Sergiu Gatlan reports: A financially motivated cybercriminal group known as FIN7 resurfaced last month, with Microsoft threat analysts linking it to attacks where the end goal was the deployment of Clop ransomware payloads on victims’ networks. “Financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7) has come out of a long period of inactivity,” the company said in…
Category: Commentaries and Analyses
NYS settles charges against PracticeFirst stemming from 2020 ransomware incident
In July 2021, Professional Business Systems, Inc. d/b/a Practicefirst Medical Management Solutions and PBS Medcode Corp., a medical management company that processes data for health care providers, issued a press release about a hacking incident that occurred in December 2020. As DataBreaches noted at the time, it appeared that they likely paid ransom because one line in their statement…
The Underground History of Russia’s Most Ingenious Hacker Group
Andy Greenberg writes: Ask western cybersecurity intelligence analysts who their “favorite” group of foreign state-sponsored hackers is—the adversary they can’t help but grudgingly admire and obsessively study—and most won’t name any of the multitudes of hacking groups working on behalf of China or North Korea. Not China’s APT41, with its brazen sprees of supply chain attacks, nor…
Health Breach Notification Rule: FTC wants your insights into proposed changes
From the FTC: The Health Breach Notification Rule has been in place since 2009. Given the pace of innovation, that seems like a century in tech years. Since then, we’ve seen an explosion in the popularity of health apps, fitness trackers, and other health-related monitors. To keep up with technological developments and evolving business practices, the…
KeePass exploit helps retrieve cleartext master password, fix coming soon
Bill Toulas reports: The popular KeePass password manager is vulnerable to extracting the master password from the application’s memory, allowing attackers who compromise a device to retrieve the password even with the database is locked. The issue was discovered by a security researcher known as ‘vdohney,’ who published a proof-of-concept tool allowing attackers to extract the KeePass…
Microsoft Azure VMs Hijacked in Cloud Cyberattack
Elizabeth Montalbano reports: A threat actor known for targeting Microsoft cloud environments now is employing the serial console feature on Azure virtual machines (VMs) to hijack the VM to install third-party remote management software within clients’ cloud environments. Tracked as UNC3844 by researchers at Mandiant Intelligence, the threat group is leveraging this attack method to…