CISA has released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA). CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET—applicable to both information technology (IT) and industrial control system (ICS) networks—enables users to perform…
Category: Of Note
Coordinated Action Cuts Off Access To VPN Service Used By Ransomware Groups
This week, law enforcement and judicial authorities in Europe, the US and Canada have seized the web domains and server infrastructure of DoubleVPN. This is a virtual private network (VPN) service which provided a safe haven for cybercriminals to attack their victims. This coordinated takedown, led by the Dutch National Police (Politie), under jurisdiction of the…
Hackers use zero-day to mass-wipe My Book Live devices
Lawrence Abrams reports that preliminary reports attributing a mass-wipe to a CVE from 2018 were not quite the whole story. Western Digital had originally told BleepingComputer that the attacks were being conducted through a 2018 vulnerability tracked as CVE-2018-18472, which was not fixed as the device has been out of support since 2015. It turns out that…
University Medical Center of Southern Nevada attacked by REvil threat actors
See update at bottom of this post for statement from UMCSN. They do confirm that there was a breach. The University Medical Center of Southern Nevada, who proudly proclaims itself the official healthcare provider for the Vegas Golden Knights, has allegedly been the victim of a cyberattack by REvil (Sodinokibi) threat actors. The well-known ransomware…
Ca: Mounties suspected person leaking secrets had high-level computer access, search warrants show
Scott Anderson and Andrew Culbert report: The RCMP suspected someone senior in its ranks was offering to spill secrets, but still didn’t know the identity of the alleged leaker for several months after they first learned highly confidential information about investigations had been compromised. The revelation is contained in court documents unsealed late last week…
Microsoft says SolarWinds hacking group has breached three new victims
Catalin Cimpanu reports: Microsoft said on Friday that it discovered new cyberattacks carried out by Nobelium, the codename the company has assigned to the Russian state-sponsored hacking group responsible for the SolarWinds hack last year. In a recent campaign, Microsoft said the group used password spraying and brute-force attacks in an attempt to guess passwords and gain access to…