Linda Smith, Rajat Wason, and Syed Zaidi of Sophos write: In May 2022, an automotive supplier was hit with three separate ransomware attacks. All three threat actors abused the same misconfiguration – a firewall rule exposing Remote Desktop Protocol (RDP) on a management server – but used different ransomware strains and tactics. The first ransomware…
Category: Commentaries and Analyses
CISCO got hit… and immediately took control of the story
It is the kind of story destined for big headlines. The Yanluowang group announced today that they had attacked CISCO. But instead of them controlling the story, CISCO seems to have immediately taken control. The threat actors, who appear not to be a fan of Grammarly, posted a directory of Drive C: on their leak…
The SEC’s cyberattack reporting rules are seeing fierce opposition. CISA is poised to do better.
Kyle Alspach reports: As the chief information security officer of a large, publicly traded tech company, Drew Simonis has been keeping a close eye on the SEC’s proposed rules to require reporting of major cyberattacks. Simonis, who works at Juniper Networks, has some serious concerns shared by many executives in U.S. private industry. Some of the proposed…
Snapchat, Amex sites abused in Microsoft 365 phishing attacks
Sergiu Gatlan reports: Attackers abused open redirects on the websites of Snapchat and American Express in a series of phishing attacks to steal Microsoft 365 credentials. Open redirects are web app weaknesses that allow threat actors to use the domains of trusted organizations and websites as temporary landing pages to simplify phishing attacks. Read more at…
BHG Behavioral Health Group recently notified patients of a December 2021 breach
If you know to scroll down on BHG Behavioral Health Group‘s website to their footer, you will see a small link to an undated data security incident notice. That undated notice does not reveal when Behavioral Health Group first discovered the data security incident or how they first discovered it. The notice does state, however,…
New GwisinLocker ransomware encrypts Windows and Linux ESXi servers
This site generally doesn’t cover or announce new types of ransomware, but this one targets the healthcare sector, so…. Bill Toulas reports: A new ransomware family called ‘GwisinLocker’ targets South Korean healthcare, industrial, and pharmaceutical companies with Windows and Linux encryptors, including support for encrypting VMware ESXi servers and virtual machines. The new malware is…