Weekly
Apr 24 - 28, 2023
Critical RCE vulnerabilities in APC's online UPS monitoring software, called 'TLStorm', allow remote device access and control by hackers. The flaws (CVE-2023-29411, CVE-2023-29412, and CVE-2023-29413) can execute code, cause DoS, and mishandle case sensitivity. The Easy UPS Online Monitoring Software v2.5-GA-01-22320 and earlier versions are affected, as well as all Windows versions and Windows Server 2016, 2019, and 2022. Users are advised to upgrade to V2.5-GS-01-23036 and disable "program" mode. Read more
BlueNoroff, a North Korean hacking group, is using a new macOS malware called RustBucket to steal sensitive data and deploy ransomware. The malware is disguised as an "Internal PDF Viewer" application, and once a file is opened, it executes malicious code, bypassing traditional security measures. The group uses job-themed lures to distribute the malware and retrieves a second-stage payload from a remote server. Read more
Google warns Chrome and Edge users to update their browsers as two zero-day exploits have been discovered. The CVE-2023-2033 and CVE-2023-2136 vulnerabilities could be exploited remotely and allow attackers to execute remote code and perform a sandbox escape. The former is a type confusion error, while the latter is an integer overflow in Skia. Read more
Chinese hacker group - Gallium, AKA Alloy Taurus, is using two new variants of Linux malware, PingPull and Sword2033, to launch cyberespionage attacks in South Africa and Nepal. PingPull is a remote access trojan controlled by the attacker’s C2 server using different HTTP parameters, while Sword2023 is a backdoor that communicates with the same C2 server and can exfiltrate sensitive files for espionage. Read more
Improve your recovery time and point objectives (RTPO) by calculating them accurately. This blog post shares insights on calculating RTPO and how to enhance it. The post discusses the importance of RTPO, how to calculate it, and measures to improve it. It also emphasizes the significance of a robust disaster recovery plan to ensure that businesses are not affected by unforeseen disruptions. Read more
Point32Health, a health insurer, has confirmed a ransomware attack on its IT systems, resulting in service disruption for customers. The attack targeted customer data, and the identity of the attackers and the ransomware used in the attack remain undisclosed. Law enforcement and cybersecurity experts have been notified of the incident. Read more
98TB Fully Air Gapped and Immutable Veeam Backup and DR appliance with 10 Veeam Backup Essentials Annual Subscription License for $9,995.
10th Gen, 8-bay 2U Rackmount unit with 7x14TB (98TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Redundant Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, Dual 10Gb RJ-45 Ports, Fully Integrated SAN, NAS and optional S3 cloud storage.
All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For appliance demos, specifications, and quotes contact us.
Weekly
Apr 10 - 14, 2023
Iranian hackers MuddyWater and DEV-1084 are carrying out cyberattacks targeting Middle Eastern entities. The attackers exploit vulnerable devices accessible via the internet, create admin accounts, deploy web shells and backdoors, and steal login credentials. The attackers use compromised Azure Active Directory accounts with global administrator privileges to cause data loss and denial of service and Group Policy Objects to deploy DarkBit ransomware and exfiltrate data from mailboxes. The US government has officially tied DEV-1084 to Iran’s Ministry of Intelligence and Security. Read more
Japanese word processor Ichitaro is vulnerable to four arbitrary code execution flaws that allow hackers to gain control of the system. The vulnerabilities can lead to arbitrary code execution and allow memory corruption. JustSystems has issued fixes for the vulnerabilities that affect the 2021, 2022, and 2023 versions of Ichitaro and the trial version of Ichitaro 2022 and Ichitaro Viewer. Japan's Computer Emergency Response Team has warned that other JustSystems products may also be affected. Read more
Orca has warned that hackers can gain full access to accounts and business data and execute remote code by exploiting Microsoft Azure shared key authorization - an inferior security method compared to Azure Active Directory credentials. Attackers possessing the account access keys can abuse shared key authorization to gain full access to a storage account, access critical business assets, and execute remote code. Orca recommends disabling shared key authorization altogether to mitigate risks. Read more
Cybercriminals have been exploiting the CVE-2023-28252 vulnerability in a series of ransomware attacks. The flaw affects the Windows CLFS driver that allows elevated privileges to the System. Cybercriminals deploy the Nokoyawa ransomware using this exploit and many similar but unique exploits. The Nokoyawa ransomware encrypts files and threatens to leak valuable data unless a ransom is paid. The cybercriminals behind Nokoyawa have ties to the Karma and Nemty ransomware families and to the infamous Hive operation. Read more
Both Azure and AWS have robust security features that meet industry standards. But there are several key factors to consider, including data encryption, access control, compliance certifications, backup and recovery options, and more. We have written this blog to explore these factors in depth and help you decide which cloud provider is best for your organization's cloud backup needs. Read more
Microsoft has warned about a phishing campaign targeting accounting firms and tax preparers. The phishing campaign begins with fake emails that appear to be from clients, sending documents to complete their tax returns. The attachments contain various tax forms in PDF format but are, in fact, Windows shortcuts in disguise. These shortcuts execute PowerShell to download an obfuscated VBS file that downloads a fake PDF and executes the GuLoader malware, which then installs the Remcos remote access trojan on the network. Read more
192TB Fully Air Gapped and Immutable Veeam Backup and DR appliance with 20 Veeam Backup Essential Annual Subscription Licenses for $15,995.
10th Gen, 12-bay 2U Rackmount unit with 12x16TB (192TB) Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Redundant Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, Dual 10Gb RJ-45 Ports, Fully Integrated SAN, NAS and optional S3 cloud storage.
All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For appliance demos, specifications, and quotes contact us.
Weekly
Apr 3 - 7, 2023
The AlienFox toolkit can steal cloud credentials for 18 different services. The toolkit uses data-extraction scripts to examine misconfigured servers for sensitive configuration files holding secrets like account credentials, API keys, and authentication tokens. It exploits the CVE-2022-31279 vulnerability using a deserialization flaw in the Laravel PHP Framework, scans the files for credentials, runs them against the targeted server, and attempts to SSH using the Paramiko Python library. Read more
The Lazarus Group has launched a supply chain attack on 3CX, a VoIP service provider and distributed the Gopuram malware to its clients that include several cryptocurrency firms. The malware can harvest credentials, install backdoors, and download additional payloads. The attackers also used a multi-stage infection process, including a sophisticated DLL sideloading technique, to remain undetected by traditional security tools.
CISA has directed federal agencies to address a security flaw in Zimbra Collaboration software, which Russian hackers are exploiting to access the mailboxes of government officials. The Winter Vivern group used a vulnerability scanner to search for vulnerable ZCS servers, sent phishing emails to users, and took advantage of the CVE-2022-27926 vulnerability to launch a Cross-Site Request Forgery attack to steal credentials. CISA has added the vulnerability to its Known Vulnerability Catalogues and directed federal agencies to patch it until April 24. Read more
An ALPHV ransomware affiliate dubbed UNC4466 has been exploiting vulnerabilities in Veritas Backup software to gain initial access to target networks. The UNC4466 group deviates from typical intrusion methods that rely on stolen credentials and instead gains access to internet-facing Windows servers running Veritas Backup Exec using Metasploit. The attacker then uses Advanced IP Scanner and ADRecon to collect information about the compromised environment. Read more
Cloud storage provides convenience and flexibility, but it also poses a range of security challenges. It’s becoming increasingly important for decision makers to understand how to implement and manage enterprise cloud storage solutions effectively. Here are some practical tips and best practices for enterprise cloud computing that decision makers can use to maximize the benefits of cloud storage while ensuring enterprise cloud security. Read more
The "Money Message" ransomware gang is targeting businesses globally using various tactics to gain initial access, like exploiting vulnerable remote desktop services, spear-phishing emails, and deploying malware via a third-party service provider's software update mechanism. Once inside, they move laterally through the network, disable backup systems, delete Shadow Volume Copies and stop some processes and Windows services to evade detection. The gang demands ransoms ranging from tens of thousands to millions of dollars. Read more
70TB expandable up to 4PB Air-gaped & Immutable Veeam, Rubrik, Commvault, Site Recovery, Backup and DR appliance with Object Lockdown Technology for Ransomware protection for $7,995.
8-bay 2U Rackmount unit with 5x14TB Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and Native S3 cloud object storage.
All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are included.
For appliance demos, specifications, and quotes contact us.