Backups, Information Security and Internet

ALPHV/BlackCat ransomware affiliate targets Veritas Backup solution bugs

Security Affairs

APRIL 4, 2023

An ALPHV/BlackCat ransomware affiliate was spotted exploiting vulnerabilities in the Veritas Backup solution. An affiliate of the ALPHV/BlackCat ransomware gang, tracked as UNC4466, was observed exploiting three vulnerabilities in the Veritas Backup solution to gain initial access to the target network. CVSS score: 8.1).

Backups

Backups Ransomware Authentication Penetration Testing

Topic-specific policy 7/11: backup

Notice Bored

OCTOBER 19, 2021

when I read the recommendation for a topic-specific policy on backup. If you already have a backup policy (or something with a vaguely similar title), I urge you to dig it out at this point and study it (again!) Is your backup policy exclusively about backing up computer data , most likely digital data from corporate IT systems?

Backups

Backups Risk Internet Internet

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

Security Affairs

SEPTEMBER 22, 2022

Threat actors targeted tens thousands of unauthenticated Redis servers exposed on the internet as part of a cryptocurrency campaign. The tool is not designed to be exposed on the Internet, however, researchers spotted tens thousands Redis instance publicly accessible without authentication. ” warns Censys. bash_history).

Cryptocurrency

Cryptocurrency Internet Internet Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

No, the AWS bomb plot likely wouldn’t have shut down large parts of the internet

SC Magazine

APRIL 12, 2021

A potential plot to bomb a datacenter run by the world’s largest cloud infrastructure provider would likely not have resulted in a massive shutdown for large portions of the internet, despite claims to the contrary made by the would-be attacker, experts say. But it wouldn’t break the internet, or anything even close to it.

Internet

Internet Internet Backups Media

Clorox counts the cost of cyberattack

Malwarebytes

FEBRUARY 5, 2024

Add to that the suspicion that the ransom was paid, and we can conclude that backups were perhaps insufficient or not readily deployable. Another indication that things may not have been up to par was the chief information security officer (CISO) leaving in November, while the company was still recovering from the cyberattack.

Backups

Backups Ransomware CISO Malware

Microsoft Patches Six Zero-Day Security Holes

Krebs on Security

JUNE 8, 2021

“This can be hugely damaging in the event of ransomware attacks, where high privileges can enable the attackers to stop or destroy backups and other security tools,” Breen said. So do yourself a favor and backup before installing any patches.

Backups

Backups Cyber threats Ransomware Phishing

A ransomware attack took 100 Romanian hospitals down

Security Affairs

FEBRUARY 13, 2024

Identify affected systems and immediately isolate them from the rest of the network as well as from the Internet Keep a copy of the ransom message and any other communications from the attackers. This information is useful to the authorities or for further analysis of the attack Do not shut down the affected equipment.

Ransomware

Ransomware Backups Encryption Healthcare

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Joseph Steinberg

APRIL 21, 2022

Data that must remain private simply cannot be readable by unauthorized parties – and that rule applies both when the relevant information is at rest on an internal server, in the cloud, or on some backup media, as well as when it is in transit over any form of network or other means of communication.

Encryption

Encryption Cybersecurity Artificial Intelligence Backups

DIVD discloses three new unpatched Kaseya Unitrends zero-days

Security Affairs

JULY 27, 2021

Experts found three new zero-day flaws in the Kaseya Unitrends service and warn users to avoid exposing the service to the Internet. Security researchers warn of three new zero-day vulnerabilities in the Kaseya Unitrends service. ” reads the advisory.

Backups

Backups Financial Services Internet Internet

Kodi discloses data breach after its forum was compromised

Security Affairs

APRIL 14, 2023

“In the last 24 hours we became aware of a dump of the Kodi user forum (MyBB) software being advertised for sale on internet forums. The account was used to create database backups which were then downloaded and deleted. It also downloaded existing nightly full-backups of the database.

Data breaches

Data breaches Backups Passwords Accountability

Frost & Sullivan databases available for sale on a hacker forum

Security Affairs

JUNE 24, 2020

firm Frost & Sullivan suffered a data breach, data from an unsecured backup that were exposed on the Internet was sold by a threat actor on a hacker forum. “The breach occurred to a misconfigured backup directory on one of Frost and Sullivan public-facing servers. ” reported BleepingComputer.

Data breaches

Data breaches Backups Advertising Hacking

University of Utah pays a $457,000 ransom to ransomware gang

Security Affairs

AUGUST 21, 2020

The University was able to recover the operations from the backups, but decided to pay the ransom to avoid having ransomware operators leak student information online. “This was done as a proactive and preventive step to ensure information was not released on the internet. ” continues the statement.

Ransomware

Ransomware Cyber Insurance Insurance Advertising

ENISA publishes Cybersecurity guide for SMEs

Security Affairs

JULY 6, 2021

The surface of attack for SMEs was enlarged, many of them took business continuity measures, such as adopting cloud services, improving their internet services, upgrading their websites and enabling staff to work remotely. During the COVID-19 pandemic, most of organizations increased their presence online, enlarging their surface of attacks.

Cybersecurity

Cybersecurity Backups Hacking Internet

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

CyberSecurity Insiders

SEPTEMBER 24, 2021

Even with high-level security measures, no one is safe from such threats. That is why most companies hire professional information security services to mitigate the risks arising from data breaches. The Internet network is vulnerable as cybercriminals are lurking online, waiting to intercept loopholes for hacking systems.

Cybersecurity

Cybersecurity Data breaches Backups Firewall

Cybersecurity Management Lessons from Healthcare Woes

eSecurity Planet

MAY 30, 2024

UGH admits to paying $22 million to the ALPHV (aka: BlackCat) ransomware-as-a-service (RaaS) group to prevent patient records from being leaked to the internet. million patient’s information caused by a third party tracker installed on the Kaiser patient portal. billion in advanced financing to thousands of providers by April.

Healthcare

Healthcare Cybersecurity Backups Ransomware

Google disrupts the Glupteba botnet

Security Affairs

DECEMBER 7, 2021

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes.

Backups

Backups Advertising Accountability Malware

US cyber and law enforcement agencies warn of Phobos ransomware attacks

Security Affairs

MARCH 2, 2024

They dropped hidden payloads or used internet protocol (IP) scanning tools, such as Angry IP Scanner, to search for vulnerable Remote Desktop Protocol (RDP) ports or by leveraging RDP on Microsoft Windows environments. Phobos is also able to identify and delete data backups. Phobos operators used WinSCP and Mega.io

Ransomware

Ransomware Backups Healthcare Firewall

BlackCat ransomware targets another healthcare facility

Malwarebytes

FEBRUARY 22, 2023

In December, 2022, the Office of Information Security and Health Sector Cybersecurity Coordination Center issued an extensive Analyst Note which identified BlackCat as a "relatively new but highly-capable" ransomware threat to health care providers. Create offsite, offline backups. Detect intrusions.

Healthcare

Healthcare Ransomware Backups DDOS

QNAP users are recommended to disable UPnP port forwarding on routers

Security Affairs

APRIL 19, 2022

” The vendor also recommends enabling the VPN server function on the user router to access QNAP NAS from the Internet. The vendor also warned customers in January to secure their NAS devices immediately from active ransomware and brute-force attacks. Only use encrypted HTTPS or other types of secure connections (SSH, etc.).

VPN

VPN Internet Internet Firewall

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs

SEPTEMBER 3, 2021

. “Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. The good news is in the latter attack the victims restored its backups.

Ransomware

Ransomware Passwords Backups Firmware

Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition

Security Affairs

JULY 2, 2023

WordPress sites using the Ultimate Member plugin are under attack LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC Avast released a free decryptor for the Windows version of the Akira ransomware Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor miniOrange’s WordPress Social Login and Register plugin (..)

Cybercrime

Cybercrime Hacking Ransomware Malware

Compal, the Taiwanese giant laptop manufacturer hit by ransomware

Security Affairs

NOVEMBER 9, 2020

“According to the Internet PTT, 30% of the computers have been hit. . “According to the Internet PTT, 30% of the computers have been hit. The company is working to recover the impacted systems using the backups. In response to the incident, the company network was shut down to avoid the ransomware from spreading.

Manufacturing

Manufacturing Computers and Electronics Ransomware Media

10 Holiday Cybersecurity Tips for CISOs

Security Boulevard

NOVEMBER 22, 2023

Chief information security officers (CISOs) should proactively implement strategies and protect their infrastructures against hacking months and weeks leading up to this busy time of the year.  Yet, the holiday period is critical for many businesses. Automate digital certificate renewals Expired digital certificates  (e.g.,

CISO

CISO Cybersecurity Phishing Backups

New EwDoor Botnet is targeting AT&T customers

Security Affairs

NOVEMBER 30, 2021

Experts from Qihoo 360’s Network Security Research Lab discovered a new botnet, dubbed EwDoor , that targets AT&T customers using EdgeMarc Enterprise Session Border Controller (ESBC) edge devices that are publicly exposed to the Internet. ” reads the analysis published by Qihoo 360.

DDOS

DDOS Backups Engineering Encryption

Security Affairs newsletter Round 424 by Pierluigi Paganini – International edition

Security Affairs

JUNE 17, 2023

Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9 Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9

Data breaches

Data breaches DDOS Backups Firewall

US CISA releases guidance on how to prevent ransomware data breaches

Security Affairs

AUGUST 21, 2021

. “CISA encourages organizations to adopt a heightened state of awareness and implement the recommendations” CISA recommends organizations to implement included in its fact sheet to prevent cyber attacks, the list of best practices includes: Maintain offline, encrypted backups of data and regularly test your backups Create, maintain, and (..)

Data breaches

Data breaches Ransomware Backups Technology

Microsoft AI research division accidentally exposed 38TB of sensitive data

Security Affairs

SEPTEMBER 18, 2023

The exposed data exposed a disk backup of two employees’ workstations containing secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. “The researchers shared their files using an Azure feature called SAS tokens, which allows you to share data from Azure Storage accounts.”

Accountability

Accountability Backups Risk Passwords

Ukrainian military intelligence service hacked the Russian Federal Taxation Service

Security Affairs

DECEMBER 12, 2023

Ukraine’s defense intelligence directorate (GUR) infected thousands of servers of the Russian tax service w and wiped the databases and backups. ” According to the statement, the military intelligence of Ukraine was also able to capture internet traffic of tax data for the whole of Russia.

Hacking

Hacking Cyber Attacks Backups Government

Fileless SockDetour backdoor targets U.S.-based defense contractors

Security Affairs

FEBRUARY 26, 2022

SockDetour serves as a backup fileless Windows backdoor in case the primary one is removed. “SockDetour is a backdoor that is designed to remain stealthily on compromised Windows servers so that it can serve as a backup backdoor in case the primary one fails,” reads the analsysi published by Palo Alto Networks.

Backups

Backups VPN Healthcare Malware

Deadbolt Ransomware targets Asustor and QNap NAS Devices

Security Affairs

FEBRUARY 24, 2022

Make an immediate backup. The New Zeeland CERT published an advisory to warn of attacks on some internet-facing Asustor models, including AS5104T, AS5304T, AS6404T, AS7004T, AS5202T, AS6302T, and AS1104T. Disable EZ Connect for remote access. Turn off Terminal/SSH and SFTP services.” Fill out the form listed below.

Ransomware

Ransomware Encryption Internet Internet

Attunity data leak: Netflix, Ford, TD Bank data exposed by Open AWS Buckets

Security Affairs

JUNE 29, 2019

The total size is uncertain, but the researcher downloaded a sample of about a terabyte in size, including 750 gigabytes of compressed email backups.” Users’ workstations may be secured against attackers breaking in, but other IT processes can copy and expose the same data valued by attackers.”

Banking

Banking Backups Big data Advertising

CISA, FBI, NSA warn of the increased globalized threat of ransomware

Security Affairs

FEBRUARY 12, 2022

Law enforcement also observed ransomware gangs diversifying approaches to extorting money , such as the use of “triple extortion” by threatening to publicly release stolen sensitive information, while disrupting the victim’s internet access and/or informing the victim’s partners, shareholders, or suppliers about the security breach.

Ransomware

Ransomware Backups Encryption Accountability

Anonymous claims to have hacked German subsidiary of Russian energy giant Rosneft

Security Affairs

MARCH 14, 2022

” The news of the attack was also confirmed by the German Federal Office for Information Security (BSI), the company had reported an IT security incident on Saturday night. But last Friday, the very stable FTP connection broke down because their entire system gave up in the evening and suddenly there was no internet.

Hacking

Hacking DDOS Internet Internet

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

.” Internet of Things. Agriculture may not be the first industry you associate with cybersecurity problems, but we all need to aware of the risks created by connecting this ancient part of our food supply chain to the Internet. The state of IoT is poor enough as it is, security wise. Implement network segmentation.

Ransomware

Ransomware Manufacturing Passwords Internet

New Checkmate ransomware target QNAP NAS devices

Security Affairs

JULY 8, 2022

Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords.” All your data has been encrypted, backups have been deleted. . “A new ransomware known as Checkmate has recently been brought to our attention.

Ransomware

Ransomware Encryption Passwords Internet

Hundreds of network operators’ credentials found circulating in Dark Web

Security Affairs

JANUARY 30, 2024

Highlighting the risk landscape, Resecurity’s Dark Web analysis identified multiple compromised credentials belonging to network engineers that could grant threat actors access to gateways like: enterprise identity and access management (IAM), virtualization systems, various cloud providers, and backup and disaster recovery systems.

Engineering

Engineering Passwords Telecommunications Accountability

ENISA and CERT-EU warns Chinese APTs targeting EU organizations

Security Affairs

FEBRUARY 19, 2023

To prevent such attacks the agencies recommend: Follow the security best practices proposed by vendors to harden their products and manage high privileged accounts and key assets. Block or severely limit egress Internet access for servers or other devices that are seldom rebooted. Adopt a backup strategy.

Government

Government Internet Internet Backups

Kaseya fixed two of the three Kaseya Unitrends zero-days found in July

Security Affairs

AUGUST 26, 2021

Kaseya released security updates address server-side Kaseya Unitrends zero-day vulnerabilities that were reported by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD). A DIVD researcher has identified several vulnerabilities in the Kaseya Unitrends backup product version < 10.5.2.”

Backups

Backups Authentication Financial Services Firewall

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Security Affairs

APRIL 23, 2021

“The Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps need to be updated to the latest available version as well to further secure QNAP NAS from ransomware attacks. The company also recommends updating the Multimedia Console, Media Streaming Add-on, and Hybrid Backup Sync apps to the latest versions.

Ransomware

Ransomware Backups Media Malware

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Security Affairs

APRIL 15, 2024

The Blackjack group is believed to be affiliated with Ukrainian intelligence services that carried out other attacks against Russian targets, including an internet provider and a military infrastructure. The attack brought all 87,000 sensors offline, threat actors also wiped databases, backups, and email servers, a total of 30TB of data.

Malware

Malware Firmware IoT Hacking

Vulnerabilities in Weapons Systems

Schneier on Security

JUNE 8, 2021

Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the internet. And militaries need to have well-developed backup plans, for when systems are subverted. .” That was Bruce’s response at a conference hosted by U.S.

Software

Software Cybersecurity Backups Manufacturing

Details for 1.9M members of Chinese Communist Party Members leaked

Security Affairs

DECEMBER 14, 2020

Pierluigi Paganini. SecurityAffairs – hacking, Chinese Communist Party).

Data breaches

Data breaches Mobile Backups Firewall

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

The infection chain was divided into four stages : The malware was installed through a dropper, a program executed by opening an attachment to a deceptive e-mail, probably a fake pdf or doc file, or executed directly from the Internet, without user interaction, exploiting the exploit described in the point 4.

Malware

Malware Computers and Electronics Encryption Ransomware

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

JANUARY 6, 2020

” Security news site Bleeping Computer reported on the T-Systems Ryuk ransomware attack on Dec. “The other guy he called said he didn’t like it either and called the [chief information officer] at 2:30 a.m., who picked up his cell phone and said shut it off from the Internet.” In our Dec.

Passwords

Passwords Ransomware Password Management Malware

ALPHV/BlackCat ransomware affiliate targets Veritas Backup solution bugs

Topic-specific policy 7/11: backup

Webinars

Trending Sources

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

Webinars

No, the AWS bomb plot likely wouldn’t have shut down large parts of the internet

Clorox counts the cost of cyberattack

Microsoft Patches Six Zero-Day Security Holes

A ransomware attack took 100 Romanian hospitals down

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

DIVD discloses three new unpatched Kaseya Unitrends zero-days

Kodi discloses data breach after its forum was compromised

Frost & Sullivan databases available for sale on a hacker forum

University of Utah pays a $457,000 ransom to ransomware gang

ENISA publishes Cybersecurity guide for SMEs

Top IT Areas You Need to Check to Strengthen Your Cybersecurity

Cybersecurity Management Lessons from Healthcare Woes

Google disrupts the Glupteba botnet

US cyber and law enforcement agencies warn of Phobos ransomware attacks

BlackCat ransomware targets another healthcare facility

QNAP users are recommended to disable UPnP port forwarding on routers

FBI warns of ransomware attacks targeting the food and agriculture sector

Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition

Compal, the Taiwanese giant laptop manufacturer hit by ransomware

10 Holiday Cybersecurity Tips for CISOs

New EwDoor Botnet is targeting AT&T customers

Security Affairs newsletter Round 424 by Pierluigi Paganini – International edition

US CISA releases guidance on how to prevent ransomware data breaches

Microsoft AI research division accidentally exposed 38TB of sensitive data

Ukrainian military intelligence service hacked the Russian Federal Taxation Service

Fileless SockDetour backdoor targets U.S.-based defense contractors

Deadbolt Ransomware targets Asustor and QNap NAS Devices

Attunity data leak: Netflix, Ford, TD Bank data exposed by Open AWS Buckets

CISA, FBI, NSA warn of the increased globalized threat of ransomware

Anonymous claims to have hacked German subsidiary of Russian energy giant Rosneft

FBI warns of ransomware threat to food and agriculture

New Checkmate ransomware target QNAP NAS devices

Hundreds of network operators’ credentials found circulating in Dark Web

ENISA and CERT-EU warns Chinese APTs targeting EU organizations

Kaseya fixed two of the three Kaseya Unitrends zero-days found in July

New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

Vulnerabilities in Weapons Systems

Details for 1.9M members of Chinese Communist Party Members leaked

Wannacry, the hybrid malware that brought the world to its knees

The Hidden Cost of Ransomware: Wholesale Password Theft

Stay Connected