Metal Messiah reports: A new variant of a powerful cryptojacking and DDoS-based malware is exploiting severe vulnerabilities in Windows machines, and affecting them in the process. Dubbed as “Lucifer”, this new malware is part of an active campaign against Windows hosts and uses a variety of ‘exploits’ in the latest wave of attacks, Palo Alto Networks’…
Category: Commentaries and Analyses
LifeLabs failed to protect the personal health information of millions of Canadians- Privacy Commissioners
In November, 2019, Canadian testing laboratory provider LifeLabs disclosed a data breach. In February, 2020, it tried to block regulators from accessing a report on the breach prepared for it by Crowdstrike. Today, the B.C. and Ontario privacy commissioners released their report on the incident. It was highly critical of LifeLabs. Knowing that the report…
FBI warns K12 schools of ransomware attacks via RDP
Catalin Cimpanu reports: The US Federal Bureau of Investigation sent out on Tuesday a security alert to K12 schools about the increase in ransomware attacks during the coronavirus (COVID-19) pandemic, and especially about ransomware gangs that abuse RDP connections to break into school systems. The alert, called a Private Industry Notification, or PIN, tells schools…
Ca: Security lapses in eHealth system increased risk of cyberattack, says auditor
Arthur White-Crummey reports: After finding numerous security gaps on laptops, tablets and smartphones connected to the eHealth system, Saskatchewan’s provincial auditor warned they could increase the risk of cyberattacks like the one that compromised sensitive personal information late last year. Judy Ferguson’s office identified unencrypted devices, inappropriate security settings, unrestricted USB ports and untrained staff…
Warning: ‘Invisible God’ Hacker Sold Access To More Than 135 Companies In Just Three Years
Thomas Brewster reports: Major antivirus companies, banks, insurance providers, government agencies, large hotels, wineries, restaurants, airlines. Think of almost any kind of company and there’s a good chance a prolific, financially-motivated hacker known as Fxmsp has broken into it, or attempted to, according to a report released Tuesday. Dubbed the “invisible god of networks,” he’s a suspected…
Ryuk ransomware deployed two weeks after Trickbot infection
Ionut Ilascu reports: Researchers at SetinelOne have detailed the activity observed from logs on a Cobalt Strike server that TrickBot used to profile networks and systems. Once the actor took interest in a compromised network, they used modules from Cobalt Strike threat emulation software for red teams and penetration testers. One component is the DACheck script to check…