Kevin Beaumont (@Gossithedog) writes: Kaseya VSA is a commonly used solution by MSPs — Managed Service Providers — in the United States and United Kingdom, which helps them manage their client systems. Kaseya’s website claims they have over 40,000 customers. Four hours ago, an apparent auto update in the product has delivered REvil ransomware. By…
Category: Of Note
CISA’s CSET Tool Sets Sights on Ransomware Threat
CISA has released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA). CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET—applicable to both information technology (IT) and industrial control system (ICS) networks—enables users to perform…
Coordinated Action Cuts Off Access To VPN Service Used By Ransomware Groups
This week, law enforcement and judicial authorities in Europe, the US and Canada have seized the web domains and server infrastructure of DoubleVPN. This is a virtual private network (VPN) service which provided a safe haven for cybercriminals to attack their victims. This coordinated takedown, led by the Dutch National Police (Politie), under jurisdiction of the…
Hackers use zero-day to mass-wipe My Book Live devices
Lawrence Abrams reports that preliminary reports attributing a mass-wipe to a CVE from 2018 were not quite the whole story. Western Digital had originally told BleepingComputer that the attacks were being conducted through a 2018 vulnerability tracked as CVE-2018-18472, which was not fixed as the device has been out of support since 2015. It turns out that…
University Medical Center of Southern Nevada attacked by REvil threat actors
See update at bottom of this post for statement from UMCSN. They do confirm that there was a breach. The University Medical Center of Southern Nevada, who proudly proclaims itself the official healthcare provider for the Vegas Golden Knights, has allegedly been the victim of a cyberattack by REvil (Sodinokibi) threat actors. The well-known ransomware…
Ca: Mounties suspected person leaking secrets had high-level computer access, search warrants show
Scott Anderson and Andrew Culbert report: The RCMP suspected someone senior in its ranks was offering to spill secrets, but still didn’t know the identity of the alleged leaker for several months after they first learned highly confidential information about investigations had been compromised. The revelation is contained in court documents unsealed late last week…