The CE giant released its investigative findings regarding a March cyberattack that resulted in data exfiltration affecting its Japanese operations.
New Ransomware Group Exploiting Veeam Backup Software Vulnerability
A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware.
Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities.
Initial access to the target
Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities.
Initial access to the target
Euro Vishing Fraudsters Add Physical Intimidation to Arsenal
The persistent threat of social engineering tactics sees cybercriminals blending technology with human manipulation to exploit individuals.
Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks
Identity theft isn’t just about stolen credit cards anymore. Today, cybercriminals are using advanced tactics to infiltrate organizations and cause major damage with compromised credentials.
The stakes are high: ransomware attacks, lateral movement, and devastating data breaches.
Don’t be caught off guard. Join us for a groundbreaking webinar that will change the way you approach cybersecurity.
The stakes are high: ransomware attacks, lateral movement, and devastating data breaches.
Don’t be caught off guard. Join us for a groundbreaking webinar that will change the way you approach cybersecurity.
How MFA Failures are Fueling a 500% Surge in Ransomware Losses
The cybersecurity threat landscape has witnessed a dramatic and alarming rise in the average ransomware payment, an increase exceeding 500%. Sophos, a global leader in cybersecurity, revealed in its annual “State of Ransomware 2024” report that the average ransom payment has increased 500% in the last year with organizations that paid a ransom reporting an average payment of $2 million, up from
Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads
The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners.
The development marks the threat’s transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation.
“With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates
The development marks the threat’s transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation.
“With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates
Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware
Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023.
While one cluster of activity has been associated with the ChamelGang (aka CamoFei), the second cluster overlaps with activity previously attributed to Chinese and North Korean
While one cluster of activity has been associated with the ChamelGang (aka CamoFei), the second cluster overlaps with activity previously attributed to Chinese and North Korean
‘ChamelGang’ APT Disguises Espionage Activities With Ransomware
The China-nexus cyberthreat actor has been operating since at least 2019 and has notched victims in multiple countries.
Former deputy national cyber director DeRusha lands at Google Cloud
The post Former deputy national cyber director DeRusha lands at Google Cloud appeared first on CyberScoop.
New MOVEit Auth Bypass Vulnerability Under Attack Now, Patch Immediately
Progress Software’s popular MOVEit Transfer and MOVEit Cloud-managed, file transfer solutions, have been found to contain a critical authentication bypass vulnerability (CVE-2024-5806).
The vulnerability, which exists in the products’ SFTP module, can allow attackers to bypass authentication and gain unauthorized access to sensitive data.
Researchers at watchTowr first disclosed the vulnerability and published a detailed technical analysis.
They found that an attacker could trick the system into granting access without proper credentials by manipulating certain parameters during the SSH authentication process.
Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan
Exploit code for the vulnerability was released publicly mere hours after Progress Software issued a security bulletin acknowledging the flaw. This has led to a surge in attack attempts against vulnerable MOVEit installations.
Last year, MOVEit Transfer was the target of a massive cyber attack campaign by the Cl0p ransomware group, which exploited a zero-day SQL injection vulnerability to breach dozens of organizations and steal sensitive data.
Given MOVEit’s popularity for transferring critical business information, security experts fear this new vulnerability could lead to similar wide-scale attacks.
Progress Software has released patches for MOVEit Transfer versions 2024.0.2, 2023.1.6, and 2023.0.11, as well as MOVEit Gateway versions 2024.0.1 and later.
The company “strongly recommends all MOVEit Transfer and MOVEit Cloud customers apply these patches immediately.”
Researchers at Rapid7 have confirmed they could reproduce the exploit and achieve an authentication bypass against vulnerable, unpatched versions of both MOVEit Transfer and MOVEit Gateway. They advise organizations to treat this vulnerability with high priority.
Security professionals are urging all organizations using MOVEit Transfer or MOVEit Cloud to patch their systems without delay.
Applying vendor-provided security updates is critical to close off this attack vector before threat actors can exploit it to gain a foothold. Delaying patching could expose sensitive data to unauthorized access and theft.
As more details of this vulnerability come to light, it’s clear that speed is of the essence when applying mitigations. Organizations should refer to Progress Software’s security bulletin for the latest patching instructions and guidance to protect their MOVEit deployments from this critical flaw.
Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
The post New MOVEit Auth Bypass Vulnerability Under Attack Now, Patch Immediately appeared first on Cyber Security News.