Weekly
July 29th -Aug 2nd, 2024
Microsoft warns that ransomware groups are actively exploiting a VMware ESXi vulnerability tracked as CVE-2024-37085 to escalate privileges on hypervisors. This allows adding users to the 'ESX Admins' group to gain full access . Storm ransomware operations were observed leveraging this technique in attacks using Black Basta and Akira ransomware variants after compromising an engineering firm's network via Qakbot and credential theft. Read more
The Casper Network team discovered a significant security breach on July 29, 2024, and worked with validators to immediately halt the blockchain at block 3,329,418. They are actively working to identify the root cause and develop a solution. No patch is available yet for the vulnerability. All transactions are frozen until the vulnerability is patched. Read more
OneBlood, a large blood donation center, fell victim to a ransomware attack over the weekend. The ransomware encrypted the critical VMware ESXi servers hosting their systems. This severely disrupted software used for blood collection, testing and distribution across their network. OneBlood is working to restore functionality while relying on manual processes, with over 250 hospitals now facing blood shortages. Read more
HealthEquity disclosed a breach on July 2nd after threat actors stole sensitive health and personal details of 4.3 million individuals from an external unstructured database by exploiting compromised credentials of a partner on March 9th. Stolen information included names, addresses, SSNs, payment data and was confirmed on June 26th. HealthEquity terminated access and is notifying those impacted by August 9th with credit monitoring. Read more
Zero-days are undocumented software flaws cybercriminals secretly weaponize. These silent threats bypass defenses until patched, leaving networks defenselessly exposed. Read more about detecting and preventing these stealthy exploits-turned-weapons. Read more
The pharmaceutical giant Cencora disclosed that a ransomware attack in February exposed protected health info and personal details of patients. The hackers breached Cencora's systems and exfiltrated personally identifiable info and protected health info maintained for drug distribution and patient support services partner companies. Major pharmaceutical partners of Cencora like Novartis, Bayer and others notified patients whose names, addresses, health records and prescriptions were stolen. Read more
168TB, upgradable to 720TB, enterprise SSO NAS appliance with air- gap and immutable delta-based snapshots for ransomware protection plus Support for Unlimited NAS Clients, bunch of data services and built-in S3 cloud connect for $13,995.
36 Bay, 3U Rackmount unit with 12x14TB Enterprise SAS drives, 12 Core Storage Virtualization Engine, 64GB System Memory, 960GB PCI-E Based NVMe SSD for Storage Engine, Dual 10Gb RJ-45 Ports, 1200W Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. 1 Year Warranty and Support included.
All Enterprise data Services such as Snapshot, Tiering, Encryption, Sync & Async, Replication, Supports CIFS/SMB and NFS, Cloud Connect to Azure Hot / Cool Blob / AWS-S3, Erasure Coding are included.
For details, contact us.
Weekly
July 22nd - 26th, 2024
The Land Registry agency in Greece announced that it had endured a data security incident after facing over 400 cyberattacks on its IT systems in recent days. Hackers compromised employee terminals during the sustained attacks and stole some internal documents and records containing no personal citizen information. The agency revealed that daily backups prevented further data loss and no ransomware was involved. Read more
Threat actors took advantage of the disruptions caused by CrowdStrike's faulty software update to distribute malware and data wiping tools via phishing emails impersonating the security vendor. Researchers observed campaigns distributing a fake CrowdStrike hotfix that installed Remcos RAT and a data wiping malware file under the guise of an urgent CrowdStrike update. Read more
Cybersecurity researchers discovered a new Play ransomware variant for Linux designed to encrypt multiple virtual machines simultaneously on ESXi servers. It checks for ESXi servers to encrypt VM disks, files and metadata with ".PLAY" extensions, automating the encryption of entire infrastructures on compromised single servers. Read more
An outage on September 6 at Microsoft and CrowdStrike interrupted updates on about 8.5 million Windows devices globally. The outage was caused due to a buggy certificate expiration check that failed, blocking devices from connecting to Microsoft update servers. This impacted device patching, scanning, and other automated processes that rely on a connection to the Microsoft update infrastructure. The outage window lasted around 3 hours before connections were restored. Read more
Akira ransomware infects systems through phishing emails and exploiting vulnerabilities. It encrypts files and exfiltrates data for double extortion. Recent attacks show its widespread reach and ability to cripple critical infrastructure. Read this blog to learn how to protect your data and enable seamless recovery from ransomware variants like Akira. Read more
A major IT contractor for the US Department of Defense, Leidos, suffered a data breach when a third-party vendor they used for internal investigations storage, Diligent Corp, was breached in late 2022. Threat actors are now claiming to have leaked internal documents from Leidos servers containing sensitive projects and contracts with the Pentagon. While customer data was not impacted, experts are concerned documents could provide insights to adversaries about vulnerabilities, plans or technical details. Read more
300TB upgradable to 720TB Veeam, Rubrik, Commvault, HYCU, Cohesity Fully automated Immutable and Air-gapped Backup & DR Appliance with Block, Object and File lockdown, incremental and full Snapshots, Replication, instant Multi-VM Recovery and more for $17,995.
36 Bay, 3U Rackmount unit with 22x14TB Enterprise SAS drives, 12 Core Storage Virtualization Engine, 128GB System Memory, 960GB PCI-E Based NVMe SSD for Virtualization and Storage Engine, Dual 10Gb RJ-45 Ports, 1200W Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. 1 Year Warranty and Support included.
Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For details, contact us.
Weekly
July 15th - 19th, 2024
In June 2024, a ransomware attack breached pharmacy chain Rite Aid, compromising personal information of 45 million customers. The RansomHub ransomware group claims to have stolen sensitive information including names, addresses, IDs and loyalty numbers. Rite Aid is in the process of notifying affected users. Read more
A ransomware attack on Dallas County exposed data of over 200,000 people, including health records and social security numbers. The county has notified victims about the breach involving various county departments. Read more
In May, a cyberattack on nonprofit Loretto resulted in a breach of sensitive data, including PII and health records, of thousands of individuals. Loretto is investigating the incident and has warned that the healthcare sector remains a top target for hackers. Read more
The carrier investigated reports of a hacker selling what they claimed to be personal information of 4 million U Mobile customers. However, U Mobile determined the data originated from a much larger 2014 breach that affected over 46 million Malaysians across various organizations. While authorities are still reviewing the details, U Mobile emphasizes their own systems haven't been compromised in this recent incident. Read more
Zero-day exploits are like uninvited guests at the digital party – unexpected and potentially dangerous. These unknown vulnerabilities can wreak havoc on your data security, leaving traditional defenses scrambling. This blog post delves into the world of zero-day exploits, exploring how they work, the risks they pose, and most importantly, how you to fortify your defenses. Read more
Yacht retailer MarineMax revealed a data breach affecting over 123,494 customers. An investigation found unauthorized access occurred between March 1-10, 2024. The hack came to light after the ransomware group Rhysida claimed responsibility, potentially by posting stolen data. Read more
File Gateway to Azure, AWS or any other S3 compatible cloud or StoneFly private cloud, Archiving high volumes of data with Immutable Gateway for $2 per TB/month.
Connect to S3 cloud & map it to your servers, applications or Backup & DR systems. It supports multiple protocols including NFS, CIFS/SMB.
Install StoneFly virtual Smart cloud Gateway on your hypervisor or get the hardware gateway appliance and use it as File cloud storage.
For details, contact us.
Weekly
July 8th - 12th, 2024
Recently, cloud services provider OVHcloud revealed that they mitigated a DDoS attack in April 2024 that set a new record of 840 million packets per second. The company observed attack sizes increasing from 2023, with some surpassing 1 terabit per second. The investigation found extensive exploitation of compromised MikroTik router models. Read more
On July 4th, the hacking group ‘ObamaCare’ disclosed a collection dubbed "RockYou2024" holding almost 10 billion unique plaintext passwords. Experts warn this constitutes the largest password leak in history. While some question the real risk, it serves as an important reminder about the dangers of password reuse. Read more
A new ransomware group called Volcano Demon has been targeting organizations using the LukaLocker ransomware variant and calling victims directly to demand ransom payments. This novel phone-based extortion approach increases risks and challenges for incident response. The ransomware utilizes evasion methods and the group threatens data leaks if unpaid. Read more
The body governing Formula 1, International Automobile Federation (FIA), disclosed affecting a large number of individuals after hackers compromised two email accounts through phishing. The breach exposed personal data of drivers, teams and others. Details like scope and data involved remain under investigation. Read more
Qilin ransomware leverages advanced programming languages like Golang and Rust to efficiently operate within systems and evade detection. It employs double extortion tactics and targets critical sectors. This blog outlines Qilin's techniques, adaptability, and the risks it poses. Learn more about how to defend against its customization abilities and evolving strategy through proactive security best practices. Read more
Hackers publicized 166,000 Taylor Swift concert barcode tickets after Ticketmaster failed to pay a $2 million ransom demand. The same hackers previously stole data from Snowflake and Ticketmaster, and are threatening to leak more user records and 30 million event barcodes. Ticketmaster disputes the leaked barcodes can be used but privacy risks remain. Read more
200TB Veeam, Rubrik, Commvault fully automated immutable and air-gapped backup & DR appliance with object lockdown, file lockdown, incremental and full snapshots, replication, and instant multi-VM recovery for $14,995.
It is 2U, 12 Bay, Rackmount unit with 11x18TB Enterprise SAS drives, 12 Core Storage Virtualization Engine, 128GB System Memory, 960GB PCI-E Based NVMe SSD for Virtualization and Storage Engine, Dual 10Gb RJ-45 Ports, 800W Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. 2 hours of Professional Services for Remote Installation, Configuration, Testing and Training. 1 Year Silver Support service from ship date.
Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For details, contact us.
Weekly
July 1st - 4th, 2024
The BlackSuit ransomware group said they were responsible for crippling KADOKAWA, a major Japanese media company, with a ransomware attack last month that took many of its websites and services offline, including the popular video sharing site Niconico. Nearly three weeks later, the company is still working to restore affected systems and resume normal operations. Read more
Credit union Patelco fell victim to a ransomware attack over the weekend that forced it to shut down online banking and mobile apps. The Patelco data breach locked more than 500,000 members out of their accounts, leaving them unable to access funds or make payments. As of Monday, most customers were still without access to their accounts as Patelco worked urgently to restore systems in its "top priority" response. Read more
Remote access firm TeamViewer acknowledged it was hacked by the Russian state-backed group Cozy Bear, also known as APT29. Hackers exploited employee credentials to access the corporate network but did not obtain any customer data. The complete impact of the intrusion is still unclear. Read more
Healthcare provider Geisinger announced a data breach after finding a former employee of IT vendor Nuance had unauthorized access to patient records. The breach exposed names, addresses, medical details and more of potentially over 1 million Geisinger patients. Geisinger is notifying patients and a class action suit is on its way. Read more
Qilin ransomware leverages advanced programming languages like Golang and Rust to efficiently operate within systems and evade detection. It employs double extortion tactics and targets critical sectors. This blog outlines Qilin's techniques, adaptability, and the risks it poses. Learn more about how to defend against its customization abilities and evolving strategy through proactive security best practices. Read more
Financial services company Prudential updated details on a February data breach, revealing over 2.5 million customers were impacted, significantly more than originally estimated. The ALPHV ransomware group said they were responsible for stealing names, IDs, and credentials. Individuals are advised to monitor accounts and reports for fraud. Read more
56TB Fully Air Gapped and Immutable Veeam Backup and DR appliance with Object Lockdown Technology for Ransomware protection & Instant multi VM recovery… last 3 Units on half price!
Its 2U, 8 Bay Rackmount unit with 4x14TB Enterprise SAS drives, 12 Core Storage Virtualization Engine, 128GB System Memory, 1TB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, 1 Year Warranty & Support with 2 hours of professional services included.
This powerful 56TB DR365V Backup and DR appliance leverages Veeam-integration using the built-in Air-Gapped network, power management controller repository and storage controller using fully automated and Veeam integrated isolation technology.
Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For details, contact us.