Одну секунду
Что-то сучилось. Попробуйте еще раз.
Ransomware Roundup смотреть последние обновления за сегодня на .
Some ransomware variants go after the master boot record (MBR) of Windows machines to encourage ransom payouts by blocking access to local backups. Cb Defense’s Master Boot Record (MBR) protection prevents full and partial disk encryption that can make restoration from backups impossible. Don't miss out on the future of next generation endpoint security! Follow us and stay up to date on the latest trends, topics and releases. LinkedIn: 🤍 Facebook: 🤍 Twitter: 🤍 Google+: 🤍 Everything you need and more: 🤍 Check out our blog: 🤍 About Carbon Black Hackers: It Takes One to Know One Carbon Black was founded by former members of the U.S. government’s elite team of offensive security hackers. Trained by the NSA and CIA, our founders possessed early insights into the tools and techniques of 21st century cyber hackers. For more than 15 years, our leadership and software have outpaced increasingly sophisticated attacks. Pioneers in the Market We’re delivering a new generation of endpoint security, purposely designed to protect your organization from the most advanced cyberattacks. Our pioneering approach to application control, endpoint detection and response (EDR), and next-generation antivirus (NGAV) has been rigorously tested and proven by highly regarded third-party industry analysts. Some of this recognition is highlighted, below, under Awards. Customer Driven Thirty of the Fortune 100 rely on Carbon Black. Our diverse customer base includes Silicon Valley leaders in internet search, social media, transportation, government, finance, and higher education. Collectively, 3,000+ organizations trust us to protect more than 9 million endpoints around the world. With an eye on empowering every security team and protecting every endpoint, we stand true to our founding vision: To create a world safe from cyberattacks.
Weekly summary of discussions, and best practices on topics such as ransomware, data storage, hyperconverged, backup and disaster recovery (DR), and cloud. Russian Hacker Group APT28 Hit Ukraine with Cobalt Strike and CredoMap Russian hacking group APT28 is exploiting the CVE-2022-30190 vulnerability aka, “Follina”, in new phishing campaigns to install the CredoMap and Cobalt Strike beacons. Threat actors are sending emails with a malicious document named "Nuclear Terrorism A Very Real Threat.rtf.” Opening the document, or viewing it in Windows preview pane, triggers malicious downloads. The malware aims to steal information stored in Chrome, Edge, and Firefox web browsers, such as account credentials and cookies. Finally, it exfiltrates the stolen data using the IMAP email protocol, sending everything to the C2 address, which is hosted on an abandoned Dubai-based site. Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks QNAP has warned its customers that its NAS devices, with non-default configurations, are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution. The vulnerability, identified as (CVE-2019-11043), has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config. Log4Shell exploits Still Being Used to Hack VMWare Servers for Data Exfiltration The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), released a joint advisory warning of continued attempts by threat actors to exploit the Log4Shell flaw “CVE-2021-44228” in VMware Horizon servers to breach target networks. As part of this exploitation, the suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command-and-control (C2). The attackers can also move laterally inside the victim network, obtain access to a disaster recovery network, and collect and exfiltrate sensitive data. Chinese Hackers Use Ransomware as Decoy for Cyber Espionage Two Chinese hacking groups are conducting cyber espionage and stealing intellectual property by deploying ransomware as a decoy to cover up their malicious activities. The two clusters of hacking activity are identified as "Bronze Riverside" (APT41) and "Bronze Starlight" (APT10). Both use a newer version of HUI Loader to deploy remote access trojans, PlugX, Cobalt Strike, and QuasarRAT. The new HUI loader is also capable of hooking Windows API calls, disable Event Tracing for Windows (ETW) and Antimalware Scan Interface. What are Immutable Backups and Why are they Necessary? Immutable backups prevent ransomware from maliciously encrypting business-critical data. This makes immutability a necessary feature for healthcare, law, finance, banks, education, and manufacturing – industries that are constantly being targeted by ransomware. Learn more about immutable backups and why they are necessary. Yodel Confirms Cyberattack is Disrupting Delivery Services for the U.K.-based delivery service company “Yodel” have been disrupted due to a cyberattack that caused delays in parcel distribution and prevented customers from tracking their orders online. The company claimed that no customer payment information had been affected because it does not hold or process this data. Yodel has not published any details of the attack itself, but confirmed there was an incident through an FAQ on its website. 42TB - $149 Air-Gapped & Immutable Veeam, Rubrik, CommVault, Site Recovery Backup & DR appliance 42TB Air-gapped & Immutable Veeam, Rubrik, CommVault, Site Recovery, Backup and DR appliance with Object Lockdown Technology, Ransomware protection for $149 per month in 4-year term. 4-bay 1U Rackmount unit with 3x14TB Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and Native S3 cloud object storage. All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification can be included. For more information, demos, and quotes fill out the form on StoneFly website to get our sales professionals to contact you.
Weekly summary of discussions, and best practices on topics such as ransomware, data storage, hyperconverged, backup and disaster recovery (DR), and cloud. QNAP Warns of New Checkmate Ransomware Targeting NAS Devices QNAP has warned of a new family of ransomware targeting its NAS devices using weak passwords. Threat actors use brute-force attacks to break into accounts with weak passwords in QNAP devices with SMB service enabled. After gaining access, the threat actors can encrypt files in shared folders. QNAP recommends turning off SMB 1 service, using VPN to access the NAS and updating the operating system to the latest version to reduce the attack surface. Read more Quantum Ransomware Attacks Professional Finance Company – 600 Healthcare Organizations Affected Professional Finance Company Inc. (PFC) that aids thousands of healthcare, government, and utility organizations across the U.S. has confirmed that a ransomware attack led to a data breach affecting over 600 healthcare organizations. The attackers accessed crucial files containing critical data before encrypting the PFC’s systems that included patients’ first and last names, addresses, accounts receivable balance and information regarding payments made to accounts. The attackers behind the operations are linked to Conti/Quantum ransomware sub-group and using Cobalt Strike and exfiltration via command-line tools. Read more Ransomware Groups Transition from Cobalt Strike to Brute Ratel Hacking groups and ransomware operations are transitioning from Cobalt Strike to the newer Brute Ratel post-exploitation toolkit to evade detection by EDR and antivirus solutions. Similar to Cobalt Strike, Brute Ratel is an adversarial attack simulation tool that allows attackers to deploy 'Badgers' on remote hosts. These ‘Badgers’ connect back to the attacker's Command and Control server to receive commands to execute previously run commands. This tool is uniquely dangerous in that it was specifically designed to avoid detection by endpoint detection and response (EDR) and antivirus (AV) capabilities. Read more OrBit Stealth Malware Steals Data from Linux Devices Researchers have found a new Linux stealth malware that is stealing information from back doored Linux systems. Dubbed as “OrBit”, the malware hijacks shared libraries to intercept function calls by modifying the LD_PRELOAD environment variable on compromised devices. It can gain persistence by blocking removal attempts and can also be deployed as a volatile implant when copied in shim-memory. After deployment, OrBit hooks to various functions to evade detection, control process behavior, maintain persistence by infecting new processes, and hide network activity that would reveal its presence. Read more NAS Security: What to Expect and How to Secure Your NAS Whether it’s Deadbolt ransomware encrypting thousands of NAS devices, Qlocker or Quantum ransomware exploiting known vulnerabilities in a popular NAS operating system, NAS appliances are always one of the most sought after targets of ransomware attacks. Read our guide on what to expect when it comes to securing your NAS and how to do so effectively. Fake copyright complaints push IcedID malware using Yandex Forms Website owners are being targeted with fake copyright infringement complaints that utilize Yandex Forms to distribute the IcedID banking malware. The threat actors use a website's contact page to send legal threats to convince recipients to download a report of the offending material. These reports allegedly contain proof of DDoS attacks or copyrighted material used without permission but instead infect a target's device with various malware, including BazarLoader, BumbleBee, and IcedID. Read more 100TB SSO NAS Appliance with Automated Ransomware Protection for $7,995 100TB SSO NAS Appliance with built-in Air-gapped and Immutable storage repositories & Power management controller to protect against Ransomware & Malware with Free shipping for $7,995. 8-bay 2U Rackmount appliance with (7x14TB) 56TB enterprise SATA drives, High-Performance Hardware RAID Controller, 8 Core Storage Virtualization engine, 32GB system Memory, 600W Platinum Certified Power Supply. With optional enterprise level data Services such as Snapshot, Tiering, Encryption, Sync & Async, Replication, CIFS/SMB and NFS support, Hot / Cool Blob, Erasure Coding & Cloud integration to S3 AWS/ Azur cloud. 1 Year Warranty, 9x5 Tech Support and Free shipping included.
Ransomware has started to delete and disable shadow copies in order to encourage ransom payouts. Cb Defense’s shadow copy protection prevents the disabling or removing of local backups. To learn more about how Cb Defense future-proofs your ransomware defenses, visit 🤍carbonblack.com/futureproof-ransomware Don't miss out on the future of next generation endpoint security! Follow us and stay up to date on the latest trends, topics and releases. LinkedIn: 🤍 Facebook: 🤍 Twitter: 🤍 Google+: 🤍 Everything you need and more: 🤍 Check out our blog: 🤍 About Carbon Black Hackers: It Takes One to Know One Carbon Black was founded by former members of the U.S. government’s elite team of offensive security hackers. Trained by the NSA and CIA, our founders possessed early insights into the tools and techniques of 21st century cyber hackers. For more than 15 years, our leadership and software have outpaced increasingly sophisticated attacks. Pioneers in the Market We’re delivering a new generation of endpoint security, purposely designed to protect your organization from the most advanced cyberattacks. Our pioneering approach to application control, endpoint detection and response (EDR), and next-generation antivirus (NGAV) has been rigorously tested and proven by highly regarded third-party industry analysts. Some of this recognition is highlighted, below, under Awards. Customer Driven Thirty of the Fortune 100 rely on Carbon Black. Our diverse customer base includes Silicon Valley leaders in internet search, social media, transportation, government, finance, and higher education. Collectively, 3,000+ organizations trust us to protect more than 9 million endpoints around the world. With an eye on empowering every security team and protecting every endpoint, we stand true to our founding vision: To create a world safe from cyberattacks.
Hackers Hit over 130 Organizations in Another Okta Phishing Supply Chain Attack Hackers responsible for a string of recent cyberattacks, including those on Twilio, MailChimp, and Klaviyo, compromised over 130 organizations in the same phishing campaign. The campaign used a phishing kit codenamed '0ktapus' and stole 9,931 login credentials that were used to gain access to corporate networks and systems through VPNs and other remote access devices. Identity credentials and 2FA codes were also stolen from Okta, which is an identity-as-a-service (IDaaS) platform, and were used to carry out subsequent supply chain attacks on customers using these services, like Signal and DigitalOcean. Quantum Ransomware Hits IAD Government Agency in Dominican Republic The Instituto Agrario Dominicano (IAD) has suffered a Quantum ransomware attack that encrypted multiple services and servers throughout the government agency. Four physical and eight virtual servers were affected and most of the information, including databases, email and applications, was compromised. The IAD has told local media that they only had basic security software on their systems, such as antivirus, and lack a dedicated security department. The attackers have asked for more than six hundred thousand dollars in ransom and have threatened to leak sensitive data. RansomEXX Claims Ransomware Attack on Bombardier Recreational Products (BRP) RansomEXX group, notorious for attacking high-profile companies like GIGABYTE, has claimed yet another victim “Bombardier Recreational Products”. After the attack, BRP informed the public of a temporary halt of all operations that impacted production and caused delays in transactions with customers and suppliers. The company confirmed that the hackers breached its systems via a supply chain attack. Shortly after, the RansomEXX gang listed BRP on its leak site along with 29.9GB of files allegedly stolen from the firm. They also provided samples that included non-disclosure agreements, passports and IDs, material supply agreements, and contract renewals. LastPass Source Code Stolen in Data Breach Password management software firm “LastPass”, having more than 30 million users and 85,000 business customers worldwide, has suffered a data breach that led to the theft of source code and technical information. The unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of the source code and some proprietary LastPass technical data. However, LastPass stores sensitive data like passwords in 'encrypted vaults' that can only be decrypted using a customer's master password, which LastPass says was not compromised in this cyberattack. Veeam-Ready Backup and DR Appliance with Onsite and Cloud-Based Immutable Storage Immutable storage follows the Write-Once Read-Many (WORM) framework to prevent changes and modifications to critical data for a user-defined retention period. This protects mission-critical backups, file/S3 object data from ransomware since this data cannot be maliciously encrypted. Learn how you can use a Veeam-ready backup and disaster recovery (DR) appliance to set up policy-based and automated onsite and cloud-based immutable storage. French Hospital Hit by Ransomware Attack – Hackers Demanding $10M in Ransom The Center Hospitalier Sud Francilien (CHSF), a hospital in Paris, has suffered a ransomware attack over the weekend. The attack disrupted the emergency services and surgeries and forced the hospital to refer patients to other healthcare service providers. The security breach forced hospital staff to return to paper and pen as it affected the hospital’s software, the storage systems (in particular medical PACS imaging) and the information systems relating to patient admissions. Threat actors demand a $10 million ransom for the decryption key. Sources confirmed that the attack was launched by an affiliate of LockBit 3.0 RaaS. #Okta #LastPass #Quantum
Ransomware samples are evolving at an accelerated rate, using alternative techniques that allow it to evade traditional defenses that rely on reputation to prevent malicious files. Cb Defense uses file heuristics to expose evasive ransomware variants, including canary files that are benign files that act as bait to lure ransomware. Don't miss out on the future of next generation endpoint security! Follow us and stay up to date on the latest trends, topics and releases. LinkedIn: 🤍 Facebook: 🤍 Twitter: 🤍 Google+: 🤍 Everything you need and more: 🤍 Check out our blog: 🤍 About Carbon Black Hackers: It Takes One to Know One Carbon Black was founded by former members of the U.S. government’s elite team of offensive security hackers. Trained by the NSA and CIA, our founders possessed early insights into the tools and techniques of 21st century cyber hackers. For more than 15 years, our leadership and software have outpaced increasingly sophisticated attacks. Pioneers in the Market We’re delivering a new generation of endpoint security, purposely designed to protect your organization from the most advanced cyberattacks. Our pioneering approach to application control, endpoint detection and response (EDR), and next-generation antivirus (NGAV) has been rigorously tested and proven by highly regarded third-party industry analysts. Some of this recognition is highlighted, below, under Awards. Customer Driven Thirty of the Fortune 100 rely on Carbon Black. Our diverse customer base includes Silicon Valley leaders in internet search, social media, transportation, government, finance, and higher education. Collectively, 3,000+ organizations trust us to protect more than 9 million endpoints around the world. With an eye on empowering every security team and protecting every endpoint, we stand true to our founding vision: To create a world safe from cyberattacks.
References to include within the description: 🤍 🤍 🤍 🤍 🤍 🤍 🤍 🤍
Weekly summary of discussions, and best practices on topics such as ransomware, data storage, hyperconverged, backup and disaster recovery (DR), and cloud. REvil Variant Darkside Attacks Toshiba Tec Group DarkSide ransomware, which cybersecurity experts found to be a REvil variant and also known to have triggered the shutdown of the Colonial pipeline, has attacked the European subsidiaries of the Toshiba Tec Group. The ransomware group hacked Toshiba’s IT systems in France, stole confidential files and claims to have stolen over 740 gigabytes of data that includes information on management, new businesses and personal data. Angry IT admin wipes employer’s databases, gets 7 years in prison Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data using his administrative privileges and “root” access. This crippled large portions of Lianjia’s operations, leaving tens of thousands of employees without salaries for an extended period of time and forcing a data restoration effort that cost $30,000. Microsoft Warns of New PowerShell Wrapper Brute Force Attack Against SQL Servers Microsoft has warned organizations of a new wave of brute force attacks that are targeting SQL servers using an uncommon living-off-the-land binary (LOLBin). The attackers use sqlps.exe, a PowerShell wrapper that supports the execution of SQL-built cmdlets allowing the attackers to run recon commands and to modify the start mode of the SQL service to LocalSystem enabling the malicious activity hidden from detection tools that hinders forensic analysis. What are air-gapped backups? Air-gapping allows users to protect critical backups, snapshots, and replicas from ransomware infection even if production and backup servers are compromised. Learn what air-gapped backups are, what are the advantages, and how you can add air-gapping to your IT systems. PDF smuggles Microsoft Word doc to drop Snake Keylogger malware Experts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. Opening the PDF prompts the user to open a DOCX file contained inside, named "has been verified," creating a file prompt "The file 'has been verified,” tricking recipients into believing that Adobe verified the file as legitimate and that the file is safe to open. The file then runs the Snake Keylogger, a modular info-stealer with powerful persistence, defense evasion, credential access, data harvesting, and data exfiltration capabilities. QNAP alerts NAS customers of new DeadBolt ransomware attacks The Taiwan-based company has asked users to update their NAS devices to the latest software version and ensure that they're not exposed to remote access over the Internet. The QNAP Product Security Incident Response Team (QNAP PSIRT) said the attack targeted NAS devices using QTS 4.3.6 and QTS 4.4.1, and the affected models were mainly TS-x51 series and TS-x53 series. Once deployed on a NAS device, DeadBolt uses AES128 to encrypt files, appending a .deadbolt extension to their names. 100TB-10PB ONLY 1000W $8,900 Air-Gapped & Immutable Veeam, Rubrik, CommVault, Site recovery Backup and DR appliance NO matter 100TB or 10PB - Power ONLY 1000W. Benefits include 1) Low Power consumption, 2) Low cost, 3) Low maintenance, 4) Less Rack Space, 5) Low cooling need and built-in Zero Trust. Green PetaByte Archive (GPA) is a Fully Air-Gapped and Immutable backup and DR appliance with SAN-NAS and S3 Object Lockdown Technology for Ransomware protection & Instant multi VM FastTrack recovery for Starting at $8,900. For hardware specifications and demos, contact us.
Weekly summary of discussions, and best practices on topics such as ransomware, data storage, hyperconverged, backup and disaster recovery (DR), and cloud. Cheerscrypt Ransomware Targets VMware ESXi systems Cheerscrypt, or Cheers, targets VMware ESXi servers in a double extortion attack. The ransomware needs to acquire privileged shell access or otherwise gain the ability to run commands on the host to encrypt the ESXi host. After which, the malware runs an esxcli command to terminate all VMs and seeks to encrypt files with .log, .vmdk, .vmem, .vswp, and .vmsn extensions. BlackCat/ALPHV Ransomware Hits Austrian State Asking $5 Million in Ransom Austrian federal state Carinthia has been hit by the BlackCat ransomware gang, who demanded a $5 million to unlock the encrypted computer systems. The attack has caused severe operational disruption of government services, as thousands of workstations have allegedly been locked by the threat actor. Somerset County Hit by a Ransomware Attack – County Databases Unavailable Somerset County, New Jersey, was hit by a ransomware attack rendering county databases including land records, vital statistics, email, and probate records temporarily unavailable. Phone lines and emergency 911 communications remain unaffected. Clerk and surrogate services that depend on access to county databases were unavailable, while title searches were possible only on paper records dated before 1977. Exploitation of VMware Vulnerability Imminent Following Release of PoC The Host header manipulation vulnerability, tracked as CVE-2022-22972, affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. It allows malicious actors with network access to the UI to bypass authentication. Penetration testing company Horizon3.ai has published a technical deep dive for CVE-2022-22972 and made public a PoC exploit. VMware has updated its initial advisory to inform customers about the availability of a PoC, which further increases the chances of exploitation. Log Archiving: What Challenges to Expect and How to Overcome Them Traditional log archiving systems are built to focus on affordable long-term retention which is why most storage administrators use unreliable and insecure storage hardware such as tape arrays. This approach is costly in terms of time and resources, and risks business IT systems by being vulnerable to ransomware attacks. Enemybot Adds Exploits for Critical VMware Vulnerabilities EnemyBot, a botnet based on code from multiple malwares, is expanding its reach by quickly adding exploits for recently disclosed vulnerabilities in web servers, content management systems, IoT, and Android devices. The ransomware launches distributed denial-of-service (DDoS) attacks and also has modules to scan for new target VMware devices to infect them by leveraging the remote code execution flaw (CVSS: 9.8). The new additions also impact F5 BIG-IP threatening vulnerable endpoints with device takeover. 1PB Fully Air Gapped & Immutable Veeam Backup and DR appliance for $49,995 1PB Fully Air Gapped and Immutable Veeam Backup and DR appliance with Object Lockdown Technology for Ransomware protection & Instant multi VM recovery for $49,995. This powerful 1PB DR365V site in a box leverages Veeam-integration using the built-in Air-Gapped network, power management controller repository and storage controller using fully automated and Veeam integrated isolation technology. Fully Populated 1U, 4 bay head unit plus 60-bay 4U JBOD all filled with total of 64x16TB (1,024 TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 64GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and optional S3 cloud object storage. For more information, visit StoneFly website. For demos and quotes, contact StoneFly sales.
Weekly summary of discussions, and best practices on topics such as ransomware, data storage, hyperconverged, backup and disaster recovery (DR), and cloud. Five Eyes Alliance Issues a Joint Advisory to Warn MSPs About Targeted Cyberattacks The Five Eyes alliance of cybersecurity authorities from the US, UK, Australia, New Zealand, and Canada, has issued a warning to MSPs about cyberattacks that may have "globally cascading effects." According to the advisory, whether the customer's network is hosted on-premises or externally, threat actors can use a vulnerable MSP to gain initial access into multiple victim networks and can compromise the MSP through follow-on activity - such as ransomware and cyber espionage - as well as across the MSP's customer base in a supply chain attack. Read more Researchers Find Iranian Cyberspy Group “Charming Kitten” Launching Attacks on US Organizations Researchers identified that a U.S. philanthropic organization had its network infiltrated by Charming Kitten using previously secured access which then prompted web shell deployment for dropping more files including a file named dllhost.exe. The malicious executable is a Go binary that appears to be in part based on the Fast Reverse Proxy (FRP) code available on GitHub. When executed, the dllhost.exe collects system information and sets up a communication tunnel with the command-and-control (C & C) server. The attack used BitLocker to encrypt workstations at the organization. Read more Post-Exploitation Framework Uses Memory Execution to Target Microsoft Servers A post-exploitation framework “IceApple” is targeting global organizations that use Internet Information Services (ISS) - Microsoft's extensible web server software - and Microsoft Exchange servers since at least 2021. IceApple uses in-memory execution and unique stealth techniques to avoid detection. The malware can leverage the .NET framework and assemblies to target victims. Researchers say that IceApple shows persistence and long-running objectives aimed at intelligence collection, such as credential harvesting, file and directory deletion and data exfiltration. Read more What You Need to Know about Cybersecurity Threats in 2022 Cybersecurity threats are aimed at accessing an organization’s sensitive data. In 2021, cyberattacks were at an all-time high, and they will not be slowing down any time soon. Learn how to protect Your data from cyberthreats in 2022. Read more Pro-Russian Hacktivists Killnet Hit Italian Government Sites in ‘Slow HTTP’ DDoS attacks Pro-Russian hacktivists known as Killnet attempted distributed denial of service (DDoS) attacks against crucial government sites including ministry, parliament, and even army websites using the "Slow HTTP" technique. This method is based on sending one HTTP request at a time to webservers but sets the request at a very slow transmission rate or makes it incomplete, leaving the server waiting for the next request which allocates resources to wait for the remaining data. Too many accumulated requests overwhelm the servers until it can no longer take further requests. Read more Researchers Analyzed the Black Basta Ransomware Infection Routine Black Basta, a new ransomware gang, swiftly rose to prominence in recent weeks after it caused massive breaches to organizations in a short span of time. Researchers found that the ransomware needs admin rights to run. After which, it removes shadow copies, disabled Windows recovery and repair, and boots the PC in safe mode – later encrypting files, creating a registry entry, and demanding ransom. Read more 42TB Physically Isolated and Detachable Veeam Air-Gap Node for $6,995 42TB purpose-built Physically isolated and detachable air-gap node for your mission-critical Veeam backups, snapshots and replicas are Offline by Default and accessible only when the node is in-use. This DR365VIVA leverages Veeam-integration and enable storage administrators to set policies which automatically isolates the nodes using the built-in network and power controller and turns itself off once the backup job is done making it isolated from your production and backup environments. 8-bay 2U Rackmount unit, 3x14TB (42TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Dual Redundant Power Supply, 12Gb SAS Hardware RAID Controller. For details, visit StoneFly website. For demos and quotes, reply to this email.
Weekly summary of discussions, and best practices on topics such as ransomware, data storage, hyperconverged, backup and disaster recovery (DR), and cloud. AMD Investigates Alleged 450 GB Data Theft by RansomHouse Chip manufacturing giant Advanced Micro Devices (AMD) is investigating data breach and theft claims by extortion group RansomHouse. The cybercriminals claim to have stolen more than 450 GB in January. A portion of the stolen data leaked by RansomHouse suggests that AMD employees used weak passwords, with some even using the phrase “password” for sensitive accounts. Examining the sample of the stolen data has revealed AMD passwords, system information and other network files were potentially compromised. Microsoft Exchange Servers Worldwide Hit by Stealthy New Backdoor Researchers have identified new stealth malware, dubbed SessionManager, that threat actors have been using for the past 15 months to backdoor Microsoft Exchange servers belonging to government and military organizations. SessionManager poses as a legitimate module for Internet Information Services (IIS) – which is installed by default on Microsoft Exchange servers. These Malicious IIS modules can deploy powerful, persistent, and stealthy backdoors. Once installed, they will respond to specifically crafted HTTP requests sent by the operator instructing the server to collect emails, harvest credentials, and deliver additional payloads. Legion Launched a Massive DDoS Attack Against Norway Norway’s National Security Authority (NSM) confirmed that a DDoS attack took down some of the country’s most important websites and services. DDoS attack is a special type of cyberattack that causes servers to be overwhelmed by constant requests and garbage traffic, rendering the hosted sites and services inaccessible. The attacks were aimed against large companies that offer essential services to the population. NSM did not explicitly attribute the attacks to a threat actor, but Legion group published on its Telegram channel a list of targeted Norwegian organizations. How to Plan for and Recover from Ransomware Reports suggest that ransomware attacks target a business every 11 seconds. How does ransomware infiltrate a corporate network? How to make sure your critical information is safe from ransomware attacks? And what to do in the event of a successful ransomware attack? Find the answers and more on StoneFly website. AstraLocker 2.0 Infects Users Directly from Email Attachments AstraLocker has recently released its second version that allows rapid attacks and drops payloads directly from email attachments. AstraLocker 2.0 uses a Word document that hides an OLE object with the ransomware payload. The embedded executable uses the filename “WordDocumentDOC.exe”. Astra chooses OLE objects instead of VBA macros and SafeEngine Shielder v2.4.0.0 to pack the executable, which is an old and outdated packer that is very difficult to reverse. An anti-analysis check reveals that the malware can encrypt systems using the Curve25519 algorithm. Microsoft Azure FabricScape Bug Lets Hackers Hijack Linux Clusters Researchers have disclosed details about a new security flaw affecting Microsoft's Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster. Azure Service Fabric is Microsoft's platform-as-a-service (PaaS) and a container orchestrator solution to build and deploy microservices-based cloud applications across clusters. The issue dubbed as FabricScape (CVE-2022-30137), allows access to compromised containers with elevated privileges and gains control of the resource's host SF node and the entire cluster. The issue has been remediated as of June 14, 2022, in Service Fabric 9.0 Cumulative Update 1.0, and Microsoft has asked customers to update their Linux clusters to the most recent Service Fabric release. 400TB Fully Air Gapped & Immutable Veeam Backup and DR appliance for $22,995 400TB Fully Air Gapped and Immutable Veeam backup and DR appliance with Object Lockdown Technology for Ransomware protection & Instant multi VM recovery for $22,995. Fully Populated 36-bay 4U Rackmount unit, 25x16TB (400TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and optional S3 cloud object storage. All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed. For details, demos, and quotes, visit StoneFly website.
Weekly summary of discussions, and best practices on topics such as ransomware, data storage, hyperconverged, backup and disaster recovery (DR), and cloud. Cisco Hacked by Yanluowang Ransomware Gang – Stole 2.8GB of Data Cisco confirmed a cyberattack after threat actors infiltrated an employee's personal Google account that contained passwords synced from web browser. The attacker attempted to bypass multi-factor authentication (MFA) using voice phishing and MFA fatigue. Upon establishing initial foothold, the attacker escalated to administrative privileges to login to several systems including Citrix servers and domain controller using the exploit identified as CVE-2022-24521. The attacker then stole credentials and registries, cleared system logs to cover their tracks, and made changes to host-based firewall configurations to enable RDP access to systems. The attacker claimed to have stolen 2.75GB of data, consisting of non-disclosure agreements, data dumps, and engineering drawings. Read more Zimbra Authentication Bypass Bug Exploited to Breach Servers The Zimbra security vulnerability is being actively exploited to compromise Zimbra Collaboration Suite (ZCS) email servers worldwide. Attackers are abusing a ZCS remote code execution flaw, tracked as CVE-2022-27925, with the help of an authentication bypass bug, tracked as CVE-2022-37042. Successful exploitation allows the attackers to deploy web shells on specific locations of the compromised servers to gain persistent access. Experts have identified over 1,000 ZCS instances backdoored and compromised. Zimbra has advised patching versions older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26. Read more Palo Alto bug used for DDoS attacks and there's no fix yet A high-severity Palo Alto Networks denial-of-service (DoS) vulnerability has been exploited by cybercriminals looking to launch DDoS attacks, and several of the affected products won't have a patch until next week. The vulnerability, tracked as CVE-2022-0028, received an 8.6 out of 10 CVSS score, and it affects PAN OS, the operating system in Palo Alto Networks' network security products. The bug is caused by a URL filtering policy misconfiguration that could allow an external attacker with network access to conduct reflected and amplified TCP denial-of-service attacks. Read more FC SAN vs iSCSI SAN: What’s the difference? Is Fibre Channel (FC) Storage Area Network (SAN) protocol actually faster than iSCSI? Why are most storage vendors so fixated on FC SAN when iSCSI SAN make up most govt. and corporate data centers? Both SAN protocols have their pros and cons, making it worthwhile to take a minute and learn the differences between the two; especially if you’re looking to set up a new SAN environment, or replace/expand an existing one. Read more VMware Warns of Public PoC Code for Critical Authentication Bypass Bug VMware has warned its customers of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw, tracked as CVE-2022-31656, in multiple products. The proof-of-concept (PoC) reveals that a malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. Read more Automotive Supplier Breached by 3 Ransomware Gangs in 2 Weeks An automotive supplier had its systems breached and files encrypted by LockBit, Hive, and ALPHV/BlackCat affiliates network on April 20, May 1, and May 15, respectively. LockBit and Hive distributed their payloads using the PsExec and PDQ Deploy tools within two hours to encrypt and exfiltrate data on more than a dozen systems. Two weeks later, a BlackCat threat actor also connected to the same compromised server and installed the Atera Agent remote access solution and gained persistence on the network while exfiltrating data. Within half an hour, BlackCat delivered its payloads on the network using PsExec to encrypt six machines after moving laterally through the network using compromised credentials. Read more 70TB - $7,995 Air-Gapped & Immutable Veeam, Rubrik, Commvault, site recovery Backup & DR appliance 70TB, expandable up to 4PB, Air-gapped & Immutable Veeam, Rubrik, Commvault, Site Recovery, Backup and DR appliance with Object Lockdown Technology for Ransomware protection for $7,995. 8-bay 2U Rackmount unit with 5x14TB Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and Native S3 cloud object storage. All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are included. For hardware details, demos, and quotes, contact us.
Ransomware roundup for the third week of July - a weekly summary of the latest news and discussions in the ransomware, data protection, data security, storage, and cloud space. For details, visit: 🤍 Top stories this week: 1. Building materials giant Knauf hit by Black Basta ransomware gang 2. Neopets Data Breach Exposes Personal Information of 69 Million Users 3. New Luna Ransomware Encrypts Windows, Linux, and ESXi Systems 4. FC SAN vs iSCSI SAN: What’s the Difference? 5. Hacking Group '8220' Grows its Botnet to Hijack Cloud Compute Resources 6. Candiru Uses Chrome zero-day to infect journalists with spyware Promo of the week: 304TB Fully Air Gapped & Immutable Veeam Backup and DR appliance for $449/month #Knauf #Neopets #Luna
Weekly summary about ransomware, data protection, data security, backup and DR, storage, and cloud. Looking for more details? Here are the links for the stories this week: 🤍 • Cash App Warns 8.2 Million Customers of Insider Breach: 🤍 • VMware reveals a swarm of serious bugs – some critical: 🤍 • New NB65 Hacktivist Group Uses Leaked Conti Source Code to Attack Russian Companies: 🤍 • Spring4Shell flaw is now being used to spread Mirai botnet malware: 🤍 • 8 Things You Can Do to Protect Your Endpoints from Ransomware: 🤍 • British Discount Stationery and Books Retailer “The Works” Hit By Ransomware: 🤍 Promo of the week: 100TB-10PB ONLY 1000W $8900 Air-Gapped & Immutable Veeam, Rubrik, Commvault, site recovery Backup and DR appliance. For more information, visit StoneFly website at 🤍 To schedule a demo or to get hardware specifications, contact StoneFly sales at sales🤍stonefly.com _ Connect with us on our social media: Twitter: 🤍stoneflyinc Facebook: stoneflyinc Linkedin: 🤍
Weekly summary about ransomware, data protection, data security, backup and DR, storage, and cloud. Looking for more details? Here are the links for the stories this week: Microsoft Exchange Servers Hacked to Deploy Hive Ransomware A Hive ransomware affiliate has been targeting Microsoft Exchange servers vulnerable to ProxyShell security issues to deploy various backdoors, including Cobalt Strike beacon. The threat actors perform network reconnaissance, steal admin account credentials, exfiltrate valuable data, ultimately deploying the file-encrypting payload. ProxyShell is a set of three vulnerabilities in the Microsoft Exchange Server that allow remote code execution without authentication on vulnerable deployments. 🤍 FBI: BlackCat Ransomware Breached at least 60 Entities Worldwide FBI says Black Cat ransomware gang, also known as ALPHV, has breached the networks of at least 60 organizations worldwide between November 2021 and March 2022. Black Cat’s ransomware executable, the first-ever malware written in RUST, is highly customizable and comes with support for multiple encryption methods and options that makes it easy to adapt attacks to a wide range of corporate environments. In a flash alert, the FBI has asked admins not to pay the ransom and report any Black Cat related activity to the local FBI office. 🤍 Costa Rican Government Infrastructure Crippled by Conti Ransomware On April 17th, Conti breached the computer systems of Costa Rican Finance Ministry stealing a terabyte of data containing tax payer information. The attack took out the department’s website and forced the government to implement workarounds. Conti later published 850GBs of the stolen data in response to the Costa Rican government’s refusal to pay the $10 million ransom. 🤍 FBI Warns of 'timed' Ransomware Attacks on Agriculture Sector In a recent alert, the FBI warned that food and agriculture businesses could become a target of ransomware attacks at the sector's busiest times of the year. The warning describes why agricultural groups like co-ops are at a great risk, the impacts potential ransomware attacks could have on the country, and cites several instances in which different agriculture sector organizations across the country have been targeted by ransomware in both the planting and harvesting seasons. 🤍 What You Need to Know About Cybersecurity Threats in 2022 A comprehensive guide that covers how cyberthreats gain access to your network and maliciously encrypt sensitive data and how to protect your digital assets from them. 🤍 Promo of the week: 100TB-10PB ONLY 1000W $8900 Air-Gapped & Immutable Veeam, Rubrik, Commvault, site recovery Backup and DR appliance. For more information, visit StoneFly website at 🤍 To schedule a demo or to get hardware specifications, contact StoneFly sales at sales🤍stonefly.com _ Connect with us on our social media: Twitter: 🤍stoneflyinc Facebook: stoneflyinc Linkedin: 🤍
Weekly summary of discussions, and best practices on topics such as ransomware, data storage, hyperconverged, backup and disaster recovery (DR), and cloud. Vice Society Ransomware Claims Attack on Italian City of Palermo The Vice Society ransomware group has claimed responsibility for the recent ransomware-attack on the city of Palermo in Italy, which has caused a large-scale service outage. The cyberattack rendered internet-relying services unavailable, impacting 1.3 million people and many tourists visiting the city. Vice Society has claimed they were behind the attack on Palermo by posting an entry on their dark web data leak site, threatening to publish all stolen documents if a ransom is not paid. Iranian Hackers Target Energy Sector with DNS Backdoor The Iranian Lycaeum APT hacking group, also known as Hexane or Spilrin, is using a new .NET-based DNS backdoor hijacking to conduct attacks on companies in the energy and telecommunication sectors. DNS hijacking is a redirection attack that relies on DNS query manipulation to take a user who attempts to visit a legitimate site to a malicious clone hosted on a server under the threat actor's control. Any information entered on the malicious website, such as account credentials is shared directly with the threat actor. Hello XD Ransomware Dropping Backdoor While Encrypting Data Cybersecurity researchers have reported increased activity of the Hello XD ransomware, whose operators are now deploying an upgraded sample featuring stronger encryption. The malware's author has created a new encryptor that features custom packing for detection avoidance and encryption algorithm changes. The ransomware operators are also using an open-source backdoor named MicroBackdoor to navigate the compromised system, exfiltrate files, execute commands, and wipe traces. When executed, Hello XD attempts to disable shadow copies to prevent system recovery and then encrypts files, adding the .hello extension to file names. NAS Security: What to Expect and How to Secure your NAS With cybercriminals continuously coming up with new ways to target your NAS, making sure that your file storage and sharing environment is safe is an ever-growing challenge for SMBs, SMEs, and large enterprises alike. What NAS security challenges should you expect in 2022? And how can you secure your NAS from these threats? Confluence Servers Hacked to Deploy AvosLocker Ransomware Ransomware gangs are now targeting a recently patched remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances. By performing mass scans on various networks, AvosLocker threat actors search for vulnerable machines and deploy the ransomware. If successfully exploited, the OGNL injection vulnerability (CVE-2022-26134) enables unauthenticated attackers to take over unpatched servers remotely by creating new admin accounts and executing arbitrary code. Qbot Malware Uses Windows MSDT Zero-Day in Phishing Attacks A critical Windows zero-day vulnerability, known as Follina is being exploited in ongoing phishing attacks to infect recipients with Qbot malware. The TA570 Qbot affiliate uses malicious Microsoft Office .docx documents to infect recipients with Qbot. The attackers use hijacked email thread messages with HTML attachments which will download ZIP archives containing IMG files. Inside the IMG, the targets will find DLL, Word, and shortcut files. While the shortcut file directly loads the Qbot DLL file already present in the IMG disk image, the blank .docx document will reach out to an external server to load an HTML file that exploits the Follina flaw to run PowerShell code which downloads and executes a different Qbot DLL payload. 70TB - $7,995 Air-Gapped & Immutable Veeam, Rubrik, CommVault, site recovery Backup & DR appliance 70TB expandable up to 4PB Air-gaped & Immutable Veeam, Rubrik, CommVault, Site Recovery, Backup and DR appliance with Object Lockdown Technology for Ransomware protection for $7,995. 8-bay 2U Rackmount unit with 5x14TB Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and Native S3 cloud object storage. All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are included. For more information, demos, and quotes, contact StoneFly sales
Weekly summary about ransomware, data protection, data security, backup and DR, storage, and cloud. Looking for more details? Here are the links for the stories this week: 🤍 - #Cyberattack on Pacific communications cable thwarted by #Homeland Security Federal agents blocked a cyberattack launched against a submarine cable in Hawaii that provides phone and internet services to Pacific regions including Japan, Australia, and mainland US. Analysts say if the threat actors had been successful, damage such as a massive statewide blackout, data leaked from the servers or worse could have occurred. Read more 🤍 -Russia-Linked #Sandworm #Attacks #Ukrainian Energy Facility In a joint operation carried out by the Ukrainian #CERT with security companies #Microsoft and firm #ESET, it was found that an ICS-capable #malware and several regular disk wipers for Windows, Linux, and Solaris operating systems were used in an attack targeting the energy sector. According to ESET, the Sandworm group was responsible for the attack and used Industroyer2, CaddyWiper, ORCSHRED, SOLOSHRED and AWFULSHRED malware in an attempt to disrupt energy supply for multiple locations impacting two million civilians. CERT-UA says that the attack was averted and damage has been prevented thus far. 🤍 - Researchers Attribute 58% Ransomware Attacks in Q1 2022 to Lockbit and Conti 🤍 - Panasonic Canadian Operations Hit by “Targeted” Cyberattack 🤍 - Wind Turbine Firm Nordex Hit by Conti Ransomware Attack 🤍 - Veeam-Ready Appliance with Immutable Storage Cybersecurity experts recommend immutability as an essential component of a backup and DR solution to ensure effective data protection and mitigate ransomware risks. Read how to leverage immutability with Veeam’s enterprise backup, replication, and restore features using a turnkey appliance 🤍 🤍 Promo of the week: 100TB-10PB ONLY 1000W $8900 Air-Gapped & Immutable Veeam, Rubrik, Commvault, site recovery Backup and DR appliance. For more information, visit StoneFly website at 🤍 To schedule a demo or to get hardware specifications, contact StoneFly sales at sales🤍stonefly.com _ Connect with us on our social media: Twitter: 🤍stoneflyinc Facebook: stoneflyinc Linkedin: 🤍
The Biden administration praised the Kremlin for detaining members of a notorious ransomware gang at the request of the U.S. in a sweeping operation across Russia. Law enforcement raided the homes of 14 members of the gang REvil and seized currencies worth nearly $7 million, cryptowallets and 20 luxury cars, according to a statement Friday by Russia’s Federal Security Service, known as FSB. Authorities in the U.S. have been informed that the group was shut down, it said. Subscribe to our YouTube channel: 🤍 Subscribe to our newest channel Quicktake Explained: 🤍 Bloomberg Quicktake brings you live global news and original shows spanning business, technology, politics and culture. Make sense of the stories changing your business and your world. To watch complete coverage on Bloomberg Quicktake 24/7, visit 🤍 or watch on Apple TV, Roku, Samsung Smart TV, Fire TV and Android TV on the Bloomberg app. Have a story to tell? Fill out this survey for a chance to have it featured on Bloomberg Quicktake: 🤍 Connect with us on… YouTube: 🤍 Breaking News on YouTube: 🤍 Twitter: 🤍 Facebook: 🤍 Instagram: 🤍
Weekly summary of discussions, and best practices on topics such as ransomware, data storage, hyperconverged, backup and disaster recovery (DR), and cloud. Conti Ransomware Targets Intel’s Management Engine for Stealth Attacks Russian-linked cybercriminal Conti has created proof-of-concept code that can leverage Intel’s Management Engine to overwrite flash and gain System Management Mode (SMM) execution. This allows Conti to access the flash memory that hosted UEFI/BIOS firmware, bypass write protections, and perform arbitrary code execution on the compromised system. The final goal would be to drop an SMM implant that would run with the highest possible system privileges (ring-0) while practically undetectable from OS-level security tools. Read more Chinese LuoYu Hackers Deploy Cyber-Espionage Payload via App Updates A Chinese-speaking hacking group known as LuoYu is infecting victims with WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks. To do that, the threat actors actively monitor their targets' network traffic for app update requests linked to popular Asian apps such as QQ, WeChat, and WangWang and replace them with WinDealer installers. The malware can install backdoors to maintain persistence, manipulate files, scan for other devices on the network, and run arbitrary commands. Read more Industrial Spy Hacks Corporate Websites to Show Ransom Notes Industrial Spy, a recently launched marketplace that sells stolen data, has adopted a new extortion strategy of displaying ransom notes publicly on their victim’s website. As part of their attacks, Industrial Spy will breach networks, steal data, and deploy ransomware on devices. The threat actors then threaten to sell the stolen data on their Tor marketplace if a ransom is not paid. On June 2nd, the threat actor began selling 200GB data they claim was stolen from a French company named SATT Sud-Est for $500,000. Read more A New Windows Search zero-day Vulnerability Found in Microsoft Protocol Experts have identified a new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document. The security issue can be leveraged because Windows supports a URI protocol handler called 'search-ms' that allows applications and HTML links to launch customized searches on a device. While most Windows searches will look on the local device's index, it is also possible to force Windows Search to query file shares on remote hosts and use a custom title for the search window – which allows threat actors to weaponize word documents and launch remotely hosted malware. Read more Log Archiving: What Challenges to Expect and How to Overcome Them From event logs to network access to user actions, logs contain records and provide vital information which makes it important for businesses to analyze and store them. Even a small businesses’ IT system can generate terabytes of log data per day – adding up to several terabytes per month. In order to effectively manage these logs and ensure cost-effective retention, for compliance and data analytics, log archiving is necessary. However, traditional archive systems, such as tape arrays, take up time, rack-space, dedicated IT staff, and resources – which makes them inefficient, and insecure. Read more Lockbit Ransomware Attack Disrupted Operations at Foxconn’s Mexico Site Smartphone manufacturing giant Foxconn has confirmed that a ransomware attack disrupted operations at one of its Mexico-based production plants. The affected production plant specializes in the production of medical devices, consumer electronics and industrial operations. LockBit a prominent ransomware-as-a-service (RaaS) operation has claimed responsibility for the attack and is threatening to leak data stolen from Foxconn unless a ransom is paid. Read more 128TB Fully Air Gapped & Immutable Veeam Backup and DR appliance for $9,995 128TB Fully Air Gapped Veeam backup and DR appliance with Immutable Object Lockdown Technology for Ransomware protection & Instant multi VM recovery for $9,995. 8-bay 2U Rackmount unit, 8x16TB (128TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and optional S3 cloud object storage. All Enterprise Data services such as immutable snapshot, automated air-gapping, encryption (Hardware), Dedup (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), Immutable policy-based vault, Predictive failure, call home, Real-time performance, report, and notification are included.
Quantum Ransomware encrypts data and attacks government institutions for high ransom payments, data recovery scams. 🤍 (Acronis Cyber Protect Home Office) #ransomware Buy the best antivirus: 🤍 Join the discussion on Discord: 🤍 Get your business endpoints tested by us: 🤍 Contact us for business: 🤍
Weekly summary of discussions, and best practices on topics such as ransomware, data storage, hyperconverged, backup and disaster recovery (DR), and cloud.
Weekly summary of discussions, and best practices on topics such as ransomware, data storage, hyperconverged, backup and disaster recovery (DR), and cloud. Lincoln College in Illinois to Shutdown Permanently After Ransomware Attack Lincoln College in Illinois will shut down permanently this week after financial woes caused by the pandemic were magnified by a ransomware attack last December. The college’s finances were stretched thin due to the COVID-19 pandemic leading to a drop in enrollments and the large tech spendings for remote learning. The final blow came on December 19 when the college was hit by ransomware, which affected its IT systems for recruitment, retention and fundraising. Costa Rica Declares Emergency After Conti Ransomware Attack The Costa Rican President Rodrigo Chaves has declared a national emergency following cyber-attacks from Conti ransomware group on multiple government bodies. Conti has, so far, stolen 672GB of data and published 97% of it on their leak site. The leak site presently lists the finance ministry, ministry of labor and social security, the social development and family allowances fund, the Interuniversity Headquarters of Alajuela government departments purportedly affected by the attack. US Agricultural Machinery Maker AGCO Hit by Ransomware Attack AGCO, a leading US-based agricultural machinery producer, has announced it was hit by a ransomware attack impacting some of its production facilities. AGCO is a giant in the field, having a revenue of over $9 billion, employing 21,000 people, and owning brands like Fendt, Massey Ferguson, Challenger, Gleaner, and Valtra. As such, any production disruption caused by the ransomware attack could have a significant supply chain impact on the production and delivery of equipment. Experts Recommend Immutable Backups to Mitigate Ransomware Risks Cybersecurity experts recommend immutable backups to protect sensitive information such as Personally Identifiable Information, Protected Health Information, etc. from ransomware attacks. Learn what immutable backups are and why do you need them. Fake Windows 10 Updates Being Used to Distribute Magniber Ransomware Fake Windows 10 updates are being used to distribute the Magniber ransomware in a massive campaign that started earlier in April. These updates are distributed under various names, with Win10.0_System_Upgrade_Software.msi and Security_Upgrade_Software_Win10.0.msi being the most common. Backups Can’t Protect Your Data – You Need Air-Gapping and Immutability Ransomware target the corporate impacting not just production but also connected storage devices and backup servers. As a result, backups alone aren’t enough to effectively protect your data from ransomware which is why experts recommend air-gapping and immutability. Read more Veeam Cloud $50/TB Immutable and Air-Gapped Backup and Disaster Recovery Veeam Cloud Backups with Integrated Immutable and Air-Gapped for $50/TB per month. Backup or Replicate, Spin-up in the cloud for $50/TB. Need help with planning, installation, configuration, optimization, testing, or training? 24/7 Smart Protect remote backup and DR management plan available for your complete support needs. Learn more about Veeam cloud backups on StoneFly website.
Weekly summary of discussions, and best practices on topics such as ransomware, data storage, hyperconverged, backup and disaster recovery (DR), and cloud. QNAP NAS Devices Targeted in Another Wave of Ransomware Attacks The operators of the eCh0raix ransomware, also known as QNAPCrypt, have launched another wave of attacks against QNAP network-attached storage (NAS) devices. The threat actors are gaining access to QNAP devices through known vulnerabilities or by brute-forcing weak passwords used on the device. This new wave of attacks picked up after the recent publication of an advisory released by QNAP for three vulnerabilities identified as CVE-2018-19943, CVE-2018-19949, and CVE-2018-19953 that allow attackers to inject malicious code or perform remote code execution. New Phishing Campaign Delivers 'Matanbuchus' Ransomware to Infect Devices with Cobalt Strike Security experts have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines. Cobalt Strike is a penetration testing suite that is frequently used by threat actors for lateral movement and to drop additional payloads. Matanbuchus is a malware-as-a-service (MaaS) initiative that launches executables directly into system memory. The malware's features include launching custom PowerShell commands, leveraging standalone executables to load DLL payloads, and establishing persistence via the addition of task schedules. Sophos Firewall zero-day Bug Exploited by Chinese Hackers Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall (18.5 MR3 (18.5.3) and earlier) to compromise a South Asian company and breach cloud-hosted web servers operated by the victim. The zero-day flaw is tracked as CVE-2022-1040, that concerns an authentication bypass vulnerability that can be used to execute arbitrary code remotely. The threat actors used the zero-day exploit to install webshell backdoors and malware that would enable infecting external systems outside the network protected by Sophos Firewall. Read more What is BCDR – A Guide to Business Continuity and Disaster Recovery Business continuity and disaster recovery (BCDR) are essential parts of risk management and recovery plan. But what are the differences between both? How do you develop and implement a BCDR policy? Read more Extortion Gang Ransoms Shoprite, the Largest Supermarket Chain in Africa Shoprite Holdings, Africa's largest supermarket chain has been hit by a ransomware attack. Last Friday, the company disclosed that they suffered a security incident, warning customers in Eswatini, Namibia, and Zambia, that their personal information might have been compromised due to a cyberattack. The compromised data included names and ID numbers, but no financial information or bank account numbers. The ransomware gang known as RansomHouse took responsibility for the attack, posting an evidence sample of 600GB of data they claim to have stolen from the retailer during the attack. Read more Blue Mockingbird Exploits Telerik Flaws to Deploy Cobalt Strike The threat actor ‘Blue Mockingbird’ targeted Telerik UI vulnerabilities to install Cobalt Strike beacons, and mine Monero by hijacking system resources. The exploited flaw is CVE-2019-18935, a critical severity deserialization that leads to remote code execution in the Telerik UI library. The threat actors are able to acquire encryption keys by exploiting another vulnerability in the target web app or by using CVE-2017-11317 and CVE-2017-11357. Cobalt Strike deployment then allows easy lateral movement within the compromised network, data exfiltration, account takeover, and deployment of more potent payloads such as ransomware. Read more 70TB - $7,995 Air-Gapped & Immutable Veeam, Rubrik, CommVault, site recovery Backup & DR appliance 70TB expandable up to 4PB Air-gapped & Immutable Veeam, Rubrik, CommVault, Site Recovery, Backup and DR appliance with Object Lockdown Technology for Ransomware protection for $7,995. 8-bay 2U Rackmount unit with 5x14TB Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and Native S3 cloud object storage. All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are included.
Many of us think our FileMaker servers are safe, secure, and free from any risk of exploitation. Guess again. Ransomware has exploded in the last few years, and as a FileMaker Server admin, your expectation should be that it's a matter of when, and not if, your server will be attacked. Chris Moyer of the Moyer Group and Wim Decorte of Soliant Consulting will shine a light on vulnerabilities, demonstrate a FileMaker Server being encrypted and decrypted with databases in various states, and discuss mitigation and response strategies we should all consider to protect ourselves. Meeting details and discussion here. 🤍 You can follow more of what we're up to with the Developer Innovation Group in FileMaker—and even offer us suggestions—at the following Community group: 🤍
Not surprisingly, ransomware attacks are on the rise. Here some of the latest statistics on it, what the US Government is doing to address it and valuable recommendation to keep your organization secure. Download the Ransomware Response Guide from here: 🤍 Presented by Paola Saibene & Abu Sadeq Guest Author: George Finney
Amazon flying security cam, ZeroLogon on GitHub, ransomware roundup. • What could possibly go wrong: Amazon/Ring's autonomous flying home security webcam • Evil ransomware gang deposited $1 million of bitcoin in a hacker recruitment drive • Over this past weekend, Universal Health Services was hit by a huge Ryuk ransomware • One week ago, there were three ZeroLogon exploits on GitHub. Today there are more than fit on the first page of search results • Security Fixes in Chrome's v85.0.4183.121 Release • The VPN you choose DOES make a difference. • A “Ransomware Goldrush” We invite you to read our show notes at 🤍 Hosts: Steve Gibson, Leo Laporte Security Now Episode 786 More Info: 🤍 Download or subscribe to this show at 🤍 You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: 🤍 also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Products we recommend: 🤍 TWiT may earn commissions on certain products. Join our TWiT Community on Discourse: 🤍ity/ Follow us: 🤍 🤍 🤍 🤍 About us: TWiT.tv is a technology podcasting network located in the San Francisco Bay Area with the #1 ranked technology podcast This Week in Tech hosted by Leo Laporte. Every week we produce over 30 hours of content on a variety of programs including Tech News Weekly, MacBreak Weekly, This Week in Google, Windows Weekly, Security Now, All About Android, and more.
Hey Everybody, no new interview this week, because I’ve got this kind of stuff going on. I’m getting a new roof put on and New siding on the house, so that made things a bit crazy. I just want to take a moment to thank you for watching and if you like this channel, please think about subscribing. Most of the regular viewers of this channel are not subscribers, but subscribing can help us do more with the channel. Everybody is fighting the Ransomware security battle, so I wanted to take a few minutes to highlight some of the interviews we have done that focus on that. I will add links up here and in the description and I will put together a playlist so you can find them easily. This is kind of like those flashback episodes of TV shows where they get away with not producing a new episode, but it kind of looks like you did. First up is an interview we did with Andrew Miller who is Pure Storage’s Subject Matter Expert on Ransomware. He gives a good breakdown on the situation Next, we have Hitesh Sheth the CEO of Vectra AI about stopping these threats and how Vectra can add to your security We talked with Saket Modi, CEO and founder of Safe Security, Which gives you tools to asses your security posture by giving you and your employees a security score. It also provides tools to help remediate issues and train your people. One of the big steps you can take to proactively protect your infrastructure is o segment you systems, and we had Illumio’s Nathanael Iversen on to tell us about how Illumio makes it simple to implement segmentation. Sentinel One has been in the news lately following their big IPO, and we had Jared Phipps on to talk about security and how SentinelOne can keep you secure. One of the challenges around breaches is knowing what data you can trust. Chainkit utilizes blockchain to cryptographically validate your data, and we had CEO Val Bercovici on to talk security. Sysdig started life as a analytics and troubleshooting tool, but evolved into a security focus platform to help you keep an eye on an increasingly distributed infrastructure landscape. We had Sysdig’s CRO, Keegan Riley on to tell us their story. While we are on analytic, let’s talk about the bid dog in the monitoring space, Datadog. Good analytics can help you identify issues faster and with greater accuracy, and we had Product and Community VP Ilan Rabinovitch on to tell us about it. Last, I did a quick roundup of the hot issues in tech right now, you can check it out here. I would love to hear your thoughts in the comments and if you have any suggestions for things you would like to see, let us know in the comments. Thanks for watching, if you like what you saw, click that like button, hit that subscribe button and click the bell for notifications, and I will see you in the next video. Chapters: 00:00 - Intro 00:20 - Thank You 00:50 - Andrew Miller, Pure Storage 01:02 - Hitesh Sheth, Vectra AI 01:10 - Saket Modi, Safe Security 01:28 - Nathanael Iversen, Illumio 01:40 - Jared Phipps, SentinelOne 01:49 - Val Bercovici, Chainkit 02:00 - Keegan Riley, Sysdig 02:17 - Ilan Rabinovitch, Datadog 02:32 - Hot Topics in Tech Andrew Miller, Pure Storage: 🤍 Hitesh Sheth, Vectra AI: 🤍 Saket Modi, Safe Security: 🤍 Nathanael Iversen, Illumio: 🤍 Jared Phipps, SentinelOne: 🤍 Val Bercovici, Chainkit: 🤍 Keegan Riley, Sysdig: 🤍 Ilan Rabinovitch, Datadog: 🤍 My Round Up: 🤍 Ransomware Playlist: 🤍 FUTRtech focuses on startups, innovation, culture and the business of emerging tech with weekly video podcasts where Chris Brandt and Sandesh Patel talk with Industry leaders and deep thinkers.
So much like viruses and adware were top of mind in the nineties when the internet first began to dominate popular culture, you really can’t look far without hearing about ransomware. By why ransomware and not some other type of malware? Today we ask: Why is ransomware on the rise? To see more free series by Carbon Black go to 🤍carbonblack.com/resources/learn-ngav Don't miss out on the future of next generation endpoint security! Follow us and stay up to date on the latest trends, topics and releases. LinkedIn: 🤍 Facebook: 🤍 Twitter: 🤍 Google+: 🤍 Everything you need and more: 🤍 Check out our blog: 🤍 About Carbon Black Hackers: It Takes One to Know One Carbon Black was founded by former members of the U.S. government’s elite team of offensive security hackers. Trained by the NSA and CIA, our founders possessed early insights into the tools and techniques of 21st century cyber hackers. For more than 15 years, our leadership and software have outpaced increasingly sophisticated attacks. Pioneers in the Market We’re delivering a new generation of endpoint security, purposely designed to protect your organization from the most advanced cyberattacks. Our pioneering approach to application control, endpoint detection and response (EDR), and next-generation antivirus (NGAV) has been rigorously tested and proven by highly regarded third-party industry analysts. Some of this recognition is highlighted, below, under Awards. Customer Driven Thirty of the Fortune 100 rely on Carbon Black. Our diverse customer base includes Silicon Valley leaders in internet search, social media, transportation, government, finance, and higher education. Collectively, 3,000+ organizations trust us to protect more than 9 million endpoints around the world. With an eye on empowering every security team and protecting every endpoint, we stand true to our founding vision: To create a world safe from cyberattacks.
QNAP has warned of a new family of ransomware targeting its NAS devices using weak passwords. Threat actors use brute-force attacks to break into accounts with weak passwords in QNAP devices with SMB service enabled. After gaining access, the threat actors can encrypt files in shared folders. QNAP recommends turning off SMB 1 service, using VPN to access the NAS and updating the operating system to the latest version to reduce the attack surface
Point32Health, a major health insurance provider in Massachusetts and New Hampshire, has confirmed a ransomware attack that disrupted services for its customers. The attack affected systems that contain sensitive customer data and health information. For details, visit: 🤍 #Point32Health #healthinsurance #insurance #Massachusetts #Hampshire #ransomware #cybercrime
Kurtis Minder is today’s guest on the Cyber Security Matters podcast, hosted by Dominic Vogel and Christian Redshaw. Founder & CEO of GroupSense, a digital risk protection services company that delivers customer-specific intelligence that dramatically improves enterprise cyber security and fraud-management operations. Kurtis Minder has over 20 years of information security experience spanning operations, design and business development. In this episode, we will discuss: -How cyber security threat intelligence impacts organizations -Why there has been an increase in ransomware attacks -How ransomware negotiation works -What factors companies need to consider when they get hit by ransomware Want to connect with Kurtis? Here are a couple of ways that you can do exactly that: -Website: 🤍groupsense.io -LinkedIn: 🤍KurtisMinder #cybersec #technology #business ep126
#shorts #Fin7 #Microsoft #Clop #ransomware #cyberattack #ransomwareattack #cybersecurity
On Friday, the #ADA suffered a #cyberattack that forced them to take affected systems offline, which disrupted various online services, telephones, email, and webchat. This outage is causing online services to be inaccessible, including the ADA Store, the ADA Catalog, My ADA, Meeting Registration, Dues pages, ADA CE Online, the ADA Credentialing Service, and the ADA Practice Transitions. The company has also resorted to using Gmail addresses while its email systems are offline. Black Basta, a new ransomware group, has claimed responsibility and has begun leaking the stolen information. The leak site claims to have leaked 2.8GBs of data, which the threat actors state is 30% of the stolen data in the attack. 🤍
Science and Technology Explained Videos- 🤍 Mana La Excellence Telegram Channel Link: 🤍 Contact Info: Group1 Courses- 72079 55032 7207955034 UPSC Coaching- 9052192929 9052292929 = Mana La Excellence channel is to provide for quality content to the students in Telugu Language. Email id: laexcellence.hyd🤍gmail.com Telegram- *Mana La Excellence Telegram Channel Link* 🤍 Address: La Excellence IAS 1st floor, #1-10-223/s, Ashok Nagar Extension, Lower Tank Bund, Kavadiguda, Opposite to Oriental Bank of Commerce, Hyderabad, Telangana 500020. = Follow our other channels English: La Excellence IAS Coaching Institute Kannada: Namma Laex Bengaluru #scienceandtechnology #currentaffairsintelugu #currentaffairstelugu #upsc2022 #appsctspsc #telugucurrentaffairs #thehindunewsanalysis #bestiascoachinginhyderabad #bestcivilscoachinginhyderabad #iascoachinginhyderabad
Learn how cyber criminals are breaching your defenses, what they do once inside and what you can do about it.
Have you been impacted by the issues in this episode? Protect your business from ransomware attacks with Kaspersky Optimum Security 🤍 Ransomware’s rise has been quick and deadly. We’ve seen it develop to a stage where ransom attacks like those on the Dusseldorf University Hospital and the Colonial Pipeline in the USA are becoming increasingly commonplace. Explore the consequences of famous malware attacks and see how a heart attack showed ransomware’s damage potential. Find out how to protect yourself. Watch more stories on the world of tech and cybersecurity at 🤍
Comparison and demonstration of two environments, one running Minerva and protected against ransomware attack while the second (unprotected) environment is being compromised and encrypted by the same ransomware
Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk broke down the Follina/MSDT zero day vulnerability (CVE-2022-30190), rounded up the latest ransomware activity, and discussed supply chain risk related to Python and PHP libraries. Mick and Ryan competed in a 60 second charity challenge to explain LOLBins before taking a deep dive into the 2022 Verizon Data Breach Investigations Report. Microsoft Blog on CVE-2022-30190: 🤍 REvil prosecution reportedly stalls in Russia: 🤍 Cl0p hits 21 victims in April: 🤍 Costa Rica suffers another cybersecurity incident: 🤍 Hacker claims hijacking libraries, stealing AWS keys was ethical research: 🤍
See how SentinelOne kills Hive Ransomware and reverses all malicious actions. Hive is a recently discovered ransomware family. Earlier this month, the criminal group leaked data from Altus Group, a software company focused on the commercial real estate industry. The threat will attempt to inhibit system recovery by removing Volume Shadow Copies. VSS removal and timeout (execution delays) functions are handled via two .BAT files dropped upon launch (shadow.bat and hive.bat). Hive’s execution is both rapid and noisey. Full drive encryption can be achieved within minutes. That said, visible cmd-windows and excessive timeout calls make it far from ‘stealth’. Victims are instructed to visit the Hive payment / support portal via TOR. #ransomware #cybersecurity #threathunting #threatintelligence #IT #infosec ~~~Subscribe to our channels:~~~ Website: 🤍 LinkedIn: 🤍 Twitter: 🤍 Facebook: 🤍 Instagram: 🤍 ~~~~~~~~~~~~ SentinelOne is the only cybersecurity solution encompassing AI-powered prevention, detection, response, and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous platform. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle. To learn more visit 🤍sentinelone.com.
.svg){kind=small}
