From Intel471: Since its release in 2012, Cobalt Strike has been one of the most popular tools for penetration testers to use when simulating how known threat actor tools will look when targeting an organization’s network. However, there is a downside to that popularity: the criminals love it, too. And if they are using it,…
Category: Commentaries and Analyses
The Full Story of the Stunning RSA Hack Can Finally Be Told
Andy Greenberg reports: AMID ALL THE sleepless hours that Todd Leetham spent hunting ghosts inside his company’s network in early 2011, the experience that sticks with him most vividly all these years later is the moment he caught up with them. Or almost did. It was a spring evening, he says, three days—maybe four, time had…
Colonial Pipeline confirms it paid $4.4 million to hackers
Cathy Bussewitz of AP reports: The operator of the nation’s largest fuel pipeline confirmed it paid $4.4 million to a gang of hackers who broke into its computer systems. Colonial Pipeline said Wednesday that after it learned of the May 7 ransomware attack, the company took its pipeline system offline and needed to do everything…
Despite an alert from NYS DFS, some insurance companies with “instant quote” portals were victimized
On February 16, the NYS Department of Financial Services issued a cybersecurity fraud alert involving public-facing web sites where consumers could request “instant quotes” for car insurance or other products. The alert warned insurers that private information used to prefill requests was being stolen and misused for pandemic unemployment benefits fraud. At the time, they…
NY: Filters Fast Settles Charges Stemming from Failure to Patch Critical Vulnerability Exploited in 2019 Data Breach
In 2019, Filters Fast experienced a data breach when a threat actor exploited a plugin vulnerability in vBulletin. Using SQL injection, the attacker was able to obtain consumers’ cardholder names, billing addresses, expiration dates, validation codes, and primary account numbers for purchases made between June, 2019 and July, 2020. Filters Fast did not detect any…
Update to Sincera Reproductive Medicine (formerly known as Abington Reproductive Medicine) ransomware incident
On November 8, 2020, in a report called “Without Undue Delay,” DataBreaches.net noted that Maze threat actors had a listing on their dedicated leak site for “Abington Reproductive Medicine.” The proof of claim that they posted, though, was not from Abington Reproductive, leaving us confused as to whether Abington Reproductive had really been a victim…