Malware

08 Feb

Cohesity Data Cloud 7.0 enhances privileged access authentication, ransomware recovery

Data Breaches, Malware, Social Engineering

Data security and management vendor has announced the 7.0 software release of its Cohesity Data Cloud platform. The release provides customers with enhanced cyber resiliency capabilities to help protect and secure data against cyberattacks, the firm stated in its announcement. Expanded features include privileged access hardening, accelerated ransomware recovery for files and objects, and attack surface reduction via AWS GovCloud support, Cohesity added. Cohesity 7.0 focuses on a “data-centric” approach to cyber resilience In a…

Read More
08 Feb

Surge of swatting attacks targets corporate executives and board members

Data Breaches, Malware, Social Engineering

At around 8:45 pm on February 1, 2023, a caller to the Groveland, Massachusetts, 911 emergency line told dispatchers that he harmed someone in a home on Marjorie Street in the upscale small town 34 miles north of Boston. The caller also said he would harm first responders, too. Groveland police chief Jeffrey Gillen summoned the police, fire, and emergency mutual aid of the nearby towns of Ipswich, Rowley, Topsfield, and Haverhill. Police evacuated neighboring…

Read More
07 Feb

CISA Releases ESXiArgs Ransomware Recovery Script

Attacks, Insights, Malware

Original release date: February 7, 2023 CISA has released a recovery script for organizations that have fallen victim to ESXiArgs ransomware. The ESXiArgs ransomware encrypts configuration files on vulnerable ESXi servers, potentially rendering virtual machines (VMs) unusable. CISA recommends organizations impacted by ESXiArgs evaluate the script and guidance provided in the accompanying README file to determine if it is fit for attempting to recover access to files in their environment. Organizations can access the recovery…

Read More
07 Feb

VMware ESXi Servers Targeted by Linux Variant of Royal Ransomware

Attacks, Malware

Hypervisors like ESXi continue to become more ubiquitous due to the power and convenience of managing virtual machines rather than physical ones. Unfortunately, that power and convenience also attract threat actors. The compromise of a hypervisor also implies the compromise of every virtual machine housed within. In a single stroke, dozens to hundreds of critical virtual machines could be encrypted and held for ransom. ESXi servers are particularly vulnerable, inciting the recent trend of ransomware…

Read More
07 Feb

GoAnywhere MFT Zero-Day Exploit Proof-of-Concept Released

Attacks, Malware

Any users of GoAnywhere MFT should assume compromise, and remove public-facing internet access to the tool and rotate the master encryption key and any passwords used for access. The security bulletin released by the developer includes a stacktrace that administrators can look for in the logs to determine if the exploit was uses against the system. Additionally, administrators should deploy the security patch as soon as change management allows. Companies should endeavor to always bring…

Read More
07 Feb

Clop Ransomware Targeting Linux Systems

Attacks, Malware

Ransomware groups are always working to find new targets and develop new strains of ransomware that will increase their target lists and maximize their profits. With lots of companies moving to cloud-based computing, most of it being run on Linux, this shift from Clop is not unexpected. A number of ransomware operations are now targeting vulnerable VMWare ESXi servers, thousands of which have recently transitioned to end-of-life status and are no longer receiving official security…

Read More
07 Feb

What CISOs need to know about the renewal of FISA Section 702

Data Breaches, Malware, Social Engineering

In our hyperconnected world, multinational organizations operate within and across multiple nation-states. Those who do business within the United States will want to keep their eye on the status of Section 702 of the Foreign Intelligence Surveillance Act (FISA), which sets out procedures for physical and electronic surveillance and collection of foreign intelligence. Section 702 specifically addresses how the US government can conduct targeted surveillance of foreign persons located outside the US, with the compelled…

Read More
07 Feb

MKS Instruments falls victim to ransomware attack

Data Breaches, Malware, Social Engineering

Semiconductor equipment maker MKS Instruments is investigating a ransomware event that occurred on February 3 and impacted its production-related systems, the company said in a filing with the US Security and Exchange Commission. MKS Instruments is an Andover, Massachusetts-based provider of subsystems for semiconductor manufacturing, wafer level packaging, package substrate and printed circuit boards. An email sent to MKS Instruments seeking more information about the attack remained unanswered, while the company’s website continued to be inaccessible at the time…

Read More
06 Feb

Massive ransomware attack targets VMware ESXi servers worldwide

Data Breaches, Malware, Social Engineering

A global ransomware attack has targeted thousands of servers running the VMware ESxi hypervisor, with many more servers expected to be affected, according to national cybersecurity agencies and security experts around the world. The Computer Emergency Response Team of France (CERT-FR) was the first to notice and send an alert about the attack. “On February 3, CERT-FR became aware of attack campaigns targeting VMware ESXi hypervisors with the aim of deploying ransomware on them,” CERT-FR wrote. …

Read More
06 Feb

GoodRx Will Settle Claim It Shared Sensitive Health Data with Advertisers

Attacks, Malware

Threat actors can leverage stolen medical records to impersonate legitimate patients to commit various forms of fraud, including submitting fraudulent claims to health insurers without authorization. This could not only affect healthcare coverage, but also compromise safety if there is misinformation on file that is needed for medical treatment. Anyone who may have been a victim of a medical data breach should get confirmation from their provider to find out exactly what information was stolen.…

Read More