SecureWorld News

NOVEMBER 14, 2024

Compared to 2023, healthcare providers are facing a higher frequency of ransomware incidents, impacting their ability to deliver essential services and protect sensitive patient data. As of the first three quarters of 2024, there were already 264 ransomware incidents affecting healthcare providers—nearly matching all of 2023's figures.

Healthcare 115

Healthcare Ransomware Identity Theft Data breaches 115

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Mitigation: do not store files containing sensitive data, such as passwords or backups, in web application publish directories.

Passwords 140

Passwords Authentication Architecture Risk 140

NetSpi Executives

DECEMBER 21, 2023

NetSPI has updated Attack Surface Management (ASM) coverage for CVE-2023-42793 and released a Breach and Attack Simulation (BAS) Playbook that allows you to quickly test if you have detection coverage for the TTPS used in a recent campaign by Russian Foreign Intelligence Service Actors also known as APT 29. Let’s talk.

Backups 114

Backups Authentication Internet Internet 114

Security Affairs

JANUARY 11, 2023

Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day. One of the flaws addressed this month, tracked as CVE-2023-21674 (CVSS score 8.8), is listed as being in the wild at the time of release. Another issue fixed by Microsoft is the CVE-2023-21549 (CVSS Score 8.8)

Internet 98

Internet Internet Backups Hacking 98

Krebs on Security

SEPTEMBER 30, 2023

According to a September 20, 2023 joint advisory from the FBI and the U.S. “Experience in backup, increase privileges, mikicatz, network. Semen-7907 registered at Tunngle from the Internet address 31.192.175[.]63 “The command requires Windows system administrators,” Truniger’s ads explained.

Ransomware 273

Ransomware Accountability Cybercrime Backups 273

Malwarebytes

FEBRUARY 14, 2024

In 2023, the CL0P ransomware gang broke the scalability barrier and shook the security world with a series of short, automated campaigns, hitting hundreds of unsuspecting targets simultaneously with attacks based on zero-day exploits. There were about 4,500 known ransomware attacks in 2023, although the true figure is probably twice that.

Ransomware 91

Ransomware Cybercrime Backups Malware 91

Fox IT

FEBRUARY 22, 2023

During a recent incident response case, we found traces of an adversary leveraging ConnectWise R1Soft Server Backup Manager software (hereinafter: R1Soft server software). The adversary used it as an initial point of access and as a platform to control downstream systems connected via the R1Soft Backup Agent.

Backups 69

Backups Software Authentication Internet 69

Malwarebytes

JUNE 9, 2023

Known ransomware attacks by gang, May 2023 This isn't the first time this year a gang has overhauled LockBit and climbed to the top spot on our monthly charts. Let's jump right in with MalasLocker, who burst onto the scene last month with 171 total victims—beating out LockBit (76) by almost 100 known attacks. A new norm?

Ransomware 95

Ransomware Education Encryption Software 95

Malwarebytes

AUGUST 10, 2023

July saw one of the highest number of ransomware attacks in 2023 at 441, second only to a record-breaking 556 attacks in May. Known ransomware attacks by gang, July 2023 The LockBit gang is experiencing a steady four-month decline in the number of attacks it has carried out. From March 2023 to July 2023, we recorded a total of 2,130.

Ransomware 80

Ransomware Backups Encryption Software 80

Malwarebytes

MAY 8, 2023

Known ransomware attacks by gang, April 2023 Known ransomware attacks by country, April 2023 Known ransomware attacks by industry sector, April 2023 Cl0p ransomware, which gained prominence in March by exploiting a zero-day vulnerability in GoAnywhere MFT, went comparatively silent with just four attacks in April.

Ransomware 78

Ransomware Backups Encryption Education 78

Malwarebytes

DECEMBER 6, 2023

It can often be found on internet-facing servers. The exploited vulnerability is listed as CVE-2023-26360 , which affects Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier). A patch for this vulnerability has been available since March 14, 2023. Create offsite, offline backups.

Government 110

Government Backups Internet Internet 110

Security Affairs

MARCH 13, 2025

Notably, they target CVE-2024-1709 (ScreenConnect authentication bypass) and CVE-2023-48788 (Fortinet EMS SQL injection) to infiltrate systems. The researchers report that the ransomware rely on Ligolo for reverse tunneling and Cloudflared to expose systems securely without direct internet exposure.

Ransomware 68

Ransomware Encryption Cryptocurrency Insurance 68

Security Affairs

SEPTEMBER 18, 2023

The exposed data exposed a disk backup of two employees’ workstations containing secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. “The researchers shared their files using an Azure feature called SAS tokens, which allows you to share data from Azure Storage accounts.” 5, 2021 Oct. 6, 2051 Jun.

Accountability 139

Accountability Backups Risk Passwords 139

Malwarebytes

APRIL 13, 2023

Between April 2022 and March 2023, France was one of the most attacked countries by ransomware gangs. France is a prime target In the 12 months from April 2022 to March 2023, France was a globally significant target for ransomware, and the fifth most attacked country by known attacks.

Ransomware 86

Ransomware Government Accountability Mobile 86

Malwarebytes

NOVEMBER 24, 2023

Known ransomware attacks by ransomware group, October 2023 Mandiant states it is currently tracking four distinct uncategorized groups involved in exploiting this vulnerability. The CVE for the vulnerability known as Citrix Bleed is CVE-2023-4966 ( CVSS score 9.4 Create offsite, offline backups. out of 10). NetScaler ADC 13.1-FIPS

Government 127

Government Ransomware Backups Software 127

Malwarebytes

APRIL 13, 2023

In a surprising turn of events for the ransomware landscape, Cl0p has emerged as the most used ransomware in March 2023, dethroning the usual frontrunner, LockBit. Known ransomware attacks by Cl0p, March 2023 Cl0p's ability to exploit a zero-day to such effect is akin only in recent memory to the Kaseya VSA ransomware incident in July 2022.

Ransomware 77

Ransomware Encryption Backups Software 77

Malwarebytes

JUNE 5, 2023

Between June 2022 and May 2023, there were 190 known ransomware attacks against educational institutions, and many more that went unreported and unrecorded. Top ten ransomware used in attacks against education, June 2022-May 2023 In total, 26 separate ransomware-as-a-service gangs contributed to the onslaught on education.

Education 87

Education Ransomware Backups Accountability 87

Malwarebytes

FEBRUARY 5, 2024

On Monday, August 14, 2023, Clorox disclosed it had identified unauthorized activity on some of its IT systems. Despite a business continuity plan, the incident resulted in wide-scale disruptions to the company’s operations throughout the quarter, which ended September 30, 2023. Create offsite, offline backups.

Backups 125

Backups Ransomware CISO Malware 125

Malwarebytes

DECEMBER 29, 2023

As the holidays put people closer to family and friends (and ransomware gangs closer to attacking— seriously, watch out for that ), Malwarebytes Labs is sharing some of the brighter moments of 2023 in which ransomware gangs didn’t get what they wanted. Here are four times ransomware gangs failed in 2023. Prevent intrusions.

Ransomware 98

Ransomware Malware Backups Encryption 98

Malwarebytes

APRIL 12, 2023

Between April 2022 and March 2023, the UK was a prime target for ransomware gangs. In January 2023, Britain's multinational postal service, Royal Mail, was attacked by LockBit , arguably the world's most dangerous ransomware, which demanded the biggest ransom we have ever seen anywhere, in any country: $80 million.

Ransomware 85

Ransomware Education Accountability Backups 85

Malwarebytes

NOVEMBER 3, 2023

This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by November 11, 2023 in order to protect their devices against active threats. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs. Prevent intrusions.

Ransomware 115

Ransomware Backups Encryption Internet 115

SecureList

MAY 8, 2024

Ransomware landscape: rise in targeted groups and attacks Kaspersky collected data on targeted ransomware groups and their attacks from multiple relevant public sources, for the years 2022 and 2023, filtered and validated it. In the graph below, you can see the ransomware families that were most active in 2023.

Ransomware 130

Ransomware Encryption Small Business Cybersecurity 130

Malwarebytes

APRIL 17, 2023

Between April 2022 and March 2023, Germany was a globally significant target for ransomware gangs. The attackers leaked files including backup archives, financial documents, research papers, and student spreadsheets. In this report, "known attacks" are attacks where the victim opted not to pay a ransom.

Ransomware 76

Ransomware Backups Encryption Accountability 76

Malwarebytes

SEPTEMBER 19, 2023

In March of 2023, we reported how the German Regional Police and the Ukrainian National Police, with support from Europol, the Dutch Police, and the United States Federal Bureau of Investigations (FBI), apprehended two suspects and seized computer equipment. Create offsite, offline backups. Don’t get attacked twice.

Ransomware 133

Ransomware Backups Cryptocurrency Cybercrime 133

Malwarebytes

OCTOBER 20, 2023

On October 19, 2023, the group’s leak site was seized by an international group of law enforcement agencies. It also used the double extortion method of encryption and data theft pretty much from the start The questionable honor of being the last victim posted on the leak site was IP international presence on October 6, 2023.

Ransomware 128

Ransomware Backups Encryption Software 128

eSecurity Planet

SEPTEMBER 22, 2023

Recognizing the evolution in both cybersecurity and customer needs, Barracuda began to develop new capabilities as well as acquire complementary companies to deliver technology solutions for application security, cloud backups, firewalls, and more. Subscribe The post Barracuda SecureEdge SASE Review 2023 appeared first on eSecurity Planet.

Firewall 98

Firewall Marketing Firmware Technology 98

Malwarebytes

SEPTEMBER 25, 2023

RansomedVC is a new ransomware group, first tracked by Malwarebytes in August 2023 after it published the details of nine victims on its dark web site. Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. We've heard this a million times before, and it's always just a cash grab.

Ransomware 145

Ransomware Computers and Electronics Backups Telecommunications 145

Malwarebytes

AUGUST 18, 2023

This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by September 6, 2023 to protect their networks against this active threat. The vulnerability at hand is listed as CVE-2023-24489 and has a CVSS score of 9.1 Create offsite, offline backups. Prevent intrusions.

Software 97

Software Backups Ransomware Internet 97

Malwarebytes

DECEMBER 5, 2023

The ransomware group claim to have had access since September 8, 2023. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs. Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Prevent intrusions.

Ransomware 123

Ransomware Backups Software Accountability 123

Security Affairs

JUNE 17, 2023

Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9 Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9

Data breaches 98

Data breaches DDOS Backups Firewall 98

Malwarebytes

OCTOBER 1, 2023

The trends the FBI says it's noticed since July 2023 are: Multiple ransomware attacks on the same victim in close date proximity. A complaint can be filed to the Internet Crime Complaint Center (IC3) here. Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Prevent intrusions.

Ransomware 121

Ransomware Backups Malware Encryption 121

Malwarebytes

OCTOBER 11, 2023

It was attacked on September 22, 2023. According to a recent post on its Facebook account, all of the corporation's public-facing applications have been back online since October 6, 2023, including "the website, Member Portal, eClaims for electronic submission of hospital claims, and EPRS for employer remittances." Detect intrusions.

Antivirus 120

Antivirus Insurance Ransomware Healthcare 120

Security Affairs

JUNE 22, 2024

appeared in the threat landscape in May 2023. The ransomware exploits cloud storage backups and misconfigured Amazon S3 instances to extort victims. Symantec experts who analyzed the recently emerged ransomware operation speculate that it is a rebranded version of Knight ransomware. Knight, also known as Cyclops 2.0,

Ransomware 139

Ransomware Encryption Backups Malware 139

Malwarebytes

OCTOBER 17, 2023

The CRI wants to enhance international cooperation to combat the growth of ransomware, and its 47 members will convene in Washington for its annual summit on October 31, 2023. One might think that now that most organizations have their backup strategies sorted out, it shouldn’t be too hard to convince victims not to pay the ransom.

Government 108

Government Backups Ransomware Malware 108

Malwarebytes

FEBRUARY 28, 2024

Even after a disruption in December 2023 they returned and maintained a high level of activity. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs. Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers.

Healthcare 123

Healthcare Ransomware Backups Technology 123

Malwarebytes

AUGUST 22, 2023

After receiving a report about the vulnerability in June, a new version of the software was published on August 2, 2023. The CVE patched in this update is CVE-2023-40477 (with a CVSS score of 7.8 Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.

Malware 98

Malware Backups Software Ransomware 98

Malwarebytes

NOVEMBER 9, 2023

Once SysAid were notified by Microsoft on November 2, 2023, they started an investigation which confirmed that it was indeed a zero-day vulnerability. The CVE assigned to this vulnerability is: CVE-2023-47246 : a path traversal vulnerability that affects all SysAid On-Premises installations running versions before 23.3.36.

Ransomware 109

Ransomware Backups Software Malware 109