Analysis by Tim Starks with research by David DiMolfetta: A long-awaited report on the cybersecurity vulnerabilities of election machines in Georgia was finally released alongside another report on Wednesday, but the two sides of a long-running dispute over the security of the state’s election machines can’t agree on what conclusions to draw. The first report — by University…
Category: Commentaries and Analyses
Understanding Ransomware Threat Actors: LockBit
Alert Code AA23-165A CISA has posted an advisory on LockBit. SUMMARY In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture,…
The “reincarnation” of BreachForums: A cyberdrama in three acts
BreachForums has been reincarnated. But as with all things related to BreachForums, its reincarnation has been accompanied by all kinds of drama. Act 1: The Prequel: Arrest and Chaos Act 1. Scene 1. BreachForums’s owner is arrested in New York. The arrest was made on March 15, but first hit the news on March 17….
CloudSEK report says hackers don’t have access to CoWin’s backend database
Ayushman Kuman reports: A day after a Telegram bot provided access to the personal information of individuals who had reportedly registered for vaccination through the government’s CoWIN portal, an independent analysis by CloudSEK has shown that the threat actors do not have access to the entire portal or the backend database. CloudSEK is a Singapore-based…
Singapore regulator decision reminds entities of duty to monitor vendors
Even though RAIDForums was seized in early 2022, data leaks and breaches on the site are still having repercussions for entities. On May 11, the Singapore Personal Data Protection Commission (PDPC) issued a decision involving Kingsforce Management Services Pte Ltd. On January 31, 2022, the firm had notified the PDPC that on or about December…
Asylum Ambuscade hackers mix cybercrime with espionage
Bill Toulas reports: A hacking group tracked as ‘Asylum Ambuscade’ was observed in recent attacks targeting small to medium-sized companies worldwide, combining cyber espionage with cybercrime. The particular threat group, believed to have been operational since at least 2020, was first identified by Proofpoint in a March 2022 report that focused on a phishing campaign against entities…