Weekly
August 26th - 30th, 2024
The ARRL nonprofit was hit by a coordinated ransomware attack on May 15th that compromised their on-site and cloud systems running Windows and Linux. They paid the $1 million ransom demand after tense negotiations and now offer credit monitoring while establishing an IT security committee to prevent future attacks. Read more
The BlackSuit ransomware group breached Young Consulting on April 10th, exfiltrating personal data of 954,177 individuals like names, SSNs, DOBs and insurance details over 3 days before encrypting systems. The data exposure includes business contracts, employee passports and financial audits from Young Consulting's compromised network. Read more
A cyberattack on August 25th disrupted Sea-Tac airport operations like baggage handling, terminal screens and boarding passes by compromising their network. Services remained down for days, resulting in thousands of missing bags and flight delays. Read more
The RansomHub group exploited Patelco's network on May 23rd to steal data of 726k customers like Full name, Social Security number (SSN), Driver’s license number, DOB and Email address and published it on August 15th. Patelco offered credit monitoring and warned customers of the risks of phishing, engineering and scams after the two week service shutdown to contain the breach. Read more
Software as a Service (SaaS) solutions have become the backbone of countless industries. From automotive and finance to education and healthcare, these platforms offer efficiency, convenience, and a wealth of features. However, a critical vulnerability lurks within many SaaS environments: single points of failure (SPoFs). When an SPoF in a SaaS platform is compromised, the impact can be widespread, affecting all users and leading to significant disruptions. Read more
Key French government websites face DDoS attacks in protest against Pavel Durov's arrest, which led to outrage online. DDoS attacks flood targeted servers with traffic to cripple accessibility. Durov's detention for charges including laundering and fraud sparked global concerns and a decline in associated cryptocurrencies like Toncoin. Read more
Add disaster recovery (DR) to your Wasabi or better, upgrade to Wasabi with air-gapped and immutable Plus disaster recovery.
Protect your valuable assets, minimize downtime, restore to the cloud while performing forensics. Cleanup, secure safe available resources, and restore your on-prem.
This also qualifies you for the Protection Plus program, which provides continuous monitoring and Professional Services to optimize and protect you against Ransomware.
For details, contact us.
Weekly
August 19th - 23rd, 2024
US chipmaker Microchip Technology detected a cyberattack on August 17th comprising its IT systems, subsequently confirming unauthorized access on August 19th. Isolating impacted systems caused manufacturing facilities to operate at less than normal levels, disrupting order fulfillment. The tactics and techniques used in the attack are still unknown. Read more
A threat actor claiming to be ZeroSevenGroup hacked a US branch of Toyota and stole 240GB of files from a backup server containing customer, employee, and financial data on December 25. This included credentials used to further exploit Toyota's network infrastructure using ADRecon. Toyota confirmed a third-party entity processed by them was compromised, impacting an unknown number of customers. Read more
CISA issued a warning regarding a critical RCE vulnerability (CVE-2024-23897) in widely used automation server Jenkins, allowing attackers to execute malicious code via CLI. Threat actors like IntelBroker have exploited this bug to breach organizations. Federal agencies must patch vulnerable Jenkins servers in 3 weeks as the bug is actively being used in ransomware attacks disrupting operations. Read more
Hackers breached CannonDesign's network between January 19-25 2023, deploying the Avos Locker ransomware and stealing over 5.7TB of sensitive data including client PI, projects details, IT infrastructure records. After failing to extort payment, the Avos Locker gang published the stolen data on hacking forums and leak sites in September 2023 and February 2024, impacting over 13,000 clients. Read more
Qilin ransomware uses Golang and Rust for high performance and evasion. Learn how it encrypts files while also stealing data, and how it targets healthcare and education. Discover strategies to protect critical data like user awareness training, backups and patching. Ensure your systems are secure from this evolving threat - check out the full blog to up your ransomware prevention game. Read more
The city of Flint, Michigan fell victim to a ransomware attack on August 14th, believed to be LockBit, which compromised its internal network and internet access, crippling online services. Residents could not pay bills or access information online, disrupting essential services at a sensitive time amid an ongoing water crisis. IT is working with the FBI and experts to investigate and recover data. Read more
60TB Hyper-V Dual Controller Server with Unlimited VMs. SAN Management Storage Concentrator Virtual machine that Includes iSCSI Base OS, Advanced Features with Snapshot & Synchronous Replication, Thin Provisioning, Supports up to 200 iSCSI Hosts for $9,850.
Single Node, 12 cores, NVME for OS, Unlimited VMs license on each node, 12GB RAM on each node, Dual 10G network port on each node, Enterprise SAS Hardware RAID controller. 960GB PCI-E Based NVMe SSD for Virtualization and Storage Engine. 800W Redundant Hot-Swappable Power Supply. 1 Year Warranty and Support included.
For details, contact us.
Weekly
August 12th - 16th, 2024
AutoCanada, a large Canadian automotive retailer, disclosed being impacted by a ransomware attack. The ransomware infiltrated their IT networks and systems, potentially disrupting operations and accessing sensitive business and customer data. The attack has strained AutoCanada's infrastructure as they work to restore services and evaluate improving network defenses. This incident comes after recent outages from their supplier CDK, also due to ransomware. Read more
A class action lawsuit has been filed against a background check company alleging their failure to properly secure the personally identifiable information of billions of individuals collected from non-public sources. This supposedly led to a massive data breach where a threat actor claimed to have placed a database containing names, addresses, social security numbers and relatives' information from 2.9 billion US citizens for sale online after leaking it. Read more
The Ohio School Board Association (OSBA), which provides critical support services to over 700 Ohio school districts, discovered their network and systems were infiltrated by ransomware which disrupted operations right before the new school year. They had to immediately cut internet access and retained specialists to investigate the attack which could impact school board advocacy, training and resources. Read more
Cybersecurity researchers uncovered a targeted campaign dubbed "EastWind" conducted by APT31 and APT27 against Russian government agencies and IT companies utilizing multi-staged malware implantation tactics via phishing emails. They deployed customized backdoors, trojans and payloads like "GrewApacha", "CloudSorcerer" and an undisclosed backdoor named "PlugY" to infiltrate networks while avoiding detection. Read more
Zero days stealthily exploit unknown flaws to slip past defenses. These invisible assassins derived from undetected vulnerabilities within software, hardware or firmware remain unpatched. Through weaponization and hijacking systemic functions, attackers easily execute their malicious payload. Zero days pose a serious threat, so read our blog to uncover how these silent threats operate and strengthen your protections. Read more
Large Australian gold miner Evolution Mining announced it detected ransomware on its IT systems on August 8th, disrupting operations. They promptly engaged forensic experts to investigate and contain the situation with no material impact expected. The details of the ransomware variant or attack vector used were not disclosed,. Read more
60TB Hyper-V Dual Controller Server with Unlimited VMs. SAN Management Storage Concentrator Virtual machine that Includes iSCSI Base OS, Advanced Features with Snapshot & Synchronous Replication, Thin Provisioning, Supports up to 200 iSCSI Hosts for $9,850.
Single Node, 12 cores, NVME for OS, Unlimited VMs license on each node, 12GB RAM on each node, Dual 10G network port on each node, Enterprise SAS Hardware RAID controller. 960GB PCI-E Based NVMe SSD for Virtualization and Storage Engine. 800W Redundant Hot-Swappable Power Supply. 1 Year Warranty and Support included.
For details, contact us.
Weekly
August 5th - 9th, 2024
Ticketmaster alerted customers of a ransomware occurrence that compromised databases with contact and financial information. This ignited a blizzard of fury on online platforms as customers questioned shelling out expensive service charges that doesn’t even guarantee fundamental encryption of their sensitive info. Others complained of financial losses. Read more
An infamous hacker collective ‘USDoD’ infiltrated the deficient security protections of a background screening firm, plundering over 277GB of sensitive personal info belonging to 2.9 billion people. Due to the company's negligent failure to safeguard such an immense trove of private user data, a class action lawsuit now seeks damages and remedies for impacted individuals. Read more
The publishing firm Kadokawa found out more than a quarter million client records were revealed after cybercriminals infiltrated interior systems using stolen login credentials. They achieved access to a department's databases and purloined names, contact information, monetary particulars and academic histories - some of which ended up distributed publicly online. Read more
The judge turned down WhatsApp's petition to question extra NSO Group executives in Israel or secure added documents concerning use of Pegasus hacking tools on WhatsApp. While WhatsApp argued three leaders' statements were lacking, the judge decided their testimony sufficiently illuminated company operations. This bars WhatsApp from uncovering supplementary technical specifics relating to security breaches. Read more
Ransomware is laying siege to automakers, attacking sensitive data and crippling production. From encrypted IP to disrupted supply chains, these hackers deal critical damage. AI and immutable backups provide the best defense, rapidly detecting anomalies and restoring operations. Learn how the automotive industry can defend against ransomware attacks and secure their networks. Read more
The ransomware group ‘Hunters International’ is focusing on technical professionals through SharpRhino malware downloaded from a duped IP address lookup website. It abuses PowerShell to stealthily run payloads and executes scripts altering system settings, making folders for command connections, and permitting actions like launching a calculator. It also tries to gain elevated access before encryption. Read more
60TB Hyper-V Dual Controller Server with Unlimited VMs. SAN Management Storage Concentrator Virtual machine that Includes iSCSI Base OS, Advanced Features with Snapshot & Synchronous Replication, Thin Provisioning, Supports up to 200 iSCSI Hosts for $9,850.
Single Node, 12 cores, NVME for OS, Unlimited VMs license on each node, 12GB RAM on each node, Dual 10G network port on each node, Enterprise SAS Hardware RAID controller. 960GB PCI-E Based NVMe SSD for Virtualization and Storage Engine. 800W Redundant Hot-Swappable Power Supply. 1 Year Warranty and Support included.
For details, contact us.