Robert Lemos reports: Companies in every industry continue to leave backup and storage platforms unsecured, with more than a dozen issues, including insecure network settings and unaddressed CVEs, affecting the average device. That leaves these repositories — often the first line of protection in the event of a ransomware attack — as sitting ducks for cybercriminals….
Oak Ridge malware attack: Police investigating as city offices remain closed
Donna Smith reports: As city of Oak Ridge employees continued to work offline because of a malware attack on the city’s computer network, officials announced Wednesday afternoon they are working with law enforcement to investigate the attack. When asked if foul play was suspected, city senior communications specialist Lauren Gray said an investigation is considered standard practice…
Cyberattack disrupts Spanish medicine distribution
Conor Faulkner reports: A cyberattack on a leading pharmaceutical supply company has disrupted the distribution of medicines to Spanish pharmacies. The attack, which started last Friday and is still ongoing, has affected wholesale supplier Alliance Healthcare’s servers and delayed and even prevented the normal delivery of some medicines to pharmacies in Spain, according to Spanish daily El…
More victims possibly identified in GoAnywhere vulnerability incident
Zack Whittaker and Carly Page report: The number of victims affected by a mass-ransomware attack, caused by a bug in a popular data transfer tool used by businesses around the world, continues to grow as another organization tells TechCrunch that it was also hacked. Canadian financing giant Investissement Québec confirmed to TechCrunch that “some employee personal…
Cannabis regulators putting out ‘a series of fires’ involving a Russian oligarch and data breach
Tori Bedford reports: Thousands of employees in the Massachusetts cannabis industry received an official email last week about a major data breach: the name, home and email address, phone number and date of birth of every cannabis worker in the state had been made public in an “inadvertent release of agency documents” by the state’s…
Stung by Free Decryptor, Ransomware Group Embraces Extortion
Mathew J. Schwartz reports: Not all ransomware groups wield crypto-locking malware. In their continuing quest for extortionate profits, some have moved away from encryption and pressure victims purely by threatening to leak stolen data unless they receive a ransom payment. This seems to have been the case for BianLian, a prolific ransomware group that emerged…