Weekly
Mar 27 - 31, 2023
Dark Power ransomware, which has hit 10 victims in its first month, uses AES-256 and RSA-2048 algorithms to encrypt files. It has two distinct versions, one using SHA-256 to hash the ASCII string and the other using a fixed 128-bit value as the encryption nonce. The attackers also threaten to publicly release data if the ransom is not paid. Read more
Critical sudo flaw in QNAP NAS devices allows attackers to execute arbitrary code with root-level permissions. The flaw in the sudoers configuration file lets attackers bypass access controls and gain elevated privileges, affecting devices running firmware versions before 4.5.3. To mitigate the risk of exploitation, QNAP recommends updating to the latest firmware version, restricting access, and limiting sudo privileges to authorized users only. Read more
WordPress's WooCommerce Payments plugin has a vulnerability that can allow attackers to take over a website by injecting and executing arbitrary code. The issue arises due to an improper implementation of the callback function, giving administrative access to the site. All versions of the plugin before version 1.1.3 are affected, and website administrators should update to the latest version to reduce the risk of exploitation. Read more
New IcedID malware variants are using social engineering tactics to deliver payloads, while using HTTP and HTTPS to communicate with C2 servers. Obfuscation techniques include encryption of configuration files and code packing to evade detection. Read more
Cloud backup services are crucial for maintaining business continuity and regulatory compliance as more companies move to the cloud. To ensure uninterrupted operations, businesses must prioritize safeguarding and restoring their data. Cloud backup solutions provide secure and scalable storage for critical information. Learn how to select and size cloud backup storage, and design a strategy that meets your organization's unique requirements. Read more
North Korea's cyber warfare capabilities are increasing, with state-sponsored hacking group Kimsuky AKA APT43 behind recent attacks using spear-phishing campaigns and zero-day exploits to infiltrate organizations and steal data. Kimsuky targeted various sectors globally, including healthcare, pharmaceuticals, aerospace, and defense. The group is believed to have been behind a recent attack on South Korea's nuclear research agency. The North Korean government denies involvement in these attacks. Read more
Veeam cloud immutable backup & disaster recovery (DR) with built-in automated policy-based air-gap technology, spin-up in the cloud for FastTrack recovery and enterprise-level ransomware protection starting at $10/TB per month.
Immutable or regular cloud storage for backup, archive documents, images, videos just like One-Drive, share and archive unstructured data starting at $5/TB per month.
24/7 Smart Protect plan available for your complete support needs. Pay Month-to-month, no long-Term contract. All Datacenters are Certified for CJIS, HIPAA, SOC 2, ISO 27001, PCI-DSS.
For appliance demos, specifications, and quotes contact us.
Weekly
Mar 20 - 24, 2023
Ferrari was hit by a ransomware attack that exposed sensitive customer data. The attackers gained access by exploiting a vulnerability in an unpatched server, allowing them to deploy ransomware and exfiltrate sensitive data. Ferrari has not disclosed whether they paid the ransom, but they have taken steps to enhance their security measures and notify affected customers. The company has also launched an investigation into the incident and is working with cybersecurity experts to identify the extent of the attack and any stolen data. Read more
Amazon-owned Ring has suffered a LockBit ransomware attack, resulting in the compromise of customer data. The attackers gained access by exploiting a weak password, allowing them to access Ring's systems and exfiltrate data. The attackers used a phishing email to trick an employee into downloading malware onto their system. From there, the malware spread throughout Ring’s network. In response to the attack, Ring has launched an investigation and is working to enhance its security measures. Read more
Veeam's Backup & Replication (VBR) is now vulnerable to CVE-2023-27532, allowing attackers to breach backup infrastructure by stealing cleartext credentials and executing remote code as SYSTEM. Researchers have released a PoC exploit code that obtains cleartext credentials from the VBR configuration database, demonstrating cleartext credential extraction and arbitrary code execution. Veeam has released security updates for VBR V11 and V12 and advised customers using older releases to upgrade. For those unable to patch, blocking external connections to port TCP 9401 using the backup server firewall can provide a temporary fix. Read more
The newly discovered Hinatabot is capable of launching DDoS attacks with a staggering capacity of 3.3 Tbps. The botnet primarily targets web servers, using a combination of amplification techniques and multiple attack vectors to achieve its devastating impact. The attackers behind Hinatabot have demonstrated their technical expertise by implementing a unique protocol for communication between the botnet's components, which makes it more difficult for security professionals to detect the botnet. Read more
Saks Fifth Avenue has confirmed that the Clop ransomware group stole mock data from their systems. The attackers gained access by exploiting a zero-day vulnerability in a software application, enabling them to plant malware to exfiltrate data. The flaw, CVE-2023-0669, allows attackers to execute remote code on unpatched GoAnywhere MFT instances with an exposed administrative console. Saks Fifth Avenue states that the stolen data is not sensitive or valuable, and they have no intention of paying the ransom.
Read more
A cybersecurity breach can result in financial losses, reputational damage, legal consequences, operational disruptions, and put sensitive data at risk of theft or exposure. Cyber threats, including malware, ransomware, phishing attacks, social engineering, and insider threats, can be prevented with adequate cybersecurity measures in place. Read more
98TB Fully Air Gapped and Immutable Veeam Backup and DR appliance with 10 Veeam Backup Essentials Annual Subscription License for $9,995.
10th Gen, 8-bay 2U Rackmount unit with 7x14TB (98TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Redundant Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, Dual 10Gb RJ-45 Ports, Fully Integrated SAN, NAS and optional S3 cloud storage.
All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For appliance demos, specifications, and quotes contact us.
Weekly
Mar 13 - 17, 2023
Euler Finance, a lending protocol, lost $197 million of digital assets in a flash loan attack. The attacker took $18.5M WBTC, $8.75M DAI, $33.85M USDC, and $135.8M stETH. The attackers use Tornado Cash, a sanctioned mixer, to launder the stolen funds. Researchers warn the exploit of flash loans and weakness in Euler's donation and liquidation system. Flawed logic enabled attackers to manipulate the conversion rate and profit from liquidation. Read more
CISA added Plex Media Server vulnerability (CVE-2020-5741) to its flaw list. Attackers with admin access can execute arbitrary Python code remotely. LastPass breach likely used this. CISA also added VMware Cloud Foundation's CVE-2021-39144 to its exploited vulnerabilities list, urging organizations to patch. Read more
HACLA warns of LockBit ransomware cyber-incident, causing a data leak. Hackers accessed sensitive information from January to December 2022, including personal identification numbers, financial and medical data. Ransom demands were not met, and hackers threatened to publish all stolen files. HACLA advised affected individuals to monitor accounts, place fraud alerts, and report identity theft incidents. Read more
BianLian ransomware group now threatens to leak victim data for ransom instead of just encrypting it. Using its custom backdoor to remotely access devices, BianLian listed 118 victim organizations on its extortion portal, most being US-based firms. The group points out legal and regulatory risks that victims may face if breaches become public. Researchers say that the attackers are improving their extortion skills by analyzing legal risks of victims. Read more
Is your enterprise storage optimized for performance and scalability? If not, you could be wasting valuable resources and missing out on potential growth. StoneFly's latest blog offers a comprehensive guide for IT managers and storage administrators on sizing enterprise SAN appliances for optimal storage. Learn how to identify the right storage capacity, calculate IOPS and throughput requirements, and ensure data redundancy and availability. With StoneFly's expert guidance, you can ensure your enterprise storage is meeting your needs and maximizing your investments. Read more
Winter Vivern, a pro-Russian APT group, has been targeting European government organizations and telecommunication service providers in a cyberespionage campaign. They use fake web pages resembling government agencies to distribute malicious files. They employ Windows batch files to impersonate antivirus scanners to download malicious payloads using PowerShell. The Aperetif payload is capable of automatic file scanning and exfiltration, taking screenshots, and sending all data to a hardcoded command and control server URL. Read more
192TB Fully Air Gapped and Immutable Veeam Backup and DR appliance with 20 Veeam Backup Essential Annual Subscription Licenses for $15,995.
10th Gen, 12-bay 2U Rackmount unit with 12x16TB (192TB) Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Redundant Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, Dual 10Gb RJ-45 Ports, Fully Integrated SAN, NAS and optional S3 cloud storage.
All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For appliance demos, specifications, and quotes contact us.
Weekly
Mar 6 - 10, 2023
Microsoft Word has a severe vulnerability (CVE-2023-21716) that allows remote code execution without user interaction. The flaw is triggered by a heap corruption vulnerability in the RTF parser and can compromise the system by only loading the file in the Preview Pane. Microsoft has released security updates and workarounds to address the issue. Read more
Oakland was hit by a Play ransomware gang cyberattack that caused significant disruption to its IT systems, except for 911 dispatch, fire emergency services, and financial systems. The city has declared a local state of emergency and is unable to process online payments for business taxes and parking citations. The attack affected phone services, payment processing, report processing, and permit & license issuance. The Play ransomware gang is leaking confidential data, including passports and employee information. Read more
The RansomHouse group targeted the Hospital Clínic de Barcelona in a ransomware attack, disrupting emergency services at three affiliated medical centers. The attack occurred in virtualized environments, limiting physician access to patient information and leading to postponed surgeries and cancelled appointments. Clínic de Barcelona has taken measures to minimize the impact of the attack. Read more
Cybercriminals are using job-themed phishing and malware attacks to target job seekers and employers, aiming to steal confidential data and infiltrate company systems. Phishing campaigns trick job seekers into disclosing personal information or login credentials, while malware infects devices. Cybercriminals also pose as job seekers to target employers with malware delivered via attachments or URLs disguised as resumes or IDs. Stolen documents such as Social Security numbers and driver's licenses are also used to enhance credibility. Read more
Organizations need to choose the right cloud solution for their needs, with on-premise and private cloud being the two most common options. To make an informed decision, it's important to understand their differences. Explore the differences between on-premise and private cloud, including storage, computing, and security.
The "Hiatus" hacking campaign targets DrayTek Vigor routers, using a malicious bash script and malware named "HiatusRAT" to transform them into SOCKS5 proxies. This enables the threat actor to collect data and forward traffic from other infected devices through the breached router. The campaign has affected over 100 businesses in Europe, North America, and South America. Read more
100TB fully air-gapped and immutable Veeam backup and disaster recovery (DR) appliance with object and file lockdown technology for ransomware protection & instant multi-VM recovery.
It is 2U, 8 Bay Rackmount unit with 6x16TB Enterprise SAS drives, 12 core Storage Virtualization Engine, 128GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and optional S3 cloud object storage.
Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For appliance demos, specifications, and quotes contact us.
Weekly
Feb 27 - Mar 3, 2023
CISA adds CVE-2022-36537 to "Known Exploited Vulnerabilities Catalog" for ZK Framework versions 8.6.4.1 to 9.6.1. Attackers exploit the vulnerability via POST requests to AuUploader component to access sensitive information. Backdoor found in 286 servers, March 20, 2023, is the deadline for security updates. Read more
PureCrypter malware has targeted government organizations in Asia-Pacific and North America with ransomware and information stealers, including AgentTesla, Redline Stealer, Blackmoon, Eternity, and Philadelphia Ransomware. The attack starts with an email containing a Discord app URL leading to a password-protected ZIP archive housing PureCrypter malware. The campaign employs AgentTesla and XOR encryption to safeguard communications with the C2 server and uses process hollowing to avoid detection. Read more
BlackLotus, the first malware to bypass UEFI Secure Boot defenses, uses a security flaw called 'Baton Drop' to establish persistence and execute arbitrary code on Windows 11 systems. It has geofencing capabilities, disables security mechanisms, and communicates with a C2 server to fetch additional malware. BlackLotus is installed using CVE-2022-21894 and automatically executes on every system, deploying kernel drivers and running next-stage payloads. Read more
SCARLETEEL campaign targets public-facing containerized web apps to infiltrate cloud services, exploit Kubernetes cluster vulnerabilities on AWS, deploy XMRig, perform AWS API calls, steal credentials and data, and attempt to disable CloudTrail logs. Read more
Ransomware attacks are on the rise due to outdated IT infrastructure, sophisticated techniques, and the pandemic. Many organizations lack sufficient cybersecurity protocols, leading to alarming levels of attacks. Check out the 2022 ransomware statistics and trends in this overview. Read more
Researchers warn Asian materials sector of APT threat Winnti, active since 2007. Winnti targets two conglomerate subsidiaries using various tools. Clasiopa accessed Asian materials research organization by brute-forcing servers and used post-exploitation tools. Atharvan backdoor downloads files and communicates with C2 server, while modified Lilith RAT executes remote commands. Atharvan analysis suggests threat actor may be in India. Read more
80TB Fully Air Gapped and Immutable Veeam Backup and DR appliance with Object Lockdown Technology for Ransomware protection & Instant multi VM recovery.
It is 2U, 8 Bay Rackmount unit with 8x10TB Enterprise SAS drives, 12 Core Storage Virtualization Engine, 128GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and optional S3 cloud object storage.
Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For appliance demos, specifications, and quotes contact us.