An “aggressive” financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS.The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an “improper SQL command neutralization” flaw in the SSL-VPN SMA100 product (CVE-2021-20016,…
Victims of ransomware gangs are being urged to report it rather than pay the criminals behind the attacks. The gangs use malicious software to scramble and steal an organisation’s computer data and demand money to restore it. Megan Stifel, executive director of the Global Cyber Alliance, which seeks to reduce cyber risk, told BBC World…
The Metropolitan Police Department has confirmed that they suffered a cyberattack after the Babuk ransomware gang leaked screenshots of stolen data. The Metropolitan Police Department, also known as the DC Police or MPD, is the primary law enforcement agency for Washington, DC, the US capital. In a statement to BleepingComputer, the DC Police stated that…
At least 45 people were killed and some 150 were injured in a crush at a crowded Orthodox Jewish festival in Israel. The Lag B’Omer festival near Mount Meron had attracted tens of thousands of pilgrims. Eyewitness Menachem Engel, who was attending the festival, said he was about 100m away from where the incident happened….
A financially motivated threat actor exploited a zero-day bug in SonicWall SMA 100 Series VPN appliances to deploy new ransomware known as FiveHands on the networks of North American and European targets. The group, tracked by Mandiant threat analysts as UNC2447, exploited the CVE-2021-20016 SonicWall vulnerability to breach networks and deploy FiveHands ransomware payloads before patches were…
A second wave of coronavirus is sweeping through India overwhelming hospitals, morgues and crematoria. Protima Singh, who is managing operations on the ground for the International Federation of Red Cross, told BBC World News that the situation was very critical with so many people becoming infected with coronavirus. The needs are large, the hospitals are…
FBI shares with HIBP 4 million email addresses involved in Emotet attacks | IT Security News 27. April 2021 The FBI has shared with Have I Been Pwned service 4 million email addresses collected by Emotet botnet and employed in malware campaigns. Last week, European law enforcement has conducted an operation aimed at performing a…
A Rochester Institute of Technology sophomore discovered a vulnerability on a partner website of Experian that allows anyone to look up credit scores with a name and mailing address. Bill Demirkapi found the leak when he was looking for information about student loan vendors online. He discovered the code behind a page that used an…
LJ Rich looks at some of the best technology news stories of the week including: Ride-haling firm Lyft sells its self-driving business to Toyota – for $550 million (£395m, € 454m) A drone capable of carrying three separate loads takes to the skies A robotic arm which uses artificial intelligence to identify and pick apples…
Endpoint Security , Governance & Risk Management , Identity & Access Management Bureau Shares Emails of Those Affected With Have I Been Pwned Breach Notification Service Jeremy Kirk (jeremy_kirk) • April 27, 2021 Photo: FBI The FBI has shared 4.3 million email addresses stolen by the Emotet malware with the Have I Been…
