The federal Cybersecurity and Infrastructure Security Agency (CISA) released a few cybersecurity “bad practices” this week to assist in decreasing the volume of knowable and preventable cyber mistakes. These bad practices are aimed at educating critical infrastructure owners and operators, as well as the defense industry and the organizations that support the supply chain for…
Kaspersky Comment: Critical Microsoft vulnerability is failed to be patched – leaves devices at significant risk Security researchers have found that, despite recent efforts by Microsoft, a critical windows vulnerability has failed to be patched, allowing hackers to take full control of computers and servers. In early June, Microsoft patched a Windows vulnerability that it…
Microsoft has provided mitigation guidance to block attacks on systems vulnerable to exploits targeting the Windows Print Spooler zero-day vulnerability known as PrintNightmare. This remote code execution (RCE) bug—now tracked as CVE-2021-34527—impacts all versions of Windows per Microsoft, with the company still investigating if the vulnerability is exploitable on all of them. CVE-2021-34527 allows attackers to take over affected…
Hundreds of American businesses were hit Friday by an unusually sophisticated ransomware attack that hijacked widely used technology management software from a Miami-based supplier called Kaseya. The attackers changed a Kaseya tool called VSA, used by companies that manage technology at smaller businesses. They then encrypted the files of those providers’ customers simultaneously. Security firm…
3rd Party Risk Management , Breach Notification , Critical Infrastructure Security REvil Malware Suspected of Infecting Scores of IT Management Companies, Clients Akshaya Asokan (asokan_akshaya) • July 3, 2021 UPDATED July 3, 11:30 a.m. EDT See Also: Rapid Digitization and Risk: A Roundtable Preview IT management software vendor Kaseya sustained a suspected…
Fraud Management & Cybercrime , Ransomware Accenture Security: Attackers Focus on Those With Over $1 Billion in Revenue Prajeet Nair (@prajeetspeaks) • July 2, 2021 Hades ransom note (Source: Accenture Security) At least seven companies with annual revenue of over $1 billion have been hit so far this year by Hades ransomware, according…
WASHINGTON — A ransomware attack paralyzed the networks of at least 200 U.S. companies on Friday, according to a cybersecurity researcher whose company was responding to the incident. The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs. He said the criminals…
Fraud Management & Cybercrime , Governance & Risk Management , Privacy Social Media Platform Says No Private Data Exposed Rashmi Ramesh • July 1, 2021 Some 700 million records of LinkedIn users have been offered for sale on the hacker forum RaidForum, the news website PrivacySharks reports. The social media platform, and several…
After the Babuk ransomware operators have announced that they decided to close the affiliate program and move to data theft extortion, the group seems to have returned to their previous methods of encrypting corporate systems. At this time, the hackers are employing a new version of their file-encrypting malware and have shifted the operation to…
Just in time to ruin the holiday weekend, ransomware attackers have apparently used Kaseya — a software platform designed to help manage IT services remotely — to deliver their payload. Sophos director and ethical hacker Mark Loman tweeted about the attack earlier today, and now reports that affected systems will demand $44,999 to be unlocked….
