🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

A thousand time this!!!!

Trend observation of the day: BlackCat/ALPHV affiliates do arguably have a targeting preference of going after the legal sector, which makes sense due to the amount of sensitive (and inappropriately secured) data that law firms have access too - keep track, if you're not already

Super important update on the #MOVEit Transfer saga -- Progress has released a NEW patch for further attack vectors that we uncovered during our analysis. To note, another CVE will be released and everyone who uses MOVEit is urged to install a new patch. progress.com/security/movei…

Really baffled by the companies who define ransomware as “…malicious activity within a network followed by a demand for financial ransom…” (without a requirement for actual encryption or encrypting malware). Steal, leak and extort is not “ransomware” to me.

CISA says hackers are exploiting a new file transfer bug in #Citrix #ShareFile <- Via Carly Page techcrunch.com/2023/08/17/cis…

🔎 A Notable Case Study: Ransomware attack against CloudNordic in Denmark 🇩🇰 Here's the kicker ➡ They encrypted the storage, primary backup, and even a secondary backup 🔥 They refused to pay the ransom (👏) but that has meant most customer websites and emails have been lost.

We'll just add the service account to Domain Admins

If you are using Cisco AnyConnect VPN please enforce MFA the #Akira / #Powerranges ransomware lot are heavily targeting them at the moment for initial access.

Microsoft has discovered exploitation of a 0-day vulnerability in the SysAid IT support software in limited attacks by Lace Tempest, a threat actor that distributes Clop ransomware. Microsoft notified SysAid about the issue (CVE-2023-47246), which they immediately patched.

⚠️The latest ICS attack by Sandworm 🪱🇷🇺 - After April 2022, failed Industroyer2 attack - Oct 2022, Ukraine 🇺🇦 electrical org was targeted - OT network MicroSCADA on hypervisor tripped circuit breakers - IT network Win systems hit by CaddyWiper via GPO mandiant.com/resources/blog…

Production at the maker of Chrysler, Dodge, Jeep and Ram models is being affected after a cyberattack on an automotive supplier disrupted its operations, the automaker said Monday. #Ransomware? detroitnews.com/story/business…

It wasn’t a cyber insurance policy

Every company who says they “identified a cybersecurity incident” when they really mean “we identified ransomware encrypted our files when stuff stopped working” makes me (irrationally?) angry. You didn’t identify anything until the threat actor wanted you to.

Very interesting - NCA says that whilst searching through seized servers of LockBit they found data belonging to some victims who had already paid the gang's ransom. So - more evidence that paying these criminals does not mean that your data is deleted as they promise.

Since people continue to fall for the ALPHV/BlackCat cover up: ALPHV/BlackCat did not get seized. They are exit scamming their affiliates. It is blatantly obvious when you check the source code of the new takedown notice. You will see code like this.

An American Hospital Association survey reported on March 15 that almost 60% of respondents say the revenue impact is $1 million per day or higher, and 44% said the adverse effects on revenue will continue for two to four more months. #ransomware scmagazine.com/news/change-he…

You can view our disclosure at unsaflok.com. Many of us worked on this including Lennert, rqu, BusesCanFly and -1 others, Sam Curry, sshell, and Will C. We believe these locks have been vulnerable for over 36 years, way older than most of us!

Ru Campbell - Don't use them. 99.9% tasks performed w/ these roles don't require them & can be delegated w/ least privilege. - If you must, only use from a Privileged Access Workstation (+ MFA, long unique PWs, cert-based auth) - Never leave priv account creds/tokens where they can be stolen

I muted someone. Yet when they repost someone else’s post I see the original and that they reposted it. That seems odd.

Sondeos Global, an SMS gateway provider, compromised. Delivers OTP codes over SMS for million of people... I can't say this enough: it's time to deprecate SMS for 2FA!