Brian Krebs fleshes out more about Matthew Philbert, the Canadian man arrested in Canada and charged in both the U.S. and Canada with a number of cybercrimes. Once again, Krebs provides a great example of solid research. Read his report at KrebsOnSecurity. Interestingly, Krebs ends his article with a comment that tends to agree with…
Category: Malware
Hackers publish Vestas data following cyber attack
Sabina Weston reports: Hackers behind last month’s cyber attack on Vestas, the world’s largest wind turbine manufacturer, have published a portion of the compromised data online. That’s according to a statement published by the company, in which it advised customers and business partners to “stay vigilant” as there’s a possibility that their personal data may be misused. Read more at ITPro.
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
Lawrence Abrams reports: In a concerning development, the notorious Emotet malware now installs Cobalt Strike beacons directly, giving immediate network access to threat actors and making ransomware attacks imminent. […] Today, Emotet research group Cryptolaemus warned that Emotet is now skipping their primary malware payload of TrickBot or Qbot and directly installing Cobalt Strike beacons on infected…
TN: Pellissippi State Community College impacted by ransomware attack
Monday, Pellissippi State Community College announced a network outage. On Tuesday, they announced that it was a ransomware attack: Pellissippi State Community College has determined that the network systems outage appears to be the result of a ransomware attack. At this time, the breadth of the incident is under investigation. The College has currently contained the matter and is working to…
Cloud Service Provider Compromises Use CeeLoader Malware
Lindsey O’Donnell-Welch reports: A series of campaigns, with links to the threat actor behind the SolarWinds supply-chain intrusion, have been targeting cloud service providers with a new malware loader variant called CeeLoader. Researchers with Mandiant in a Monday analysis said they identified two distinct clusters of activity, UNC3004 and UNC2652, which they associate with UNC2452 (also known…
Maryland health department says there’s no evidence of data lost after cyberattack; website is back online
Christine Condon and Hallie Miller report: The Maryland Department of Health said Monday that there was “no evidence” any of its data had been compromised after a cyberattack forced the agency to take its website offline over the weekend. “There is no evidence at this time that any data have been compromised,” department spokesman Andy…