Weekly
August 22 - 26, 2022
The Instituto Agrario Dominicano (IAD) has suffered a Quantum ransomware attack that encrypted multiple services and servers throughout the government agency. Four physical and eight virtual servers were affected and most of the information, including databases, email and applications, was compromised. The IAD has told local media that they only had basic security software on their systems, such as antivirus, and lack a dedicated security department. The attackers have asked for more than six hundred thousand dollars in ransom and have threatened to leak sensitive data. Read more
Hackers responsible for a string of recent cyberattacks, including those on Twilio, MailChimp, and Klaviyo, compromised over 130 organizations in the same phishing campaign. The campaign used a phishing kit codenamed '0ktapus' and stole 9,931 login credentials that were used to gain access to corporate networks and systems through VPNs and other remote access devices. Identity credentials and 2FA codes were also stolen from Okta, which is an identity-as-a-service (IDaaS) platform, and were used to carry out subsequent supply chain attacks on customers using these services, like Signal and DigitalOcean. Read more
RansomEXX group, notorious for attacking high-profile companies like GIGABYTE, has claimed yet another victim “Bombardier Recreational Products”. After the attack, BRP informed the public of a temporary halt of all operations that impacted production and caused delays in transactions with customers and suppliers. The company confirmed that the hackers breached its systems via a supply chain attack. Shortly after, the RansomEXX gang listed BRP on its leak site along with 29.9GB of files allegedly stolen from the firm. They also provided samples that included non-disclosure agreements, passports and IDs, material supply agreements, and contract renewals.
Read more
Password management software firm “LastPass”, having more than 30 million users and 85,000 business customers worldwide, has suffered a data breach that led to the theft of source code and technical information. The unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of the source code and some proprietary LastPass technical data. However, LastPass stores sensitive data like passwords in 'encrypted vaults' that can only be decrypted using a customer's master password, which LastPass says was not compromised in this cyberattack. Read more
Immutable storage follows the Write-Once Read-Many (WORM) framework to prevent changes and modifications to critical data for a user-defined retention period. This protects mission-critical backups, file/S3 object data from ransomware since this data cannot be maliciously encrypted. Learn how you can use a Veeam-ready backup and disaster recovery (DR) appliance to set up policy-based and automated onsite and cloud-based immutable storage. Read more
The Center Hospitalier Sud Francilien (CHSF), a hospital in Paris, has suffered a ransomware attack over the weekend. The attack disrupted the emergency services and surgeries and forced the hospital to refer patients to other healthcare service providers. The security breach forced hospital staff to return to paper and pen as it affected the hospital’s software, the storage systems (in particular medical PACS imaging) and the information systems relating to patient admissions. Threat actors demand a $10 million ransom for the decryption key. Sources confirmed that the attack was launched by an affiliate of LockBit 3.0 RaaS.
Read more
1PB, expandable up to 4PB, fully air-gapped and immutable Veeam-ready backup and disaster recovery appliance with file and object Lockdown technology for ransomware protection & instant multi-VM recovery for $995/month in a 5-year term.
Fully Populated 1U, 4 bay head unit plus 60-bay 4U JBOD all filled with total of 64x16TB (1,024 TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 64GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and optional S3 cloud object storage.
Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For demos and hardware details, contact us.
Weekly
August 08 - 12, 2022
The Zimbra security vulnerability is being actively exploited to compromise Zimbra Collaboration Suite (ZCS) email servers worldwide. Attackers are abusing a ZCS remote code execution flaw, tracked as CVE-2022-27925, with the help of an authentication bypass bug, tracked as CVE-2022-37042. Successful exploitation allows the attackers to deploy web shells on specific locations of the compromised servers to gain persistent access. Experts have identified over 1,000 ZCS instances backdoored and compromised. Zimbra has advised patching versions older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26. Read more
Cisco confirmed a cyberattack after threat actors infiltrated an employee's personal Google account that contained passwords synced from web browser. The attacker attempted to bypass multi-factor authentication (MFA) using voice phishing and MFA fatigue. Upon establishing initial foothold, the attacker escalated to administrative privileges to login to several systems including Citrix servers and domain controller using the exploit identified as CVE-2022-24521. The attacker then stole credentials and registries, cleared system logs to cover their tracks, and made changes to host-based firewall configurations to enable RDP access to systems. The attacker claimed to have stolen 2.75GB of data, consisting of non-disclosure agreements, data dumps, and engineering drawings. Read more
A high-severity Palo Alto Networks denial-of-service (DoS) vulnerability has been exploited by cybercriminals looking to launch DDoS attacks, and several of the affected products won't have a patch until next week. The vulnerability, tracked as CVE-2022-0028, received an 8.6 out of 10 CVSS score, and it affects PAN OS, the operating system in Palo Alto Networks' network security products. The bug is caused by a URL filtering policy misconfiguration that could allow an external attacker with network access to conduct reflected and amplified TCP denial-of-service attacks. Read more
Is Fibre Channel (FC) Storage Area Network (SAN) protocol actually faster than iSCSI? Why are most storage vendors so fixated on FC SAN when iSCSI SAN make up most govt. and corporate data centers? Both SAN protocols have their pros and cons, making it worthwhile to take a minute and learn the differences between the two; especially if you’re looking to set up a new SAN environment, or replace/expand an existing one. Read more
VMware has warned its customers of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw, tracked as CVE-2022-31656, in multiple products. The proof-of-concept (PoC) reveals that a malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. Read more
An automotive supplier had its systems breached and files encrypted by LockBit, Hive, and ALPHV/BlackCat affiliates network on April 20, May 1, and May 15, respectively. LockBit and Hive distributed their payloads using the PsExec and PDQ Deploy tools within two hours to encrypt and exfiltrate data on more than a dozen systems. Two weeks later, a BlackCat threat actor also connected to the same compromised server and installed the Atera Agent remote access solution and gained persistence on the network while exfiltrating data. Within half an hour, BlackCat delivered its payloads on the network using PsExec to encrypt six machines after moving laterally through the network using compromised credentials. Read more
70TB, expandable up to 4PB, Air-gapped & Immutable Veeam, Rubrik, Commvault, Site Recovery, Backup and DR appliance with Object Lockdown Technology for Ransomware protection for $7,995.
8-bay 2U Rackmount unit with 5x14TB Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and Native S3 cloud object storage.
All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are included.
For demos and hardware details, contact us.
Weekly
August 01 - 05, 2022
Unknown attackers have targeted Russian entities with a new malware - Woody RAT, that allows controlling and stealing information from compromised devices remotely. The malware is delivered via phishing emails by either ZIP files containing the payload or "Information security memo" documents that exploit the Follina vulnerability. RAT uses RSA-4096 and AES-CBC to escape network-based monitoring and injects itself into a notepad process subsequently deleting itself to evade detection. The malware can collect system information, list folders and running processes, execute commands and files received from its command-and-control server, download, upload, and delete files, and take screenshots. Read more
Dozens of hackers jointly attacked the cross-chain crypto bridge Nomad to steal nearly $200 million in digital assets. Experts say that the attack occurred after Nomad updated its smart contracts and inadvertently made it easy to spoof transactions by failing to verify the amount of digital assets being exchanged. A bug that caused improper initialization function on Nomad allowed transaction messages to be validated immediately instead of going through the verification process. Attackers misused this vulnerability to broadcast fake messages, validating all requests for funds transfer by default and drained the assets. The attackers stole at least $190.7 million and laundered at least $6 million via cryptocurrency mixer Tornado Cash. Read more
A cyberattack caused government portal e-Albania to go offline along with the government’s websites. The attack involved a new ransomware family dubbed Roadsweep, that uses the RC4 stream cipher to maliciously encrypt files, a spyware called Chimneysweep, and possibly a new variant of Zeroclear wiper malware. Zeroclear corrupts the file system using RawDisk which is a legitimate commercial driver used for interacting with files, disks and partitions while Chimneysweep allow key logging and is capable of taking screenshots, listing and collecting files and spawning a reverse shell. Read more
On-premise disaster recovery appliances provide secondary site with faster recovery, no latency issues, and more control while cloud DR is scalable, offsite, partially/fully managed, and affordable - making them suitable for different requirements, and budgets. But which one is best for your projects and budget? Read our blog where we explain on-premise vs cloud disaster recovery to help you choose the right solution for your mission-critical workloads.
A phishing campaign is targeting corporate users including fintech, lending, accounting, insurance, and Federal Credit Union organizations in the US, UK, New Zealand, and Australia. The threat actors are using the adversary-in-the-middle (AiTM) technique to bypass multi-factor authentication. AiTM allows the attacker to intercept the authentication process between the client and the server to steal credentials during the exchange, thus stealing MFA details. Threat actors are leveraging tools like Evilginx2, Muraena, and Modilshka for AiTM execution and online code editing services such as CodeSandbox and Glitch to Open Redirect pages hosted by Google Ads and Snapchat, to host redirection URL code for evading corporate email URL analysis. Read more
An overnight attack on the Solana blockchain platform drained thousands of software wallets of cryptocurrency worth millions of U.S. dollars. While there is no definitive answer at the moment about how the wallets were drained, various blockchain security experts believe it to be a supply chain attack, a browser zero-day flaw, or a faulty random number generator used in the key generation process. Another explanation is a nonce reuse bug, which enables the threat actors to recover secret keys, as long as a signature and the nonce is publicly exposed. Read more
32TB expandable up to 4PB Air-gaped & Immutable Veeam, Rubrik, CommVault, Site Recovery, Backup and DR appliance with Zero Trust, SAN-NAS and S3 Object Lockdown Technology for Ransomware protection for $5,995.
Gen 10, 4bay 1U Rackmount unit with 2x16TB Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and Native S3 cloud object storage.
All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are included.
For demos and hardware details, contact us.