Select Page
Slide 1

Weekly

Ransomware Roundup

Oct 23 - 27, 2023

Okta Support System Compromised: Customer Data Exposed to Unknown Threat Actors

Okta faced unauthorized access as threat actors used stolen credentials to breach its support system, exposing certain customer files and uploading sensitive HTTP Archive (HAR) files. Confirmed targets BeyondTrust and Cloudflare detailed the attacks, with Cloudflare reporting a session token hijacking from a support ticket. BeyondTrust notified Okta of the breach on October 2, 2023 which continued until at least October 18, 2023. Read more

Cisco Devices Hacked with Modified Backdoor for Stealthy Operations

Cisco devices face a critical threat as threat actors adapt tactics to evade detection. The Fox-IT team discovered a modified backdoor in Cisco devices, making it nearly invisible without the correct Authorization HTTP header. Exploiting CVE-2023-20198 and CVE-2023-20273, the attacks create an exploit chain, granting unauthorized access. Cisco responded with security updates, but the elusive threat actor complicates the assessment and thousands of devices may still be compromised. Read more

City of Philadelphia Faces Scrutiny Over Delayed Data Breach Disclosure

Philadelphia is under investigation for a data breach discovered in May, where attackers accessed city email accounts until July. Compromised data includes personal and health information. The city is conducting a review, pledging to notify affected individuals. Officials advise caution against fraud and identity theft, urging vigilance and prompt reporting of suspicious activity. The method of breach and reasons for delay remain undisclosed. Read more

Operation Triangulation: Security Experts Unveil In-Depth Analysis of iOS Zero-Day Attack Techniques

Operation Triangulation, a sophisticated attack on Apple iOS devices used the TriangleDB implant and leveraged two zero-day exploits in iMessage (CVE-2023-32434 and CVE-2023-32435). The operation included concealment techniques, validator stages, and a zero-click exploit chain through an invisible iMessage attachment. The TriangleDB implant displayed advanced capabilities, communicating with a command-and-control server, evading forensic analysis, and employing unique features like a screen-aware microphone-recording module and GSM-based location monitoring. Read more

Lockbit Ransomware: Inside the Cyberthreat and Defense Strategies

Stay ahead of the digital threat landscape! Dive into this blog dissecting LockBit ransomware—a potent force targeting major enterprises. Understand its origins, how it operates, and the impact it can have on organizations. Learn strategies to mitigate the risks and arm your organization with knowledge and resilience against the evolving menace of LockBit ransomware. Read more

Security Flaw in NextGen’s Mirth Connect Exposes Healthcare Data

Mirth Connect users, using NextGen HealthCare's data integration platform, must update to version 4.4.1 due to a critical unauthenticated remote code execution vulnerability (CVE-2023-43208). The flaw poses a significant threat and can compromise healthcare data. Technical details are withheld, but it's revealed as a patch bypass for CVE-2023-37679, impacting Mirth Connect versions since 2015/2016. All instances, not just Java 8 servers, are vulnerable, and must be updated, especially publicly accessible systems. Read more

Promo
98TB Commvault Immutable & Air-Gapped Backup & DR appliance $9,995

98TB fully air-gapped and immutable Commvault backup and disaster recovery (DR) appliance with Object Lockdown Technology for Ransomware protection for $9,995.

10th Gen, 8-bay 2U Rackmount unit with 7x14TB (98TB) Enterprise SAS drives, 10 core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Redundant Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, Dual 10Gb RJ-45 Ports, Fully Integrated SAN, NAS and optional S3 cloud storage.

All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.

For demos and details, contact us.

Slide 1

Weekly

Ransomware Roundup

Oct 16 - 20, 2023

D-Link Confirms Breach After Employee Falls Victim to Phishing Attack

D-Link, a major Taiwanese networking equipment manufacturer, faced a security breach due to a phishing attack, exposing customer and employee data, along with source code for D-Link’s D-View software. The breach involved an outdated system in a "test lab environment." The attacker claimed millions of records while D-Link differed and reported around 700 outdated records. Read more

Critical Flaw Discovered in Cisco’s IOS XE Software

Cisco has unveiled a severe zero-day vulnerability (CVE-2023-20198) in its IOS XE software. With a CVSS score of 10.0, the flaw impacts enterprise gear with an internet-exposed Web UI, enabling remote attackers to create privileged accounts. Malicious activity, detected from September 18 to October 1, revealed an authorized user creating a suspicious account. Another incident on October 12 involved an unauthorized user deploying a Lua-based implant. While attribution is unclear, CISA has issued an advisory and added the flaw to Known Exploited Vulnerability catalog. Read more

Henry Schein Cyberattack Confirmed, Attackers Take Down Website

Henry Schein, a healthcare retail giant, confirmed a cyberattack on Oct 15, 2023, targeting its manufacturing and distribution sectors. Detected on Oct 14, the company took immediate action, collaborating with law enforcement and cybersecurity experts. To contain the incident, portions of the computer system were temporarily suspended. The website is temporarily down, and prompt service restoration efforts are on the way. While potential data compromise is under investigation, Henry Schein will promptly notify affected individuals. Read more

TetrisPhantom: APAC Governments Targeted in Cyber Espionage Campaign via Secure USBs

TetrisPhantom, an espionage campaign, is targeting APAC government entities. Employing a discreet method, it strategically exploits a specific hardware-encrypted USB drive commonly used by governments. Kaspersky suspects a nation-state's involvement due to the campaign's sophistication, emphasizing the strategic focus on well-protected government networks. The unique features involve malicious modules executing commands and collecting files through USBs. Read more

CERT-UA Reports: UAC-0165 Hits 11 Ukrainian Telecom Providers with POEMGATE and POSEIDON Malware

CERT-UA has revealed in its recent report that UAC-0165 has disrupted almost 11 telecom providers. The attackers probed networks, identifying vulnerable entry points using Dante, SOCKS5, and proxies. Employing POEMGATE and POSEIDON for control and WHITECAT to cover tracks, they gained persistent access by abusing VPNs that lacked multi-factor authentication. Read more

What Defending Against Ransomware-as-a-Service (RaaS) Entails

Ransomware has transformed into a profitable business model known as Ransomware-as-a-Service (RaaS), a dangerous collaboration between ransomware creators and distributors. This blog unravels the complexities of RaaS, examining its operations, dissecting notable incidents, and, most importantly, emphasizing the critical role of air-gapped backups and robust defense strategies as the foundation for protection against this pervasive threat. Stay informed, safeguard your data. Read More

Promo
56TB Fully Air Gapped & Immutable Veeam Backup and DR Appliance - Half price

56TB Fully Air Gapped and Immutable Veeam Backup and DR appliance with Object Lockdown Technology for Ransomware protection & Instant multi VM recovery. Last 3 Units at half price!

Its 2U, 8 Bay Rackmount unit with 4x14TB Enterprise SAS drives, 12 Core Storage Virtualization Engine, 128GB System Memory, 1TB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller, 1 Year Warranty & Support with 2 hours of professional services included.

This powerful 56TB DR365V Backup and DR appliance leverages Veeam-integration using the built-in Air-Gapped network, power management controller repository and storage controller using fully automated and Veeam integrated isolation technology.

Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are available as an option if needed.

For demos and details, contact us.

Slide 1

Weekly

Ransomware Roundup

Oct 9 - 13, 2023

Lazarus Group Cleanse $900M in Cryptocurrency

Blockchain analytics firm reports a staggering $7 billion in cryptocurrency illicitly laundered through cross-chain crime, with the Lazarus Group, implicated in a $900 million misappropriation from July 2022 to date. Evading traditional money laundering methods, they are now use chain-hopping typologies to obscure fund origins. Lazarus exploits cross-chain bridges, contributing to a 111% surge in funds routed through such services. Read more

Air Europa’s Data Breach Exposes Payment Card Details of Customers

Air Europa, part of the SkyTeam alliance faced a data breach that exposed bank card data. The breach prompted swift action from Air Europa, securing systems and alerting authorities. Affected customers were urged to cancel cards to thwart potential fraud risks. Compromised data includes card numbers, CVV codes, and expiration dates. Crucial details, like the number of affected customers and breach timeline, remain undisclosed, raising concerns about the breach's full scope and the delay in remedial actions. Read more

CISA Warns of Adobe Acrobat Reader Vulnerability Allowing RCE

CISA highlighted a severe use-after-free bug (CVE-2023-21608, CVSS 7.8) in Adobe Acrobat Reader, enabling potential remote code execution. Affected versions encompass Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020. To counter the risk, users are advised to update to secure versions (Acrobat DC 22.003.20310, Acrobat Reader DC 22.003.20310, Acrobat 2020 20.005.30436, Acrobat Reader 2020 20.005.30436). Read more

IZ1H9 Mirai Variant Unleashes 13 Router Exploits in DDoS Onslaught

The IZ1H9 variant of Mirai-based DDoS malware has expanded its exploits to target Linux-based routers from D-Link, Zyxel, TP-Link, and others. IZ1H9 integrates compromised devices into its DDoS swarm for orchestrated attacks and targets diverse IoT devices to construct a resilient botnet. The malware employs a range of exploits from 2015 to 2023 and exhibits a sophisticated attack chain, including payload injection and command-and-control capabilities supporting various DDoS attack types. Read more

What are Advanced Persistent Threats (APTs) and How to Stop Them

Advanced Persistent Threats (APTs) are silent invaders, capable of causing financial wreckage and tarnishing reputations. It's not an option but a vital necessity for businesses to understand and enhance data protection against these stealthy, evolving threats. Our blog simplifies the complexities of APT attacks, explores their impacts, and equips you to fortify critical systems. Arm yourself with knowledge; safeguard your business. Read more

Storm-1133 Targets Israeli Energy and Defense Sectors

Storm-1133, a Gaza-based threat actor is targeting Israeli energy, defense, and telecom sectors. Storm-1133 employs a blend of social engineering and LinkedIn profiles to infiltrate organizations, posing as Israeli professionals. It uses a dynamic command-and-control infrastructure on Google Drive, adapting to evade security measures and deploys backdoors to ensure flexibility for C2 infrastructure updates. Read more

Promo
70TB Rubrik Air-Gapped & Immutable Backup & DR appliance $7,995

70TB Rubrik Air-gapped & Immutable Backup and DR appliance expandable up to 4PB with Object Lockdown Technology for Ransomware protection for $7,995.

8-bay 2U Rackmount unit with 5x14TB Enterprise SAS drives, 10 Core Storage Virtualization Engine, 32GB System Memory, 512GB NVMe SSD, Hot-Swappable Power Supply, 12Gb SAS Hardware RAID Controller. Fully Integrated SAN, NAS and Native S3 cloud object storage.

All Enterprise Data services such as immutable snapshot, encryption (Hardware), Dedupe (hardware), Replication (Sync, Async), Thin provisioning, HOT/COLD Tiering, Flash Cache (NVMe+SSD), WORM (Immutable policy-based vault), Predictive failure, call home, Real-time performance, report, and notification are included.

For demos and details, contact us.

Slide 1

Weekly

Ransomware Roundup

Oct 02 - 06, 2023

Iranian APT Group OilRig Adopts Menorah Malware for Cyberespionage

A spear-phishing campaign led by OilRig is committing covert intelligence operations. The attack features a new espionage-focused malware, Menorah, with machine identification and file manipulation capabilities. The Menorah infection chain involves scheduled tasks and dropping the executable "Menorah.exe" for remote server contact. OilRig evolves and uses the SideTwist malware for persistence and adaptability to neutralize countermeasures. Read more

PyTorch Models Vulnerable to Remote Code Execution via ShellTorch: AWS Advisory

Experts have unveiled critical flaws in the TorchServe tool, ShellTorch, allowing remote code execution on compromised systems. The vulnerabilities include unauthenticated API misconfiguration, a severe SSRF flaw (CVE-2023-43654), and a SnakeYAML library insecurity (CVE-2022-1471). Exploiting these could lead to unauthorized access, arbitrary code execution, and complete server takeover. AWS issued an advisory, urging immediate TorchServe updates for users of specified PyTorch inference DLC versions. Read more

Dual Ransomware Strikes on U.S. Corporations: FBI Issues Advisory

The FBI has issued a warning on the rise of dual ransomware attacks targeting U.S. companies. Cybercriminals employ a blend of variants like AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal, maximizing impact through varied combinations. Attacks occur within 48 hours to 10 days adding complexity for defenders. Evolving tactics involve custom data theft, wiper tools, and malware to put pressure on victims. Read more

Silent Skimmer Campaign Targets Global Payment Platforms

Silent Skimmer targets online payment businesses across Asia Pacific, North America, and Latin America. The victims include online businesses and point-of-sale providers. The campaign exploits web application vulnerabilities, compromising payment checkout pages to stealthily collect sensitive payment data. After initial infiltration, threat actors use open-source tools and LOL bins, deploying a PowerShell-based RAT for control. Read more

Remote Code Execution (RCE) Attack and Vulnerabilities: Complete Overview

In an increasingly interconnected digital landscape, the specter of Remote Code Execution (RCE) attacks looms large, posing a significant threat to the security of IT systems. Understand the complexities surrounding RCE vulnerabilities, reading this comprehensive overview that equips you with practical insights to fortify your defense mechanisms against RCE and discover effective strategies to safeguard your digital domains. Read more

Guyana Government Faces DinodasRAT in Espionage Operation ‘Jacana’

Researchers have uncovered Operation Jacana, a cyber-espionage campaign targeting a Guyanese governmental entity. The attack employed a spear-phishing tactic featuring a novel C++ implant named DinodasRAT. The campaign started with deceptive emails referencing a Guyanese fugitive in Vietnam, leading victims to a compromised Vietnamese governmental domain. DinodasRAT, using the Tiny Encryption Algorithm, exfiltrated data, manipulated the registry, and executed commands. Read more

Promo
Immutable & Air-Gapped Veeam Cloud Backup, DR, Replication, Spin-up in the cloud $10 Per TB

Veeam Cloud Immutable Backup & DR with build-in automated Policy-based Air-Gap technology, Spin-up in the cloud for FastTrack Recovery and Enterprise level Ransomware protection starting at $10/TB per month.

Immutable or regular cloud Storage for Backup, Archive Documents, Images, Videos just like One-Drive, share and archive unstructured data starting at $5/TB per month.

24/7 Smart Protect plan available for your complete support needs. Pay Month-to-month, no long-Term contract. All Datacenters are Certified for CJIS, HIPAA, SOC 2, ISO 27001, PCI-DSS.

For demos and details, contact us.

WordPress PopUp Plugin

Subscribe To Our Newsletter

Join our mailing list to receive the latest news, updates, and promotions from StoneFly.

Please Confirm your subscription from the email