Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. Threat actors are wiping NAS and backup devices. The Finish researchers pointed out that the attack cannot bypass multi-step authentication. concludes the alert.

Ransomware 111

Ransomware Backups VPN Authentication 111

Security Affairs

JANUARY 13, 2024

The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. Threat actors are wiping NAS and backup devices. The Finish researchers pointed out that the attack cannot bypass multi-step authentication. concludes the alert.

Ransomware 86

Ransomware Backups VPN Authentication 86

Security Affairs

MAY 9, 2024

In early January, the software firm reported that threat actors are exploiting two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. is an Authentication Bypass issue that resides in the web component of Ivanti ICS 9.x,

Authentication 98

Authentication Backups Cyber threats Malware 98

Security Affairs

APRIL 28, 2024

The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0

Firewall 108

Firewall Authentication Architecture Backups 108

Security Affairs

NOVEMBER 13, 2023

Bleeping Computer analyzed the leaked data and reported that most of the published data are backups for various systems. Threat actors exploited this vulnerability to hijack existing authenticated sessions and bypass multifactor authentication or other strong authentication requirements.

Ransomware 117

Ransomware Authentication Backups Manufacturing 117

Security Affairs

SEPTEMBER 9, 2022

The plugin allows storing backup files in multiple locations (Destinations) including Google Drive, OneDrive, and AWS. The plugin also allows storing backups via the ‘Local Directory Copy’ option, but experts discovered that this feature isn’t secure and allows unauthenticated users to download any file stored on the server.

Backups 139

Backups Media Authentication Hacking 139

Security Affairs

MAY 12, 2024

Recommendations provided in the report include installing updates promptly, using phishing-resistant multi-factor authentication (MFA), securing remote access software, making backups, and applying mitigations from the #StopRansomware Guide.

Ransomware 113

Ransomware Hacking Healthcare Retail 113

Security Affairs

FEBRUARY 19, 2022

that can allow website subscribers to download the latest database backups, which could potentially contain sensitive data. “The plugin uses custom “nonces” and timestamps to securely identify backups. This info could allow attackers to receive the backup via mail by manipulating the request. score of 8.5)

Backups 88

Backups Authentication Hacking Accountability 88

Security Affairs

FEBRUARY 28, 2023

This flaw impacts multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager. “During a recent incident response case, we found traces of an adversary leveraging ConnectWise R1Soft Server Backup Manager software (hereinafter: R1Soft server software). and 8.6.4.1.

Backups 91

Backups Software Authentication Hacking 91

Security Affairs

JULY 27, 2021

Security researchers warn of three new zero-day vulnerabilities in the Kaseya Unitrends service. The vulnerabilities include remote code execution and authenticated privilege escalation on the client-side. “A DIVD researcher has identified several vulnerabilities in the Kaseya Unitrends backup product version < 10.5.2.”

Backups 106

Backups Financial Services Internet Internet 106

Security Affairs

DECEMBER 17, 2020

Early this month, Evgueni Erchov, Director of IR & Cyber Threat Intelligence at Arete Incident Response, told ZDNet that multiple ransomware gangs are cold-calling victims if they don’t pay the ransom and attempt to restore from backups. Patch operating systems, software, firmware, and endpoints.

Ransomware 139

Ransomware Backups Firmware Accountability 139

Security Affairs

MARCH 2, 2024

If Phobos actors gain successful RDP authentication in the targeted environment, they perform open source research to create a victim profile and connect the targeted IP addresses to their associated companies. Phobos is also able to identify and delete data backups. ” reads the joint CSA.

Ransomware 123

Ransomware Backups Healthcare Firewall 123

Security Affairs

AUGUST 26, 2021

Kaseya Unitrends is a cloud-based enterprise solution that provides affordable, low-maintenance data protection offering to complement existing client backup and recovery solutions. On July 26, security researchers warned of three new zero-day vulnerabilities in the Kaseya Unitrends service. reads the advisory. “Do

Backups 99

Backups Authentication Financial Services Firewall 99

Security Affairs

OCTOBER 19, 2021

The experts noticed that BlackMatter operators wipe or reformat backup data stores and appliances instead of encrypting backup systems. Consider disabling or limiting New Technology Local Area Network Manager (NTLM) and WDigest Authentication. Scanning backups. Minimize the AD attack surface. Secret Service at a U.S.

Ransomware 113

Ransomware Backups Encryption Cybercrime 113

SecureList

MARCH 12, 2024

Broken Authentication 5. Broken Authentication 5. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST. Mitigation: implement authentication and authorization controls according to the role-based access model.

Passwords 108

Passwords Authentication Architecture Risk 108

Security Affairs

NOVEMBER 14, 2021

The first step consists of recommending organizations to follow best practices to neutralize ransomware attack such as set up offline, off-site, encrypted backups. “In addition, educate your staff on the folly of using the same password on different platforms, and consider the many benefits of multifactor authentication.”

Small Business 95

Small Business Ransomware Backups Authentication 95

Security Affairs

MARCH 19, 2022

The report also includes a list of mitigation measures to increase the resilience of company networks: Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (i.e., Regularly back up data, password protect backup copies offline.

Ransomware 98

Ransomware DDOS Passwords Backups 98

Security Affairs

NOVEMBER 20, 2023

“Sirva.com says that all their information worth only $1m. We have over 1.5TB of documents leaked + 3 full backups of CRM for branches (eu, na and au) Sirva Worldwide, Inc. The LockBit ransomware gang has claimed responsibility for the attack on SIRVA, the group has stolen 1.5TB of data and already leaked it.

Data breaches 112

Data breaches Government Hacking Backups 112

Security Affairs

SEPTEMBER 3, 2021

The good news is in the latter attack the victims restored its backups. The FBI provided the following mitigations to protect against ransomware attacks: Regularly back up data, air gap, and password protect backup copies offline. Use multifactor authentication with strong pass phrases where possible.

Ransomware 97

Ransomware Passwords Backups Firmware 97

Security Affairs

DECEMBER 9, 2020

The confidentiality of information in internet communications. Internet communications use the protocol called TCP/IP (Transmission Control Protocol/Internet Protocol), which allows information to be transmitted from one computer to another through a series of intermediate computers and networks. Mutual authentication of interlocutors.

Authentication 100

Authentication Encryption Passwords Social Engineering 100

Security Affairs

APRIL 23, 2021

“The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks. The company also recommends updating the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps to the latest versions.

Ransomware 119

Ransomware Backups Media Malware 119

Security Affairs

AUGUST 29, 2022

Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. Twilio last week announced that that the threat actors also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. Pierluigi Paganini.

Accountability 92

Accountability Authentication Phishing Data breaches 92

Security Affairs

JUNE 8, 2022

“Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.

Telecommunications 96

Telecommunications Authentication Passwords Accountability 96

Security Affairs

MAY 12, 2022

Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. Ensure MSP-customer contracts transparently identify ownership of information and communications technology (ICT) security roles and responsibilities. Enforce multifactor authentication (MFA). Apply updates.

Authentication 81

Authentication Accountability Architecture Backups 81

Security Affairs

SEPTEMBER 1, 2022

47% of these apps contained valid AWS tokens that granted complete access to all private files, including backups, and Amazon S3 buckets in the cloud. “The credentials could expose private authentication data and keys belonging to every banking and financial app using the SDK. were exposed in the cloud.”

B2B 95

B2B Banking Authentication Mobile 95

Security Affairs

JUNE 29, 2019

The total size is uncertain, but the researcher downloaded a sample of about a terabyte in size, including 750 gigabytes of compressed email backups.” UpGuard shared as proof of the leak a Netflix database authentication strings, an invoice for a TD Bank software update, and slides describing a project for Ford.

Banking 91

Banking Backups Big data Advertising 91

Security Affairs

JULY 2, 2023

WordPress sites using the Ultimate Member plugin are under attack LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC Avast released a free decryptor for the Windows version of the Akira ransomware Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor miniOrange’s WordPress Social Login and Register plugin (..)

Cybercrime 87

Cybercrime Hacking Ransomware Malware 87

Security Affairs

JANUARY 17, 2022

” The CPU will address critical vulnerabilities in Oracle Essbase, Graph Server and Client, Secure Backup, Communications Applications, Communications, Construction and Engineering, Enterprise Manager, Financial Services Applications, Fusion Middleware, Insurance Applications, PeopleSoft, Support Tools, and Utilities Applications.

Big data 105

Big data Financial Services Retail Insurance 105

Security Affairs

JANUARY 24, 2024

Threat actors are wiping NAS and backup devices. An unauthenticated, remote attacker can exploit the vulnerability to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user.

Ransomware 108

Ransomware VPN Government Retail 108

Security Affairs

FEBRUARY 10, 2023

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, North Korea-linked APT) The post DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure appeared first on Security Affairs.

Ransomware 81

Ransomware Healthcare Cryptocurrency Government 81

Security Affairs

FEBRUARY 5, 2022

In August, the Australian Cyber Security Centre (ACSC) warned of an escalation in LockBit 2.0 .” The FBI flash alert also includes mitigations to prevent LockBit ransomware infections: Require all accounts with password logins (e.g., ransomware attacks against Australian organizations in multiple industry sectors starting July 2021.

Ransomware 89

Ransomware Backups Encryption Accountability 89

Security Affairs

OCTOBER 26, 2021

Below are the recommended mitigations included in the alert: Implement regular backups of all data to be stored as air gapped, password protected copies offline. Use double authentication when logging into accounts or services. Consider adding an email banner to emails received from outside your organization. Pierluigi Paganini.

Ransomware 129

Ransomware Firmware Antivirus Accountability 129

Security Affairs

AUGUST 9, 2021

” The government experts recommend enabling multifactor authentication (MFA) on all accounts to block to prevent the abuse of stolen credentials, to enforce the Principle of Least Privilege, encrypt sensitive data at rest, segment corporate networks, implement an efficient backup policy, keep your systems up to date.

Ransomware 111

Ransomware Retail Manufacturing Encryption 111

Security Boulevard

JUNE 26, 2022

How Information Security Breaks The Classic IT Model. How does information security fit into the producer/consumer model? In some cases, yes, information security does fit into this in several ways: a. Number of consumers requiring multi-factor authentication for Zero-trust access.

Information Security 98

Information Security Technology Marketing Cyber Insurance 98

Security Affairs

NOVEMBER 23, 2020

.” Threat actors behind the Ragnar Locker ransomware actors first obtain access to a target’s network, then perform reconnaissance to locate network resources and backups in the attempt to exfiltrate sensitive data. Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.

Ransomware 145

Ransomware Encryption VPN Backups 145

Security Affairs

OCTOBER 31, 2022

To restore functionality without having to decrypt files and pay a possible ransom (not recommended), it is always advisable to adequately safeguard backups, adopting backup strategies according to the 3-2-1 rule: keep at least 3 copies of company data in 2 different formats, with 1 copy offline and located off-site.

Malware 98

Malware Computers and Electronics Encryption Ransomware 98

Security Affairs

JANUARY 12, 2023

The information inside the database suggested that trustanduse.com had an active partnership with a Greek supermarket chain called Galaxias as it included its suppliers, information about promotions, receipts, and special access to its website for supermarket employees. Security question should not be overlooked’.

Media 94

Media Accountability Authentication Internet 94