Groups, Manufacturing, Security and Tools - Information Management Today

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

Krebs on Security

FEBRUARY 20, 2024

authorities have seized the darknet websites run by LockBit , a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Investigators used the existing design on LockBit’s victim shaming website to feature press releases and free decryption tools.

Ransomware

Ransomware Encryption Insurance Manufacturing

NSO Group Hacked

Schneier on Security

JULY 20, 2021

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Most interesting is a list of over 50,000 phone numbers that were being spied on by NSO Group’s software.

Manufacturing

Manufacturing IT

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

The Last Watchdog

NOVEMBER 12, 2023

However, there’s still a long way to go to achieve deep interoperability of interconnected services in a way that preserves privacy and is very secure. This is precisely what the consortium of software companies and device manufacturers, led Google, Amazon and Apple, set out to achieve when Matter was conceived four years ago.

Security

Security Manufacturing Authentication Marketing

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Ransomware attacks break records in 2023: the number of victims rose by 128%

Security Affairs

JANUARY 19, 2024

Ransomware groups claimed that they successfully targeted 4191 victims in 2023, Cybernews researchers report. According to the Ransomlooker tool, the number of ransomware attack victims increased by 128.17% compared to the previous year (2022), with 1837 additional incidents. LockBit remained the most active group through 2023.

Ransomware

Ransomware Manufacturing Retail Insurance

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Security Affairs

DECEMBER 19, 2023

The Federal Bureau of Investigation (FBI) announced the seizure of the Tor leak site of the AlphV/Blackcat ransomware group. The FBI seized the Tor leak site of the AlphV/Blackcat ransomware group and replaced the home page with the announcement of the seizure. the fashion giant Moncler , the Swissport , NCR , and Western Digital.

Ransomware

Ransomware IT Access Manufacturing

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors. The report is part of the ongoing #StopRansomware effort that disseminates advisories about tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with ransomware groups.

Ransomware

Ransomware Manufacturing Education Passwords

CISA recommends vendors to fix BrakTooth issues after the release of PoC tool

Security Affairs

NOVEMBER 4, 2021

CISA urges vendors to address BrakTooth flaws after researchers have released public exploit code and a proof of concept tool for them. US CISA is urging vendors to address BrakTooth flaws after security researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against potential Bluetooth exploits.

Manufacturing

Manufacturing Security IT Information Security

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

Security Affairs

MARCH 16, 2021

Microsoft released an Exchange On-premises Mitigation Tool (EOMT) tool to small businesses for the fix of ProxyLogon vulnerabilities. Most targeted sectors have been Government/Military (17% of all exploit attempts), followed by Manufacturing (14%), and then Banking (11%). ” reads the post published by Microsoft.

Military

Military Manufacturing Access Security

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

eSecurity Planet

SEPTEMBER 16, 2021

The investigators said the advanced threat actors used a mixture of known and unique malware tools in the attack – which they dubbed Operation Harvest – to compromise the victim’s IT environment, exfiltrate the data and evade detection. Chinese-Linked APT Groups Likely Suspects. Misuse of Legitimate Open-Source Tools.

Military

Military Access Manufacturing Phishing

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Security Affairs

DECEMBER 19, 2023

The Federal Bureau of Investigation (FBI) announced the seizure of the Tor leak site of the AlphV/Blackcat ransomware group. The FBI seized the Tor leak site of the AlphV/Blackcat ransomware group and replaced the home page with the announcement of the seizure. the fashion giant Moncler , the Swissport , NCR , and Western Digital.

Ransomware

Ransomware IT Access Manufacturing

Antlion APT group used a custom backdoor that allowed them to fly under the radar for months

Security Affairs

FEBRUARY 3, 2022

A China-linked APT group tracked as Antlion used a custom backdoor called xPack that was undetected for months. A China-linked APT group tracked as Antlion is using a custom backdoor called xPack in attacks aimed at financial organizations and manufacturing companies, Symantec researchers reported. ” continues Symantec.

Manufacturing

Manufacturing Data collection Encryption Passwords

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

IT Governance

FEBRUARY 14, 2024

Compromised data includes policyholders’ and their families’ civil status, dates of birth and social security numbers, as well as the name of their health insurer and information relating to their contracts. It has since been confirmed by Anukul Peedkaew, the permanent secretary of social development and human security.

Data Privacy

Data Privacy Manufacturing Privacy Security

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

Fowler sent a responsible disclosure notice when he discovered the database and it was secured the following day. Source New Manufacturing USA Yes 20,415 TECA Srl Source New Transport Italy Yes 16.7 Known records breached Zenlayer Source New Telecoms USA Yes 384,658,212 ASA Electronics Source New Engineering USA Yes 2.7

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

The Last Watchdog

SEPTEMBER 21, 2023

21, 2023 — MxD, the Digital Manufacturing and Cybersecurity Institute, today hosted a roundtable discussion with the White House Office of the National Cyber Director. Each participating organization is committed to developing cyber skills and programs to train the workforce across a wide range of industries, including manufacturing.

Cybersecurity

Cybersecurity Manufacturing Military Artificial Intelligence

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

SEPTEMBER 25, 2023

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. Gelsemium is a group focused on cyberespionage that has been active since at least 2014.

Government

Government Manufacturing Education Access

Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition

Security Affairs

JULY 2, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Authentication Marketing

Cyber-Criminal espionage Operation insists on Italian Manufacturing

Security Affairs

MAY 22, 2020

ZLab researchers spotted a new malicious espionage activity targeting Italian companies operating worldwide in the manufacturing sector. The group behind this activity is the same we identified in the past malicious operations described in Roma225 (12/2018), Hagga (08/2019), Mana (09/2019), YAKKA (01/2020). Introduction.

Manufacturing

Manufacturing e-Delivery IT Security

Security Affairs newsletter Round 326

Security Affairs

AUGUST 8, 2021

Every week the best security articles from Security Affairs free for you in your email box. ransomware gang BlackMatter ransomware also targets VMware ESXi servers Conti ransomware affiliate leaked gang’s training material and tools Conti Leak Indicators – What to block, in your SOC…. Do You Trust Your Smart TV?

Security

Security Ransomware Mining IoT

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

Iran-linked APT group Pioneer Kitten is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers. Iran-linked APT group Pioneer Kitten, also known as Fox Kitten or Parisite, is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers.

Access

Access Financial Services Retail Insurance

FIN7 targeted a large U.S. carmaker phishing attacks

Security Affairs

APRIL 18, 2024

BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S. In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. carmaker with spear-phishing attacks.

Phishing

Phishing Manufacturing Libraries IT

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code.

Ransomware

Ransomware Encryption Manufacturing Phishing

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

CVE-2018-4251 – Apple did not disable Intel Manufacturing Mode in its laptops

Security Affairs

OCTOBER 4, 2018

Positive Technologies while analyzing Intel Management Engine (ME) discovered that Apple did not disable Intel Manufacturing Mode in its laptops. Experts from security firm Positive Technologies while analyzing Intel Management Engine (ME) discovered that Apple forgot did not lock it in laptops.

Manufacturing

Manufacturing IT Access Sales

Security Affairs newsletter Round 357 by Pierluigi Paganini

Security Affairs

MARCH 13, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 357 by Pierluigi Paganini appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook.

Security

Security Data breaches Ransomware Manufacturing

China-linked APT41 group exploits Citrix, Cisco, Zoho flaws

Security Affairs

MARCH 25, 2020

The China-linked group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and ManageEngine in a campaign on a global scale. The China-linked cyberespionage group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and Zoho ManageEngine in a campaign on a global scale. ” reads the advisory published by FireEye.

Healthcare

Healthcare Education Manufacturing Government

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The Budworm espionage group resurfaced targeting a U.S.-based This is the first time that Symantec researchers have observed the Budworm group targeting a U.S-based The group also targeted a hospital in South East Asia. The China-linked APT27 group has been active since 2010, it targeted organizations worldwide, including U.S.

File names

File names Financial Services Manufacturing Libraries

China-linked Flax Typhoon APT targets Taiwan

Security Affairs

AUGUST 25, 2023

China-linked APT group Flax Typhoon targeted dozens of organizations in Taiwan as part of a suspected espionage campaign. The group relies on tools built into the operating system, along with some legitimate software. The group primarily relies on living-off-the-land techniques and hands-on-keyboard activity.

Manufacturing

Manufacturing Education Access Government

US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders

Security Affairs

FEBRUARY 16, 2024

This additional reward aims to target affiliated and initial access brokers involved and that facilitated the attacks of the group. The ransom demands of the group range from a few tens of thousands of dollars up to tens of millions of dollars. the fashion giant Moncler , the Swissport , NCR , and Western Digital.

Ransomware

Ransomware Government Manufacturing Access

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The City confirmed the security incident and is working to recover from the ransomware attack that impacted its services, including the police department. MILES/CBS NEWS TEXAS The Royal ransomware group is behind the attack and threatens to publish stolen data if the City will not meet its ransom demand. ” reads the report.

Ransomware

Ransomware Encryption Systems administration Cybersecurity

FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector

Security Affairs

FEBRUARY 28, 2024

. “This trend is believed to be a response to the encouragement from ALPHV Blackcat administrators, who urged affiliates to focus their efforts on hospitals following operational actions against the group and its infrastructure in early December 2023.” reads the press release. “FBI reads the press release. “To

Ransomware

Ransomware Government Insurance Manufacturing

Security Affairs newsletter Round 303

Security Affairs

FEBRUARY 28, 2021

Every week the best security articles from Security Affairs free for you in your email box. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. The post Security Affairs newsletter Round 303 appeared first on Security Affairs. Pierluigi Paganini.

Security

Security Blockchain Manufacturing Analytics

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

Lockbit ransomware group administrative staff has confirmed with us their websites have been seized. pic.twitter.com/SvpbeslrCd — vx-underground (@vxunderground) February 19, 2024 The operation led to the arrest of two members of the ransomware gang in Poland and Ukraine and the seizure of hundreds of crypto wallets used by the group.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Agriculture

US pharmacy outage caused by Blackcat ransomware attack on Optum Solutions

Security Affairs

FEBRUARY 27, 2024

A BlackCat ransomware attack hit UnitedHealth Group subsidiary Optum causing an outage impacting the Change Healthcare payment exchange platform. A ransomware attack hit the UnitedHealth Group subsidiary Optum leading to an outage impacting the Change Healthcare payment exchange platform. ” reads the SEC filing.

Ransomware

Ransomware Government Insurance Manufacturing

Ransomware Group Ragnar Locker Threatens Data Leaks if Law Enforcement Contacted

eSecurity Planet

SEPTEMBER 8, 2021

The Ragnar Locker group posted on its darknet leak site a note outlining the warning, putting even more pressure on target companies (which the group calls “clients”) and increasing attention on the already high-profile debate about organizations paying ransoms. To Pay or Not to Pay? Colonial Pipeline paid its DarkSide attackers $4.4

Ransomware

Ransomware Manufacturing Risk Encryption

Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 20, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Phishing Ransomware Manufacturing

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

. “The Department of State is announcing reward offers totaling up to $15 million for information leading to the arrest and/or conviction of any individual participating in a LockBit ransomware variant attack and for information leading to the identification and/or location of any key leaders of the LockBit ransomware group.”

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

Security Affairs

DECEMBER 14, 2023

Russia-linked cyber espionage group APT29 has been targeting JetBrains TeamCity servers since September 2023. Experts warn that the Russia-linked APT29 group has been observed targeting JetBrains TeamCity servers to gain initial access to the targets’ networks. The group used WMIC to facilitate lateral movement.

Authentication

Authentication Military Access Manufacturing

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

North Korea-linked APT group Lazarus was spotted exploiting Log4j vulnerabilities to deploy previously undocumented remote access trojans. The North Korea-linked APT group Lazarus is behind a new hacking campaign that exploits Log4j vulnerabilities to deploy previously undocumented remote access trojans (RATs).

Agriculture

Agriculture Data collection Access Manufacturing

NIST Proposes Revised Security Guidelines For Federal Contractors

Data Protection Report

MAY 18, 2023

The draft proposal would significantly change the guidelines included in SP 800-171, keeping the 110 security controls in total, but removing or consolidating some older requirements while adding certain new requirements and providing additional explanations and details for many existing controls.

Security

Security Compliance Risk Authentication

Group-IB detects a series of ransomware attacks by OldGremlin

Security Affairs

SEPTEMBER 23, 2020

Researchers from threat hunting and intelligence firm Group-IB have detected a successful attack by a ransomware gang tracked as OldGremlin. Group-IB , a global threat hunting and intelligence company headquartered in Singapore, has detected a successful attack by a ransomware gang, codenamed OldGremlin. Unsought invoice.

Ransomware

Ransomware Phishing Encryption Authentication

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

Lockbit ransomware group administrative staff has confirmed with us their websites have been seized. In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023. According to a joint report published by US authorities and international peers, the total of U.S. on January 5, 2020.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal

eSecurity Planet

JULY 21, 2021

Reports that the NSO Group’s Pegasus spyware was used by governments to spy on Apple iPhones used by journalists, activists, government officials and business executives is becoming a global controversy for NSO, Apple and a number of governments at the center of the scandal. Mobile Security, Privacy at Issue.

Security

Security Government Privacy Ransomware

Why You Need to Tune EDR to Secure Your Environment

eSecurity Planet

APRIL 21, 2022

This allows EDR to deploy very quickly, but it also allows for a number of security vulnerabilities. Here we’ll discuss why EDR vendors choose these configurations, and how organizations can tune their EDR systems to fit their organization and improve security. How do certain user groups behave differently?

Security

Security Access Sales e-Discovery

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

NSO Group Hacked

Webinars

Trending Sources

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

Webinars

Ransomware attacks break records in 2023: the number of victims rose by 128%

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

FBI and CISA warn of attacks by Rhysida ransomware gang

CISA recommends vendors to fix BrakTooth issues after the release of PoC tool

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

McAfee Finds Years-Long Attack by Chinese-Linked APT Groups

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Antlion APT group used a custom backdoor that allowed them to fly under the radar for months

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition

Cyber-Criminal espionage Operation insists on Italian Manufacturing

Security Affairs newsletter Round 326

Iran-linked APT group Pioneer Kitten sells access to hacked networks

FIN7 targeted a large U.S. carmaker phishing attacks

Researchers Quietly Cracked Zeppelin Ransomware Keys

FBI chief says China is preparing to attack US critical infrastructure

CVE-2018-4251 – Apple did not disable Intel Manufacturing Mode in its laptops

Security Affairs newsletter Round 357 by Pierluigi Paganini

China-linked APT41 group exploits Citrix, Cisco, Zoho flaws

China-linked Budworm APT returns to target a US entity

China-linked Flax Typhoon APT targets Taiwan

US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector

Security Affairs newsletter Round 303

More details about Operation Cronos that disrupted Lockbit operation

US pharmacy outage caused by Blackcat ransomware attack on Optum Solutions

Ransomware Group Ragnar Locker Threatens Data Leaks if Law Enforcement Contacted

Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

NIST Proposes Revised Security Guidelines For Federal Contractors

Group-IB detects a series of ransomware attacks by OldGremlin

Operation Cronos: law enforcement disrupted the LockBit operation

Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal

Why You Need to Tune EDR to Secure Your Environment

Stay Connected