

JUNE 29, 2023

Data protection firm Arcserve addressed an authentication bypass vulnerability in its Unified Data Protection (UDP) backup software. Data protection vendor Arcserve addressed a high-severity bypass authentication flaw, tracked as CVE-2023-26258, in its Unified Data Protection (UDP) backup software.

Authentication

Authentication Backups Ransomware Software

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

Security Affairs

APRIL 28, 2024

The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0

Firewall

Firewall Authentication Architecture Backups

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

FBI, CISA, NSA published a joint advisory on BlackMatter ransomware operations

Security Affairs

OCTOBER 19, 2021

Like other ransomware operations, BlackMatter also set up its leak site where it publishes data exfiltrated from the victims before encrypting their system. BlackMatter then remotely encrypts the hosts and shared drives as they are found. Minimize the AD attack surface.

Ransomware

Ransomware Backups Encryption Cybercrime

Public Cloud Security Explained: Everything You Need to Know

eSecurity Planet

OCTOBER 16, 2023

Major cloud service providers have generally had good security , so cloud users can be pretty confident in the security of their data and applications if they get their part right. Data encryption in transit guarantees that information stays private while being sent across networks.

Encryption

Encryption DDOS Authentication Firewall

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Regularly back up data, password protect backup copies offline. Use multifactor authentication where possible.

Ransomware

Ransomware DDOS Passwords Backups

The importance of computer identity in network communications: how to protect it and prevent its theft

Security Affairs

DECEMBER 9, 2020

The confidentiality of information in internet communications. Internet communications use the protocol called TCP/IP (Transmission Control Protocol/Internet Protocol), which allows information to be transmitted from one computer to another through a series of intermediate computers and networks. Mutual authentication of interlocutors.

Authentication

Authentication Encryption Passwords Social Engineering

FTC shares guidance for small businesses to prevent ransomware attacks

Security Affairs

NOVEMBER 14, 2021

The first step consists of recommending organizations to follow best practices to neutralize ransomware attack such as set up offline, off-site, encrypted backups. “In addition, educate your staff on the folly of using the same password on different platforms, and consider the many benefits of multifactor authentication.”

Small Business

Small Business Ransomware Backups Authentication

FBI issued a flash alert on Lockbit ransomware operation

Security Affairs

FEBRUARY 5, 2022

enumerates system information to include hostname, host configuration, domain information, local drive configuration, remote shares, and mounted external storage devices. attempts to encrypt any data saved to any local or remote device but skips files associated with core system functions.” ” reads the flash alert.

Ransomware

Ransomware Backups Encryption Accountability

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. Cryptolocker and exploit components.

Malware

Malware Computers and Electronics Encryption Ransomware

15 Cybersecurity Measures for the Cloud Era

Security Affairs

APRIL 8, 2022

Authentication. Two-factor authentication is another important security measure for the cloud era. Increasingly, passwordless authentication is becoming the norm. Not all providers are created equal, and it’s important to do your research to find one that will meet your specific needs and security requirements.

Cybersecurity

Cybersecurity Passwords Penetration Testing Encryption

FBI issued an alert on Ragnar Locker ransomware activity

Security Affairs

NOVEMBER 23, 2020

“The FBI first observed Ragnar Locker1ransomwarein April 2020, when unknown actors used it to encrypt a large corporation’s files for an approximately $11 million ransom and threatened to release 10 TB of sensitive company data,” reads the flash alert. Only use secure networks and avoid using public Wi-Fi networks.

Ransomware

Ransomware Encryption VPN Backups

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” reads the alert published by the FBI.

Ransomware

Ransomware Encryption Passwords Malware

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

“Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. The good news is in the latter attack the victims restored its backups.

Ransomware

Ransomware Passwords Backups Firmware

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Security Affairs

APRIL 23, 2021

(QNAP), a leading computing, networking and storage solution innovator, today issued a statement in response to recent user reports and media coverage that two types of ransomware (Qlocker and eCh0raix) are targeting QNAP NAS and encrypting users’ data for ransom. ” read the advisory published by the vendor.

Ransomware

Ransomware Backups Media Malware

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

Security Affairs

AUGUST 9, 2021

In addition to the encryption of data, victims have received threats that data stolen during the incidents will be published.” Experts warn of active exploitation of the CVE-2018-13379 , a security bug heavily exploited by LockBit to breach networks. ransomware. This activity has occurred across multiple industry sectors.

Ransomware

Ransomware Retail Manufacturing Encryption

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

To each encrypted file, it appends a randomized nine-digit hexadecimal number as an extension. The US agencies recommend not paying the ransom because there is no guarantee to recover the encrypted files and paying the ransomware will encourage the illegal practice of extortion. ” reads the joint advisory. “The

Ransomware

Ransomware Encryption Firmware Backups

Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition

Security Affairs

JULY 2, 2023

WordPress sites using the Ultimate Member plugin are under attack LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC Avast released a free decryptor for the Windows version of the Akira ransomware Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor miniOrange’s WordPress Social Login and Register plugin (..)

Cybercrime

Cybercrime Hacking Ransomware Malware

Top 10 web application vulnerabilities in 2021–2023

SecureList

MARCH 12, 2024

Broken Authentication 5. Broken Authentication 5. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST. Mitigation: implement authentication and authorization controls according to the role-based access model.

Passwords

Passwords Authentication Architecture Risk

Cloud Security: The Shared Responsibility Model

eSecurity Planet

OCTOBER 20, 2022

Its table illustration also goes into more detail and notes Google’s responsibility for hardware, boot, hardened kernel and interprocess communication (IPC), audit logging, network, and storage and encryption of data. However, the customer must secure that data when the environment is active. Data backup.

Backups

Backups Firewall Encryption Software

DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure

Security Affairs

FEBRUARY 10, 2023

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, North Korea-linked APT) The post DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure appeared first on Security Affairs.

Ransomware

Ransomware Healthcare Cryptocurrency Government

QNAP users are recommended to disable UPnP port forwarding on routers

Security Affairs

APRIL 19, 2022

UPnP is an insecure protocol, it uses network UDP multicasts, and doesn’t support encryption and authentication. Only use encrypted HTTPS or other types of secure connections (SSH, etc.). You can schedule updates to avoid interrupting backup/sync or other tasks. For example, change 8080 to 9527.

VPN

VPN Internet Internet Firewall

Emsisoft created a free decryptor for past victims of the BlackMatter ransomware

Security Affairs

OCTOBER 24, 2021

The researchers found a vulnerability in the encryption process implemented in the BlackMatter ransomware that allowed them to recover encrypted files for free. In these cases, we can recover the vast majority of victims’ encrypted data without a ransom payment.

Ransomware

Ransomware Encryption Backups Healthcare

The Top 3 OWASP Threats Your Business Should Address Today

SiteLock

AUGUST 27, 2021

This helps provide an additional layer of security to the form and the website. Broken Authentication and Session Management. Signing in with unique credentials should ensure that their information stays secure, right? During this process, information is sent back and forth between the visitor and the server.

Small Business

Small Business Passwords Authentication Accountability

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

Require phishing-resistant MFA for as many services as possible—particularly for webmail, VPNs, accounts that access critical systems, and privileged accounts that manage backups. If you use Remote Desktop Protocol (RDP), secure and monitor it.

Ransomware

Ransomware VPN Cybercrime Accountability

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Security Affairs

FEBRUARY 14, 2022

“BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers.” Once gained access to the network, threat actors deployed tools to perform lateral movements and escalate privileges before exfiltrating and encrypting files.

Ransomware

Ransomware Accountability Firmware Antivirus

Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA

Security Affairs

SEPTEMBER 1, 2021

After DarkSide actors gained access to the victim’s network, they deployed ransomware to encrypt victim data and—as a secondary form of extortion—exfiltrated the data before threatening to publish it to further pressure victims into paying the ransom demand. Securing and monitoring Remote Desktop Protocol endpoints.

Ransomware

Ransomware Risk Encryption Passwords

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

Security Affairs

SEPTEMBER 22, 2022

The tool is not designed to be exposed on the Internet, however, researchers spotted tens thousands Redis instance publicly accessible without authentication. This may allow hackers to gain server privileges, delete or steal data, or even lead to an encryption extortion, critically endangering normal business services.”

Cryptocurrency

Cryptocurrency Internet Internet Hacking

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

The files are then held for ransom and the victim is threatened by data loss, because of the encryption, and leaking of the exfiltrated data. Files are encrypted with a combination of AES-256 and RSA-4096 via the Microsoft CryptoAPI , as per CrowdStrike. Earlier versions appended the.CONTI extension to encrypted files.

Healthcare

Healthcare Ransomware Encryption Passwords

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

According to open-source reporting, since August 2020, DarkSide actors have been targeting multiple large, high-revenue organizations, resulting in the encryption and theft of sensitive data. Require multi-factor authentication for remote access to OT and IT networks. Implement regular data backup procedures .

Ransomware

Ransomware Healthcare Phishing Risk

Topic-specific policy 4/11: information transfer

Notice Bored

OCTOBER 14, 2021

"Information transfer" is another ambiguous, potentially misleading title for a policy, even if it includes "information security". There is a common factor, however, namely information risk. conversation, emails, network connections and point-to-point links), hence information security is an important consideration.

Information Security

Information Security Risk Media Encryption

School district IT leaders grade their handling of past malware attacks

SC Magazine

MARCH 15, 2021

Information security leaders at these two districts shared their war stories last week at the K-12 Cybersecurity Leadership Symposium, hosted by the K12 Security Information Exchange (K12 SIX) – the first-ever ISAC specifically created with local school districts in mind. ” Rockford Public Schools, Illinois.

Malware

Malware Backups Education Ransomware

NIS2 Framework: Your Key To Achieving Cybersecurity Excellence

Centraleyes

JANUARY 21, 2024

As a global trailblazer in information security and data protection regulation, the EU continues to lead the way in comprehensive cybersecurity standards. The emergence of NIS2 alongside GDPR stems from the acknowledgment that while data protection is vital, it represents just one aspect of cybersecurity.

Cybersecurity

Cybersecurity Energy and Utilities Cyber threats Risk

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

As an example, we could use communications between systems that are not properly encrypted. Improper encryption. Hackers or other malicious sources can intercept poorly encrypted communications on the web. If such processes lack proper authentication steps, they could work as gateways for bigger problems.

IoT

IoT Cybersecurity Manufacturing Internet

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

. “The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks,” continues the advisory. Use multifactor authentication where possible.

Passwords

Passwords Government Firmware Accountability

Group-IB detects a series of ransomware attacks by OldGremlin

Security Affairs

SEPTEMBER 23, 2020

The operators use a suite of custom tools with the ultimate goal of encrypting files in the infected system and holding it for a ransom of about $50,000. As part of post-exploitation activities, OldGremlin used Cobalt Strike to move laterally and obtain authentication data of domain administrator.

Ransomware

Ransomware Phishing Banking Advertising

Building a Ransomware Resilient Architecture

eSecurity Planet

DECEMBER 2, 2022

Servers are encrypted with “ locked” file extensions on files. You have the disaster recovery (DR) site, backups, and storage area network (SAN) snapshots. As you try each one, that pit in your stomach grows as you experience the worst feeling in IT: the realization you have no backup for recovery. Remember those?

Architecture

Architecture Ransomware Backups Firewall

SOC 2 Compliance Checklist

Spinone

JULY 15, 2020

Also, we recommend implementing disaster recovery measures (like a data backup ) to ensure that your data will be available even in case of an emergency. Data encryption is a good measure for protecting the confidentiality of your information. Using encryption and MFA are good practices that help to protect privacy.

Backups

Backups Data breaches Technology Encryption

“Left of Boom” Cybersecurity: Proactive Cybersecurity in a Time of Increasing Threats and Attacks

Cisco Security

OCTOBER 18, 2021

The primary job of the Chief Information Security Officer (CISO) is to exercise continuous diligence in reducing risk, within the risk appetite and risk tolerance of the organization, so that the likelihood of a boom is low, and the corresponding magnitude of harm is limited. In fact, do everything in cybersecurity continuously.

Cybersecurity

Cybersecurity CISO Insurance Risk

Data of 500K patients accessed, stolen after eye clinic ransomware attack

SC Magazine

JUNE 25, 2021

Upon discovery, Prominence reset all user credentials and secured the impacted environment, launching an investigation and data restoration processes from its backup systems. The insurer has also enhanced its information security and processes, in addition to contacting the FBI and regulators.

Ransomware

Ransomware Insurance Hacking Media

Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day

Security Affairs

JANUARY 11, 2023

.” Here’s the full list of flaws addressed by Microsoft Patch Tuesday security updates for January 2023: CVE Title Severity CVSS Public Exploited CVE-2023-21674 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability Important 8.8 No No CVE-2023-21538.NET NET Denial of Service Vulnerability Important 7.5

Internet

Internet Internet Backups Hacking

LastPass: hackers breached the computer of a DevOps engineer in a second attack

Security Affairs

FEBRUARY 27, 2023

“The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.” The backup contains both unencrypted data (i.e. Website URLs) and 256-bit AES-encrypted sensitive (i.e.

Engineering

Engineering Backups Data breaches Passwords

How to Evaluate the True Costs of Multi-Factor Authentication

Duo's Security Blog

JANUARY 27, 2022

Not all multi-factor authentication (MFA) solutions are equal. For a two-factor authentication solution, that may include hidden costs, such as upfront, capital, licensing, support, maintenance, and operating costs. Estimate and plan for how much it will cost to deploy multi-factor authentication to all of your apps and users.

Authentication

Authentication Software Mobile Passwords

What Is a SaaS Security Checklist? Tips & Free Template

eSecurity Planet

APRIL 9, 2024

Data Security & Threat Detection Framework The data security and threat detection framework serves as the foundation for data protection plans, protecting intellectual property, customer data, and employee information. Is data encrypted in transit and at rest?

Risk

Risk Threat Detection Data breaches Encryption

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

Experts published PoC exploits for Arcserve UDP authentication bypass issue

Webinars

Trending Sources

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

Webinars

FBI, CISA, NSA published a joint advisory on BlackMatter ransomware operations

Public Cloud Security Explained: Everything You Need to Know

Avoslocker ransomware gang targets US critical infrastructure

The importance of computer identity in network communications: how to protect it and prevent its theft

FTC shares guidance for small businesses to prevent ransomware attacks

FBI issued a flash alert on Lockbit ransomware operation

Wannacry, the hybrid malware that brought the world to its knees

15 Cybersecurity Measures for the Cloud Era

FBI issued an alert on Ragnar Locker ransomware activity

FBI published a flash alert on Mamba Ransomware attacks

FBI warns of ransomware attacks targeting the food and agriculture sector

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition

Top 10 web application vulnerabilities in 2021–2023

Cloud Security: The Shared Responsibility Model

DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure

QNAP users are recommended to disable UPnP port forwarding on routers

Emsisoft created a free decryptor for past victims of the BlackMatter ransomware

The Top 3 OWASP Threats Your Business Should Address Today

Daixin Team targets health organizations with ransomware, US agencies warn

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

US CISA and FBI publish joint alert on DarkSide ransomware

Topic-specific policy 4/11: information transfer

School district IT leaders grade their handling of past malware attacks

NIS2 Framework: Your Key To Achieving Cybersecurity Excellence

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Group-IB detects a series of ransomware attacks by OldGremlin

Building a Ransomware Resilient Architecture

SOC 2 Compliance Checklist

“Left of Boom” Cybersecurity: Proactive Cybersecurity in a Time of Increasing Threats and Attacks

Data of 500K patients accessed, stolen after eye clinic ransomware attack

Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day

LastPass: hackers breached the computer of a DevOps engineer in a second attack

How to Evaluate the True Costs of Multi-Factor Authentication

What Is a SaaS Security Checklist? Tips & Free Template

Stay Connected