Commentaries and Analyses – Page 110

CrowdStrike finds new ransomware-as-a-service group targeting VMWare ESXi servers (5 tips to fight back)

Posted on May 15, 2023 by Dissent

Nancy Liu reports: CrowStrike discovered a new ransomware-as-a-service (RaaS) group — MichaelKors (formerly Qilin) — targeting VMWare ESXi servers since last month. The VMWare ESXi is a hypervisor that runs and manages virtual machines (VMs) directly on a dedicated host’s hardware. The products associated with the ESXi platform include VMware vSphere Hypervisor, vCenter, ONE Access or Identity…

North Korean Crypto Thefts Surpass $2.5 Billion

Posted on May 15, 2023 by Dissent

Coingape reports: North Korean hackers have stolen $721 million from Japan since 2017, accounting for 30% of the crypto thefts worldwide. According to a study by a U.K.-based compliance specialist, North Korea employs hacking and ransomware to steal crypto assets, especially in Japan, Vietnam and Hong Kong, the leading Asian crypto hubs. Lazarus Group, a North Korean-based hacker group’s…

Ransomware attack on PharMerica affected 5.8 million patients

Posted on May 13, 2023 by Dissent

While the Fortra/GoAnywhere data breach by Clop is shaping up to be the biggest, or one of the biggest, breaches affecting HIPAA-covered entities and business associates in 2023, an attack by Money Message on PharMerica is currently the largest single breach reported so far this year, with almost 6 million affected. On April 8, DataBreaches…

Student Medical Records May Have Been Taken in San Diego Unified Hack

Posted on May 13, 2023 by Dissent

Will Huntsberry reports: The breadth of a cyber attack against San Diego Unified School District last year is coming into view. Student medical records may have been taken during the hack, district officials notified parents in a letter dated May 4. […] The new letter obtained by Voice of San Diego is the first admission that children’s…

Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol

Posted on May 13, 2023 by Dissent

Jurgita Lapienytė reports: Unlike most ransom campaigns, CheckMate, discovered in 2022, has been quiet throughout its operations. To the best of our knowledge, it doesn’t operate a data leak site. That’s quite unusual for a ransomware campaign since many prominent gangs brag about big targets and post them as victims on their data leak sites….

#StopRansomware: Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG

Posted on May 11, 2023 by Dissent

Jen Easterly, Director of CISA, tweeted: In early May 2023, a group self-identifying as the Bl00dy Ransomware Gang was observed attempting to exploit vulnerable PaperCut servers at educational institutions. Read our joint advisory with @FBI and apply patches or workarounds today: http://go.dhs.gov/4sz The advisory is embedded below: