Ionut Ilascu reports: Researchers at SetinelOne have detailed the activity observed from logs on a Cobalt Strike server that TrickBot used to profile networks and systems. Once the actor took interest in a compromised network, they used modules from Cobalt Strike threat emulation software for red teams and penetration testers. One component is the DACheck script to check…
Phishing attacks impersonate QuickBooks invoices ahead of July 15 tax deadline
Heads up! Lance Whitney describes the type of campaign CEOs and employees need to remain vigilant about: The campaign analyzed was aimed at a cutting-edge technology company, a tempting target for cybercriminals looking for maximum profits. In the first wave, the cybercriminals spoofed QuickBooks, a product commonly being used in advance of the July 15…
Nefilim Ransomware Gang Tied to Citrix Gateway Hacks
Mathew Schwartz reports: A crime gang seeking “ransomware attack opportunities” is targeting organizations that use unpatched or poorly secured Citrix remote-access technology, then stealing data, unleashing crypto-locking malware and using the threat of exfiltrated data being publicly dumped to try to force payment, New Zealand’s national computer emergency response team warns. In an alert issued…
80,000 printers are exposing their IPP port online
Catalin Cimpanu reports that some lessons that could have been learned years ago — and should have been — are still unlearned by too many. In a report published earlier this month, security researchers from the Shadowserver Foundation, a non-profit organization focused on improving cyber-security practices across the world, have published a warning about companies…
Florida Orthopedic Institute hit by ransomware
Florida Orthopedic Institute has notified the California Attorney General’s Office of a ransomware attack on April 6. Their notification does not indicate what type of ransomware was involved, or whether they paid any ransom. They are offering their patients identity monitoring services with Kroll, but note that they have no evidence that any patient data…
Irish firms pay most for cyber-attacks, European study finds
The Independent reports: Irish firms suffer the highest median cost in Europe from cyber-attacks, at almost €92,000, a major new survey claims. Cyber incidents and breaches cost sampled Irish companies €113m over a six month period, with one unnamed Irish company suffering total cyber losses of €17.8m. Read more on Independent.ie.