Select Page
Slide 1

Weekly

Ransomware Roundup

Mar 27 - 31, 2023

Dark Power Ransomware Uses Sophisticated Encryption – Claims 10 victims in its First Month

Dark Power ransomware, which has hit 10 victims in its first month, uses AES-256 and RSA-2048 algorithms to encrypt files. It has two distinct versions, one using SHA-256 to hash the ASCII string and the other using a fixed 128-bit value as the encryption nonce. The attackers also threaten to publicly release data if the ransom is not paid. Read more

Critical Sudo Flaw Found in QNAP NAS Devices

Critical sudo flaw in QNAP NAS devices allows attackers to execute arbitrary code with root-level permissions. The flaw in the sudoers configuration file lets attackers bypass access controls and gain elevated privileges, affecting devices running firmware versions before 4.5.3. To mitigate the risk of exploitation, QNAP recommends updating to the latest firmware version, restricting access, and limiting sudo privileges to authorized users only. Read more

WooCommerce Payments Plugin Vulnerability Allows WordPress Site Takeover

WordPress's WooCommerce Payments plugin has a vulnerability that can allow attackers to take over a website by injecting and executing arbitrary code. The issue arises due to an improper implementation of the callback function, giving administrative access to the site. All versions of the plugin before version 1.1.3 are affected, and website administrators should update to the latest version to reduce the risk of exploitation. Read more

IcedID Malware Variants Change Tactics and Strengthens Payload Delivery

New IcedID malware variants are using social engineering tactics to deliver payloads, while using HTTP and HTTPS to communicate with C2 servers. Obfuscation techniques include encryption of configuration files and code packing to evade detection. Read more

Maximizing Data Protection with Cloud Backup and Recovery

Cloud backup services are crucial for maintaining business continuity and regulatory compliance as more companies move to the cloud. To ensure uninterrupted operations, businesses must prioritize safeguarding and restoring their data. Cloud backup solutions provide secure and scalable storage for critical information. Learn how to select and size cloud backup storage, and design a strategy that meets your organization's unique requirements. Read more

From Kimsuky to APT43: North Korea’s Cyber Warfare Capabilities on the Rise

North Korea's cyber warfare capabilities are increasing, with state-sponsored hacking group Kimsuky AKA APT43 behind recent attacks using spear-phishing campaigns and zero-day exploits to infiltrate organizations and steal data. Kimsuky targeted various sectors globally, including healthcare, pharmaceuticals, aerospace, and defense. The group is believed to have been behind a recent attack on South Korea's nuclear research agency. The North Korean government denies involvement in these attacks. Read more

Promo
Immutable & Air-Gapped Veeam Cloud Backup, DR, Replication, Spin-up in the cloud $10 Per TB

Veeam cloud immutable backup & disaster recovery (DR) with built-in automated policy-based air-gap technology, spin-up in the cloud for FastTrack recovery and enterprise-level ransomware protection starting at $10/TB per month.

Immutable or regular cloud storage for backup, archive documents, images, videos just like One-Drive, share and archive unstructured data starting at $5/TB per month.

24/7 Smart Protect plan available for your complete support needs. Pay Month-to-month, no long-Term contract. All Datacenters are Certified for CJIS, HIPAA, SOC 2, ISO 27001, PCI-DSS.

For appliance demos, specifications, and quotes contact us.

Slide 1

Weekly

Ransomware Roundup

Mar 20 - 24, 2023

Ferrari Hit by Ransomware Attack Exposing Customer Data

Ferrari was hit by a ransomware attack that exposed sensitive customer data. The attackers gained access by exploiting a vulnerability in an unpatched server, allowing them to deploy ransomware and exfiltrate sensitive data. Ferrari has not disclosed whether they paid the ransom, but they have taken steps to enhance their security measures and notify affected customers. The company has also launched an investigation into the incident and is working with cybersecurity experts to identify the extent of the attack and any stolen data. Read more

Amazon-Owned Ring Hit by LockBit Ransomware Attack, Customer Data Compromised

Amazon-owned Ring has suffered a LockBit ransomware attack, resulting in the compromise of customer data. The attackers gained access by exploiting a weak password, allowing them to access Ring's systems and exfiltrate data. The attackers used a phishing email to trick an employee into downloading malware onto their system. From there, the malware spread throughout Ring’s network. In response to the attack, Ring has launched an investigation and is working to enhance its security measures. Read more

Veeam Backup & Replication Software Vulnerability Exposes Credentials in Plaintext

Veeam's Backup & Replication (VBR) is now vulnerable to CVE-2023-27532, allowing attackers to breach backup infrastructure by stealing cleartext credentials and executing remote code as SYSTEM. Researchers have released a PoC exploit code that obtains cleartext credentials from the VBR configuration database, demonstrating cleartext credential extraction and arbitrary code execution. Veeam has released security updates for VBR V11 and V12 and advised customers using older releases to upgrade. For those unable to patch, blocking external connections to port TCP 9401 using the backup server firewall can provide a temporary fix. Read more

HinataBot: A New Botnet Capable of 3.3 Tbps DDoS Attacks

The newly discovered Hinatabot is capable of launching DDoS attacks with a staggering capacity of 3.3 Tbps. The botnet primarily targets web servers, using a combination of amplification techniques and multiple attack vectors to achieve its devastating impact. The attackers behind Hinatabot have demonstrated their technical expertise by implementing a unique protocol for communication between the botnet's components, which makes it more difficult for security professionals to detect the botnet. Read more

Saks Fifth Avenue Confirms Mock Data Stolen by Clop Ransomware Group

Saks Fifth Avenue has confirmed that the Clop ransomware group stole mock data from their systems. The attackers gained access by exploiting a zero-day vulnerability in a software application, enabling them to plant malware to exfiltrate data. The flaw, CVE-2023-0669, allows attackers to execute remote code on unpatched GoAnywhere MFT instances with an exposed administrative console. Saks Fifth Avenue states that the stolen data is not sensitive or valuable, and they have no intention of paying the ransom.
Read more

Enterprise Cybersecurity Solutions: Best Practices and Strategies for Data Protection

A cybersecurity breach can result in financial losses, reputational damage, legal consequences, operational disruptions, and put sensitive data at risk of theft or exposure. Cyber threats, including malware, ransomware, phishing attacks, social engineering, and insider threats, can be prevented with adequate cybersecurity measures in place. Read more

Promo
98TB Immutable & Air-Gapped Veeam Backup & DR appliance with 10 Veeam Backup Essential licenses for $9,995

98TB Fully Air Gapped and Immutable Veeam Backup and DR appliance with 10 Veeam Backup Essentials Annual Subscription License for $9,995.

10th Gen, 8-bay 2U Rackmount unit with 7x14TB (98TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Redundant Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, Dual 10Gb RJ-45 Ports, Fully Integrated SAN, NAS and optional S3 cloud storage.

All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.

For appliance demos, specifications, and quotes contact us.

Slide 1

Weekly

Ransomware Roundup

Mar 13 - 17, 2023

Euler Finance Hack Results in $197 Million Worth of Cryptocurrency Stolen

Euler Finance, a lending protocol, lost $197 million of digital assets in a flash loan attack. The attacker took $18.5M WBTC, $8.75M DAI, $33.85M USDC, and $135.8M stETH. The attackers use Tornado Cash, a sanctioned mixer, to launder the stolen funds. Researchers warn the exploit of flash loans and weakness in Euler's donation and liquidation system. Flawed logic enabled attackers to manipulate the conversion rate and profit from liquidation. Read more

CISA Adds Plex Vulnerability to Exploited List Following LastPass Breach

CISA added Plex Media Server vulnerability (CVE-2020-5741) to its flaw list. Attackers with admin access can execute arbitrary Python code remotely. LastPass breach likely used this. CISA also added VMware Cloud Foundation's CVE-2021-39144 to its exploited vulnerabilities list, urging organizations to patch. Read more

LA Housing Authority Affected by Lockbit Ransomware

HACLA warns of LockBit ransomware cyber-incident, causing a data leak. Hackers accessed sensitive information from January to December 2022, including personal identification numbers, financial and medical data. Ransom demands were not met, and hackers threatened to publish all stolen files. HACLA advised affected individuals to monitor accounts, place fraud alerts, and report identity theft incidents. Read more

BianLian Ransomware Group Switches to Data Theft for Extortion

BianLian ransomware group now threatens to leak victim data for ransom instead of just encrypting it. Using its custom backdoor to remotely access devices, BianLian listed 118 victim organizations on its extortion portal, most being US-based firms. The group points out legal and regulatory risks that victims may face if breaches become public. Researchers say that the attackers are improving their extortion skills by analyzing legal risks of victims. Read more

Guide to Sizing Your Enterprise SAN Appliance for Optimal Storage

Is your enterprise storage optimized for performance and scalability? If not, you could be wasting valuable resources and missing out on potential growth. StoneFly's latest blog offers a comprehensive guide for IT managers and storage administrators on sizing enterprise SAN appliances for optimal storage. Learn how to identify the right storage capacity, calculate IOPS and throughput requirements, and ensure data redundancy and availability. With StoneFly's expert guidance, you can ensure your enterprise storage is meeting your needs and maximizing your investments. Read more

Winter Vivern APT Hackers Use Fake Antivirus Scanners to Install Aperetif Malware

Winter Vivern, a pro-Russian APT group, has been targeting European government organizations and telecommunication service providers in a cyberespionage campaign. They use fake web pages resembling government agencies to distribute malicious files. They employ Windows batch files to impersonate antivirus scanners to download malicious payloads using PowerShell. The Aperetif payload is capable of automatic file scanning and exfiltration, taking screenshots, and sending all data to a hardcoded command and control server URL. Read more

Promo
192TB Immutable & Air-Gapped Veeam Backup & DR Appliance with 20 Veeam Backup Essential Licenses for $15,995

192TB Fully Air Gapped and Immutable Veeam Backup and DR appliance with 20 Veeam Backup Essential Annual Subscription Licenses for $15,995.

10th Gen, 12-bay 2U Rackmount unit with 12x16TB (192TB) Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Redundant Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, Dual 10Gb RJ-45 Ports, Fully Integrated SAN, NAS and optional S3 cloud storage.

All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.

For appliance demos, specifications, and quotes contact us.

Slide 1

Weekly

Ransomware Roundup

Mar 6 - 10, 2023

Researchers Publish Proof-of-Concept for Major Microsoft Excel Vulnerability

Microsoft Word has a severe vulnerability (CVE-2023-21716) that allows remote code execution without user interaction. The flaw is triggered by a heap corruption vulnerability in the RTF parser and can compromise the system by only loading the file in the Preview Pane. Microsoft has released security updates and workarounds to address the issue. Read more

Play Ransomware Gang Claims Attack on the City of Oakland and Leaks Data

Oakland was hit by a Play ransomware gang cyberattack that caused significant disruption to its IT systems, except for 911 dispatch, fire emergency services, and financial systems. The city has declared a local state of emergency and is unable to process online payments for business taxes and parking citations. The attack affected phone services, payment processing, report processing, and permit & license issuance. The Play ransomware gang is leaking confidential data, including passports and employee information. Read more

Hospital Clínic de Barcelona Systems Severely Impacted by RansomHouse Ransomware

The RansomHouse group targeted the Hospital Clínic de Barcelona in a ransomware attack, disrupting emergency services at three affiliated medical centers. The attack occurred in virtualized environments, limiting physician access to patient information and leading to postponed surgeries and cancelled appointments. Clínic de Barcelona has taken measures to minimize the impact of the attack. Read more

Phishing Campaign Targets Job Seekers and Employers

Cybercriminals are using job-themed phishing and malware attacks to target job seekers and employers, aiming to steal confidential data and infiltrate company systems. Phishing campaigns trick job seekers into disclosing personal information or login credentials, while malware infects devices. Cybercriminals also pose as job seekers to target employers with malware delivered via attachments or URLs disguised as resumes or IDs. Stolen documents such as Social Security numbers and driver's licenses are also used to enhance credibility. Read more

On-Premise Vs Private Cloud: Choosing the Right Infrastructure for Your Business Needs

Organizations need to choose the right cloud solution for their needs, with on-premise and private cloud being the two most common options. To make an informed decision, it's important to understand their differences. Explore the differences between on-premise and private cloud, including storage, computing, and security.

'Hiatus' Targets Corporate Networks for Cyberespionage

The "Hiatus" hacking campaign targets DrayTek Vigor routers, using a malicious bash script and malware named "HiatusRAT" to transform them into SOCKS5 proxies. This enables the threat actor to collect data and forward traffic from other infected devices through the breached router. The campaign has affected over 100 businesses in Europe, North America, and South America. Read more

Promo
100TB Veeam Backup and Disaster Recovery Appliance Fully Air-Gapped & Immutable

100TB fully air-gapped and immutable Veeam backup and disaster recovery (DR) appliance with object and file lockdown technology for ransomware protection & instant multi-VM recovery.

It is 2U, 8 Bay Rackmount unit with 6x16TB Enterprise SAS drives, 12 core Storage Virtualization Engine, 128GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and optional S3 cloud object storage.

Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.

For appliance demos, specifications, and quotes contact us.

Slide 1

Weekly

Ransomware Roundup

Feb 27 - Mar 3, 2023

CISA Alerts of Remote Code Execution Vulnerability in ZK Java Framework

CISA adds CVE-2022-36537 to "Known Exploited Vulnerabilities Catalog" for ZK Framework versions 8.6.4.1 to 9.6.1. Attackers exploit the vulnerability via POST requests to AuUploader component to access sensitive information. Backdoor found in 286 servers, March 20, 2023, is the deadline for security updates. Read more

PureCrypter Targets Government Organizations with Ransomware and Information Stealers

PureCrypter malware has targeted government organizations in Asia-Pacific and North America with ransomware and information stealers, including AgentTesla, Redline Stealer, Blackmoon, Eternity, and Philadelphia Ransomware. The attack starts with an email containing a Discord app URL leading to a password-protected ZIP archive housing PureCrypter malware. The campaign employs AgentTesla and XOR encryption to safeguard communications with the C2 server and uses process hollowing to avoid detection. Read more

Windows 11 Systems at Risk: BlackLotus UEFI Bootkit Malware Bypasses Secure Boot

BlackLotus, the first malware to bypass UEFI Secure Boot defenses, uses a security flaw called 'Baton Drop' to establish persistence and execute arbitrary code on Windows 11 systems. It has geofencing capabilities, disables security mechanisms, and communicates with a C2 server to fetch additional malware. BlackLotus is installed using CVE-2022-21894 and automatically executes on every system, deploying kernel drivers and running next-stage payloads. Read more

Advanced Hackers Target Containerized Apps in SCARLETEEL Campaign

SCARLETEEL campaign targets public-facing containerized web apps to infiltrate cloud services, exploit Kubernetes cluster vulnerabilities on AWS, deploy XMRig, perform AWS API calls, steal credentials and data, and attempt to disable CloudTrail logs. Read more

2022 Ransomware Attack Trend Report: Key Findings

Ransomware attacks are on the rise due to outdated IT infrastructure, sophisticated techniques, and the pandemic. Many organizations lack sufficient cybersecurity protocols, leading to alarming levels of attacks. Check out the 2022 ransomware statistics and trends in this overview. Read more

Winnti and Clasiopa Hackers Target Materials Sector in Asia with Atharvan and Lilith RAT

Researchers warn Asian materials sector of APT threat Winnti, active since 2007. Winnti targets two conglomerate subsidiaries using various tools. Clasiopa accessed Asian materials research organization by brute-forcing servers and used post-exploitation tools. Atharvan backdoor downloads files and communicates with C2 server, while modified Lilith RAT executes remote commands. Atharvan analysis suggests threat actor may be in India. Read more

Promo
80TB Veeam Backup and Disaster Recovery Appliance Fully Air-Gapped & Immutable

80TB Fully Air Gapped and Immutable Veeam Backup and DR appliance with Object Lockdown Technology for Ransomware protection & Instant multi VM recovery.

It is 2U, 8 Bay Rackmount unit with 8x10TB Enterprise SAS drives, 12 Core Storage Virtualization Engine, 128GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and optional S3 cloud object storage.

Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.

For appliance demos, specifications, and quotes contact us.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news, updates, and promotions from StoneFly.

Please Confirm your subscription from the email