Weekly
Nov 27 - Dec 01, 2023
In the wake of the October 2023 breach, Okta has uncovered additional threat actor activity affecting its support case management system. The breach exposed customer support user names and email addresses for Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers, excluding specific environments. Read more
Rivers Casino Des Plaines faced a months-long, undetected cyber-attack, compromising social security numbers, driver’s licenses, tax IDs, and passports. The stolen information includes emails, phone numbers, addresses, and birth dates. Read more
India's National Aerospace Laboratories (NAL) faces a severe cybersecurity challenge as the LockBit ransomware group claims responsibility for an attack. The notorious Ransomware-as-a-Service group sets a deadline of December 18, 2023, and threatens data exposure if demands are not met. Read more
General Electric (GE) is under investigation for a cyberattack on its development environment. IntelBroker, the threat actor, attempted to sell unauthorized access to GE's infrastructure and data, including DARPA-related military information. Initially priced at $500, the offer expanded to include stolen data. IntelBroker substantiated claims with screenshots of purportedly stolen GE data. GE acknowledges the situation, stating they are investigating. Read more
As we navigate the ever-evolving cybersecurity landscape in 2024, the protection of sensitive data demands a dynamic and resilient approach. In this context, a well-designed backup strategy becomes a crucial component in the ongoing battle against sophisticated threats. To fortify your data defenses, we explore five advanced backup strategies in our blog. Read more
The "Ethyrial: Echoes of Yore" MMORPG faced a ransomware attack, compromising 17,000 player accounts. Threat actors targeted the main server, encrypting all data and demanding Bitcoin for decryption. Instead of paying, developers chose manual restoration, impacting player accounts and characters. Enhanced security measures, including frequent offline backups and a P2P VPN were implemented and efforts to restore servers were successful. Read more
Replace your Legacy Dell EMC Data Domain with StoneFly DR365V, a Veeam-ready Enterprise Backup & DR solution that offers advanced data protection including Air-Gapped Backups and Immutable Snapshots for Robust data protection against ransomware and malware threats.
When compared with legacy infrastructures like Dell EMC Data Domain, StoneFly DR365V offers fully contained, virtual server platform that combines all three layers of compute, storage, and network with better Ransomware protection, reduces digital footprint, supports faster Backups & instant recovery at half of the cost of anything similar.
Available in highly customizable 4,8,12,16, 24 or larger Rackmount chassis equipped with the latest and the greatest hardware.
For demos and details, contact us.
Weekly
Nov 20 - 24, 2023
Cisco Talos discovered the 8Base ransomware group using a Phobos variant, distributed through the SmokeLoader trojan. This represents a departure from conventional methods, incorporating ransomware directly into encrypted payloads. Active since at least March 2022, 8Base's SmokeLoader serves as a launchpad for Phobos ransomware, encrypting files based on size and employing advanced features. Read more
Yamaha Motor Philippines, Inc. (YMPH), a Yamaha subsidiary, faced a ransomware attack on October 25. The breach impacted a YMPH server, leaking some employee data. Yamaha, collaborating with experts, formed a countermeasures team to mitigate and contain the incident. While the attack was confined to YMPH, the INC Ransom gang claimed responsibility, showcasing stolen data on their dark web leak site. Yamaha is working with authorities to assess the attack's full impact, while negotiations with INC Ransom are ongoing. Read more
Canadian government contractors BGRS and SIRVA suffered breaches, exposing government-related data dating back to 1999, affecting RCMP, Canadian Armed Forces, and government employees. While the government hasn't officially attributed the incident, the LockBit ransomware group claims responsibility. Swift government action involves reporting the incident, proactive support measures for affected individuals, and cautionary steps, including updating credentials and enabling multi-factor authentication. Read more
Play ransomware, previously known as Balloonfly and PlayCrypt, has transformed into a Ransomware-as-a-Service (RaaS), offering a uniform toolkit for affiliates. Adlumin's analysis reveals consistent tactics in recent Play attacks, from file concealment to shared passwords, suggesting a systematic approach by affiliates. Originally exploiting Microsoft Exchange vulnerabilities, Play's new RaaS model makes it attractive to cybercriminals, potentially increasing attack frequency. Read more
APTs pose a silent menace, infiltrating undetected, causing havoc for organizations. Their stealth and adaptability demand proactive defense. Every business, regardless of industry, must prioritize understanding APTs and fortifying critical systems. Our blog demystifies APTs, outlines their impacts, and empowers you to confront this digital nemesis. The question isn't if but when your defenses will be tested. Prepare now for a resilient future. Read more
Agent Tesla malware has resurfaced with a unique delivery tactic, utilizing the ZPAQ compression format in lure files. G Data highlights ZPAQ's efficiency but notes limited software support as a challenge. Agent Tesla, a keylogger and remote access trojan, employs a phishing email-driven attack chain, exploiting a Microsoft Office vulnerability. The ZPAQ file, disguised as a PDF, extracts a bloated .NET executable, evading traditional security measures. The ultimate goal is to infect endpoints with Agent Tesla, hidden using .NET Reactor. Read more
98TB Commvault fully air-gapped and immutable backup and DR appliance with file and Object Lockdown Technology for ransomware protection for $9,995
10th Gen, 8-bay 2U Rackmount unit with 7x14TB (98TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Redundant Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, Dual 10Gb RJ-45 Ports, Fully Integrated SAN, NAS and optional S3 cloud storage.
All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For demos and details, contact us.
Weekly
Oct 30 - Nov 3, 2023
FIRST officially introduces CVSS v4.0, a major upgrade after more than eight years since CVSS v3.0. Addressing criticisms of granularity and representation, it introduces supplemental metrics like Safety, Automatable, and Recovery. The new nomenclature system includes Base, Threat, Environmental, and their combinations, emphasizing that CVSS is more than just the Base score. This evolution will give unparalleled fidelity in vulnerability assessment and will contribute to more effective risk mitigation strategies. Read more
A critical flaw (CVE-2023-46604) in Apache ActiveMQ exposes a pathway for remote code execution, recently exploited by HelloKitty ransomware. The flaw, rated 10.0 on the CVSS scale, allows arbitrary shell command execution. Vulnerable versions include 5.8.0 to 5.18.0, affecting 3,326 instances globally. Successful exploitation enables loading remote binaries, triggering a ransomware-like process. Patched versions (5.15.16, 5.16.7, 5.17.6, 5.18.3) were released last month. Read more
MuddyWater executed a sophisticated spear-phishing campaign against Israeli entities, deploying N-able’s Advanced Monitoring Agent. MuddyWater, linked to Iran’s Ministry of Intelligence and Security, has a history dating back to 2017, consistently evolving its spear-phishing tactics. The recent campaign introduced a multi-stage infection vector through Storyblok, featuring hidden files and LNK files. Read more
Lazarus Group is targeting blockchain engineers on a crypto exchange using sophisticated macOS malware, KANDYKORN. Employing social engineering on Discord, they impersonate engineers, enticing victims to download a ZIP archive disguised as a cryptocurrency arbitrage bot. The attack involves multiple stages, utilizing Python scripts hosted on Google Drive, leading to KANDYKORN deployment. The malware, featuring advanced capabilities like reflective loading and execution flow hijacking, serves as a full-featured Remote Access Trojan. Read more
Trigona Ransomware: What is it and How to Defend Against it
Amid the evolving digital threats, Trigona ransomware emerges as a formidable adversary. This blog explores its origins, characteristics, and impact, providing actionable strategies for preparation and mitigation. Prioritize defense with measures like air-gapped backups and multi-factor authentication to safeguard against Trigona and fortify your cybersecurity. Stay informed, stay secure. Read more
Palo Alto Networks Unit 42, uncovers a revamped Kazuar second-stage backdoor with a focus on stealth and anti-analysis tactics. The code emphasizes advanced encryption and obfuscation, showcasing the maturity of threat actors. Kazuar's multithreading model, expanded command set, and proxy capabilities, using named pipes for peer-to-peer communication. The malware's adaptive anti-analysis features, including dormancy during scrutiny. Read more
Secure your critical VMware cluster environments with a 98TB ransomware-proof air-gapped and immutable appliance with built-in S3 object lockdown and File Lock for $9,995.
10th Gen, 8-bay 2U Rackmount unit with 7x14TB (98TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Redundant Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, Dual 10Gb RJ-45 Ports, Fully Integrated SAN, NAS and optional S3 cloud storage.
All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.
For demos and details, contact us.