CyberSecurity Updates

07 Feb

Clop Ransomware Targeting Linux Systems

Attacks, Malware

Ransomware groups are always working to find new targets and develop new strains of ransomware that will increase their target lists and maximize their profits. With lots of companies moving to cloud-based computing, most of it being run on Linux, this shift from Clop is not unexpected. A number of ransomware operations are now targeting vulnerable VMWare ESXi servers, thousands of which have recently transitioned to end-of-life status and are no longer receiving official security…

Read More
07 Feb

Software Supply Chain Security Firm Lineaje Raises $7 Million

Information, News

Software supply chain security startup Lineaje today announced that it has raised $7 million in a seed funding round led by Tenable Ventures. Dreamit Ventures and Veear Capital also participated in the investment round, along with various angel investors. Founded in 2021, the Saratoga, California-based company helps organizations secure their software supply chain, regardless of whether they are the developers, suppliers, or users of software. Lineaje’s SB0M360 software supply chain management solution can identify all…

Read More
07 Feb

What CISOs need to know about the renewal of FISA Section 702

Data Breaches, Malware, Social Engineering

In our hyperconnected world, multinational organizations operate within and across multiple nation-states. Those who do business within the United States will want to keep their eye on the status of Section 702 of the Foreign Intelligence Surveillance Act (FISA), which sets out procedures for physical and electronic surveillance and collection of foreign intelligence. Section 702 specifically addresses how the US government can conduct targeted surveillance of foreign persons located outside the US, with the compelled…

Read More
07 Feb

MKS Instruments falls victim to ransomware attack

Data Breaches, Malware, Social Engineering

Semiconductor equipment maker MKS Instruments is investigating a ransomware event that occurred on February 3 and impacted its production-related systems, the company said in a filing with the US Security and Exchange Commission. MKS Instruments is an Andover, Massachusetts-based provider of subsystems for semiconductor manufacturing, wafer level packaging, package substrate and printed circuit boards. An email sent to MKS Instruments seeking more information about the attack remained unanswered, while the company’s website continued to be inaccessible at the time…

Read More
06 Feb

Finnish psychotherapy extortion suspect arrested in France

Information

by Naked Security writer In October 2022, we asked you to imagine being stuck in the following awful situation: Imagine that you’d spoken in what you thought was total confidence to a psychotherapist, but the contents of your sessions had been saved for posterity, along with precise personal identification details such as your unique national ID number, and perhaps including additional information such as notes about your relationship with your family… …and then, as if…

Read More
06 Feb

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto

Information

by Paul Ducklin DO WE REALLY NEED A NEW “WAR AGAINST CRYPTOGRAPHY”? We talk to renowned cybersecurity author Andy Greenberg about his tremendous new book, Tracers in the Dark. Hear Andy’s thoughtful commentary on cybercrime, law enforcement, anonymity, privacy, and whether we really need a “war against cryptography” – codes and ciphers that the government can easily crack if it thinks there’s an emergency – to cement our collective online security. Click-and-drag on the soundwaves…

Read More
06 Feb

Massive ransomware attack targets VMware ESXi servers worldwide

Data Breaches, Malware, Social Engineering

A global ransomware attack has targeted thousands of servers running the VMware ESxi hypervisor, with many more servers expected to be affected, according to national cybersecurity agencies and security experts around the world. The Computer Emergency Response Team of France (CERT-FR) was the first to notice and send an alert about the attack. “On February 3, CERT-FR became aware of attack campaigns targeting VMware ESXi hypervisors with the aim of deploying ransomware on them,” CERT-FR wrote. …

Read More
06 Feb

Comcast Wants a Slice of the Enterprise Cybersecurity Business

Information, News

Telco and media conglomerate Comcast has jumped headfirst into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace. The Philadelphia technology giant has created a new cybersecurity business unit led by former Zscaler executive Nicole Bucala to develop and sell what Comcast is describing as a “security data fabric platform. In a note announcing the new business unit, Comcast said the long-term plan is to…

Read More
06 Feb

GoodRx Will Settle Claim It Shared Sensitive Health Data with Advertisers

Attacks, Malware

Threat actors can leverage stolen medical records to impersonate legitimate patients to commit various forms of fraud, including submitting fraudulent claims to health insurers without authorization. This could not only affect healthcare coverage, but also compromise safety if there is misinformation on file that is needed for medical treatment. Anyone who may have been a victim of a medical data breach should get confirmation from their provider to find out exactly what information was stolen.…

Read More
06 Feb

Iranian Nation-State Group Behind Charlie Hebdo Breach, Microsoft Says

Attacks, Malware

Releasing the entire cache of stolen information might result in massive doxing, Redmond further warned. “After Holy Souls posted the sample data on YouTube and multiple hacker forums, the leak was amplified by a concerted operation across several social media platforms. This amplification effort made use of a particular set of influence Tactics, Techniques, and Procedures (TTPs) DTAC has witnessed before in Iranian hack-and-leak influence operations,” stated the Windows maker’s Digital Threat Analysis Center (DTAC).…

Read More