What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-11-27 18:34:00 | Plusieurs hôpitaux détournent les ambulances après une attaque de ransomware contre la société mère Multiple hospitals divert ambulances after ransomware attack on parent company (lien direct) |
Les hôpitaux de plusieurs États sont confrontés à des problèmes en raison d'une attaque de ransomware contre la société mère Ardent Health Services, qui a confirmé lundi après-midi qu'il répondait à un incident.Ardent, basé à Nashville, gère 37 établissements de santé aux États-Unis depuis Thanksgiving, plusieurs médias locaux ont rapporté que les hôpitaux de leur région sont
Hospitals in several states are facing issues due to a ransomware attack on parent company Ardent Health Services, which confirmed on Monday afternoon that it was responding to an incident. Ardent, based in Nashville, runs 37 healthcare facilities across the U.S. Since Thanksgiving, multiple local news outlets have reported that hospitals in their area are |
Ransomware Medical | ★★★ | |
 |
2023-11-27 17:00:00 | L'incident de la cybersécurité frappe la fidélité financière nationale Cybersecurity Incident Hits Fidelity National Financial (lien direct) |
Le groupe Ransomware AlphV / BlackCat a revendiqué la responsabilité de l'attaque
The Alphv/BlackCat ransomware group has claimed responsibility for the attack |
Ransomware | ★★ | |
 |
2023-11-27 15:06:14 | L'attaque des ransomwares contre le fabricant de jeux indépendants a essuyé tous les comptes des joueurs Ransomware attack on indie game maker wiped all player accounts (lien direct) |
Une attaque de ransomware contre le "éthyrial: les échos d'antan" MMORPG vendredi dernier a détruit 17 000 comptes de joueurs, supprimant leurs objets en jeu et progressant dans le jeu.[...]
A ransomware attack on the "Ethyrial: Echoes of Yore" MMORPG last Friday destroyed 17,000 player accounts, deleting their in-game items and progress in the game. [...] |
Ransomware | ★★ | |
|
2023-11-27 12:54:41 | L'hôpital ardent a perturbé dans 6 États après une attaque de ransomware Ardent hospital ERs disrupted in 6 states after ransomware attack (lien direct) |
Ardent Health Services, un fournisseur de soins de santé exploitant 30 hôpitaux dans cinq États américains, a révélé aujourd'hui que ses systèmes avaient été touchés par une attaque de ransomware jeudi.[...]
Ardent Health Services, a healthcare provider operating 30 hospitals across five U.S. states, disclosed today that its systems were hit by a ransomware attack on Thursday. [...] |
Ransomware | ★★ | |
|
2023-11-27 11:16:01 | Le plus grand fournisseur d'électricité de Slovénie \\ a été frappé par une attaque de ransomware Slovenia\\'s largest power provider HSE hit by ransomware attack (lien direct) |
La société d'électricité slovène tenant Slovenske Elektrarne (HSE) a subi une attaque de ransomware qui a compromisSes systèmes et ses fichiers cryptés, mais la société affirme que l'incident n'a pas perturbé la production d'énergie électrique.[...]
Slovenian power company Holding Slovenske Elektrarne (HSE) has suffered a ransomware attack that compromised its systems and encrypted files, yet the company says the incident did not disrupt electric power production. [...] |
Ransomware | ★★★ | |
 |
2023-11-27 09:26:51 | 8 sujets essentiels de cybersécurité à inclure dans votre programme de formation 8 Essential Cybersecurity Topics to Include in Your Training Program (lien direct) |
Your employees have a critical role to play as a first line of defense against cyberthreats. But to be effective, they need to know what those threats are-and stay apprised of how they\'re evolving. A comprehensive security awareness program is the key to helping your users grow their understanding of attackers\' methods and objectives so they can become more proactive defenders. That includes knowing what strategies malicious actors employ to manipulate people so they can use them to enable their campaigns. The importance of security awareness It\'s well worth taking the time to craft a meaningful and engaging security awareness program. By presenting the right mix of information to your users in a compelling way, you can empower them to help you improve your organization\'s security posture as well as create a more robust security culture overall. The cybersecurity topics that you include in your program should be relevant to your business and industry, of course. Companies face different cyberthreat challenges and regulatory compliance requirements related to data protection and data privacy. That said, there are several subjects that almost any modern business, regardless of its industry, will want to ensure its employees understand. We list eight of these cybersecurity topics below. They are the go-to approaches and tools that attackers around the world commonly use to compromise users and their accounts, disrupt normal business operations, steal money or data, and do other damage. Here\'s a high-level overview of these eight must-know cybersecurity topics: 1. Social engineering Social engineering is a collection of techniques malicious actors use to manipulate human psychology. Attackers rely on these strategies to trick or threaten users to take actions such as giving up account credentials, handing over sensitive data, running malicious code and transferring funds. They do this by taking advantage of users\': Emotions, by conveying a sense of urgency, generating excitement about an opportunity, or creating fear around losing money or doing something wrong Trust, by posing as someone familiar to the user or a trusted brand or authority-such as the Internal Revenue Service (IRS), UPS, Amazon or Microsoft Fatigue, by timing attacks when users are likely to be tired or distracted and more inclined to let their “emotional mind” guide their decision-making Common social engineering tactics include phishing-which we cover in the next section-and these others: Social media reconnaissance. Attackers often turn to social media to gather information about users that they target with their campaigns. These efforts can include direct outreach to users. Vishing (voice phishing) and smishing (SMS/text phishing). Vishing is the fraudulent practice of making phone calls or leaving voice messages purporting to be from a trusted brand or authority. With smishing, attackers use text messages to send SMS messages to users or robocall them. The messages often promise gifts or services in exchange for payment. Telephone-oriented attack delivery (TOAD). TOAD attacks start with an email that claims to be from a legitimate source and includes a phone number for customer assistance. Callers are connected to fake customer service representatives who then direct the victim through the attack. They may instruct the victim to let them access their machine remotely or download a file that turns out to be malware. Or they might direct them to a phishing site. Common sense can go a long way toward preventing a social engineering attack. Make sure to reiterate that if a message seems too good to be true, it\'s very likely a scam. And if something doesn\'t look or sound right, it probably isn\'t. 2. Phishing Phishing is an example of social engineering. Most phishing messages are sent by email. But some attackers deliver these messages through other methods, including smishing and vishing. Here are some typical strategies: Malicious links. When a user clicks on a | Ransomware Malware Tool Vulnerability Threat Mobile Cloud | Uber Uber | ★★ |
 |
2023-11-26 22:00:00 | Ardent Health Hospitals Disrupted After Ransomware Attack (lien direct) | Plus de deux douzaines d'hôpitaux ont été touchés par la violation et détournent les soins d'urgence pour les patients dans d'autres établissements de santé.
More than two dozen hospitals have been impacted by the breach and are diverting emergency care for patients to other healthcare facilities. |
Ransomware Medical | ★★★ | |
 |
2023-11-22 18:21:09 | #Stopransomware: Lockbit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Said Vulnerabilité #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability (lien direct) |
#### Description
CISA, FBI, MS-ISAC et Australian Signals Direction \'s Australian Cyber Security Center (ASD \'s ACSC) publient ce CSA pour diffuser les IOC, les TTP et les méthodes de détection associées à Lockbit 3.0 Ransomware exploitant CVE-2023 CVE-2010-4966, étiqueté Citrix Said, affectant Citrix NetScaler Web Delivery Control (ADC) et Netscaler Gateway Appliances.
Ce CSA fournit des TTP et des CIO obtenus auprès du FBI, de l'ACSC et partagés volontairement par Boeing.Boeing a observé les affiliés Lockbit 3.0 exploitant CVE-2023-4966, pour obtenir un accès initial à Boeing Distribution Inc., ses parties et ses activités de distribution qui maintient un environnement distinct.D'autres tiers de confiance ont observé une activité similaire sur leur organisation.
Historiquement, les affiliés de Lockbit 3.0 ont mené des attaques contre les organisations de tailles variables dans plusieurs secteurs d'infrastructures critiques, notamment l'éducation, l'énergie, les services financiers, l'alimentation et l'agriculture, les services gouvernementaux et d'urgence, les soins de santé, la fabrication et les transports.Les TTP observés pour les attaques de ransomwares de verrouillage peuvent varier considérablement dans les TTP observés.
Citrix Said, connu pour être exploité par les affiliés de Lockbit 3.0, permet aux acteurs de menace de contourner les exigences de mot de passe et d'authentification multifactorielle (MFA), conduisant à un détournement de session réussi des séances utilisateur légitimes sur les appareils de livraison d'application Web Citrix Netscaler (ADC) et les appareils de passerelle.Grâce à la prise de contrôle des séances d'utilisateurs légitimes, les acteurs malveillants acquièrent des autorisations élevées pour récolter les informations d'identification, se déplacer latéralement et accéder aux données et aux ressources.
#### URL de référence (s)
1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a
2. https://www.cisa.gov/news-events/analysis-reports/ar23-325a
#### Date de publication
21 novembre 2023
#### Auteurs)
Cisa
#### Description CISA, FBI, MS-ISAC, and Australian Signals Directorate\'s Australian Cyber Security Centre (ASD\'s ACSC) are releasing this CSA to disseminate IOCs, TTPs, and detection methods associated with LockBit 3.0 ransomware exploiting CVE-2023-4966, labeled Citrix Bleed, affecting Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances. This CSA provides TTPs and IOCs obtained from FBI, ACSC, and voluntarily shared by Boeing. Boeing observed LockBit 3.0 affiliates exploiting CVE-2023-4966, to obtain initial access to Boeing Distribution Inc., its parts and distribution business that maintains a separate environment. Other trusted third parties have observed similar activity impacting their organization. Historically, LockBit 3.0 affiliates have conducted attacks against organizations of varying sizes across multiple critical infrastructure sectors, including education, energy, financial services, food and agriculture, government and emergency services, healthcare, manufacturing, and transportation. Observed TTPs for LockBit ransomware attacks can vary significantly in observed TTPs. Citrix Bleed, known to be leveraged by LockBit 3.0 affiliates, allows threat actors to bypass password requirements and multifactor authentication (MFA), leading to successful session hijacking of legitimate user sessions on Citrix NetScaler web application delivery control (ADC) and Gateway appliances. Through the takeover of legitimate user sessions, malicious actors acquire elevated permissions to harvest credentials, move laterally, and access data and resources. #### Reference URL(s) 1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a 2. https://www.cisa.gov/news-events/analysis-reports/ar23-325a #### Publication Date November 21, 2023 #### Auth |
Ransomware Vulnerability Threat | ★★ | |
|
2023-11-22 16:44:00 | Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack (lien direct) | L'acteur derrière l'incident de MGM de haut niveau saute à travers les segmentations en moins d'une heure, dans une attaque de ransomware couvrant Okta, Citrix, Azure, SharePoint, etc.
The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more. |
Ransomware Cloud | ★★ | |
|
2023-11-22 16:44:00 | Spider Spider saute agilement du nuage à sur site dans une attaque complexe Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack (lien direct) |
L'acteur derrière l'incident de MGM de haut niveau saute à travers les segmentations en moins d'une heure, dans une attaque de ransomware couvrant Okta, Citrix, Azure, SharePoint, etc.
The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more. |
Ransomware Cloud | ★★ | |
 |
2023-11-22 16:41:22 | Sekoia: Dernier paysage cyber-menace du secteur financier Sekoia: Latest in the Financial Sector Cyber Threat Landscape (lien direct) |
Le phishing, les logiciels malveillants, les ransomwares, les attaques de chaîne d'approvisionnement, les violations de données et les attaques liées à la crypto figurent parmi les menaces les plus évolutives du secteur financier, explique Sekoia.
Phishing, infostealer malware, ransomware, supply chain attacks, data breaches and crypto-related attacks are among the top evolving threats in the financial sector, says Sekoia. |
Ransomware Malware Threat Studies | ★★★ | |
 |
2023-11-22 15:55:53 | Citrix Bleed : Boeing éclaire sur la faille qui lui a valu un ransomware (lien direct) | Attaqué par LockBit à travers la faille Citrix Bleed, Boeing a communiqué des IoC que relaient les ANSSI américaine et australienne. | Ransomware Vulnerability | ★★★ | |
|
2023-11-22 14:36:00 | L'Australie abandonne les plans pour interdire les paiements des ransomwares dans la nouvelle cyber-stratégie nationale Australia drops plans to ban ransomware payments in new national cyber strategy (lien direct) |
Le gouvernement de l'Australie a abandonné les plans visant à interdire aux entreprises de effectuer des paiements de ransomwares dans le cadre de sa refonte National Cybersecurity Strategy publié mercredi, choisissant plutôt d'introduire une obligation de rapport obligatoire.La stratégie - publiée près d'un an après l'idée de criminaliser les paiements était vantée par Clare o \\ 'neil , le ministre des Affaires intérieures et de la cybersécurité
Australia\'s government dropped plans to ban businesses from making ransomware payments as part of its revamped national cybersecurity strategy released on Wednesday, opting instead to introduce a mandatory reporting obligation. The strategy - published almost a year after the idea of criminalizing payments was touted by Clare O\'Neil, the minister for home affairs and cybersecurity |
Ransomware | ★★ | |
 |
2023-11-22 11:39:27 | Les responsables du Kansas blâment la perturbation de 5 semaines du système judiciaire sur \\ 'Cyberattack étranger sophistiqué \\' Kansas Officials Blame 5-Week Disruption of Court System on \\'Sophisticated Foreign Cyberattack\\' (lien direct) |
> Les cybercriminels ont piraté le système de la cour du Kansas, ont volé des données sensibles et ont menacé de la publier sur le Web sombre dans une attaque de ransomware qui a entravé l'accès aux enregistrements.
>Cybercriminals hacked into the Kansas court system, stole sensitive data and threatened to post it on the dark web in a ransomware attack that has hobbled access to records. |
Ransomware | ★★★ | |
 |
2023-11-22 10:19:00 | Ransomware de verrouillage exploitant la vulnérabilité critique de saignement Citrix à rompre LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In (lien direct) |
Les acteurs de la menace multiple, y compris les affiliés des ransomwares de lockbit, exploitent activement un défaut de sécurité critique récemment divulgué dans Citrix NetScaler Application Control (ADC) et les appareils Gateway pour obtenir un accès initial aux environnements cibles.
L'avis conjoint provient de l'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA), Federal Bureau of Investigation (FBI),
Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments. The joint advisory comes from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), |
Ransomware Vulnerability Threat | ★★ | |
|
2023-11-21 22:10:00 | Citrix Said Bug inflige des blessures de montage, avertit CISA Citrix Bleed Bug Inflicts Mounting Wounds, CISA Warns (lien direct) |
Patch ou isolat maintenant: les organisations de chaque secteur courent le risque d'hémorragie des données à mesure que les attaques opportunistes des ransomwares de verrouillage et d'autres se développent.
Patch or isolate now: Organizations in every sector run the risk of hemorrhaging data as opportunistic attacks from LockBit ransomware and others grow. |
Ransomware | ★★ | |
 |
2023-11-21 22:05:59 | Les groupes de ransomwares accumulent les victimes des entreprises américaines Ransomware groups rack up victims among corporate America (lien direct) |
> Une nouvelle génération de cybercriminels a violé une série de grandes entreprises, même celles qui ont fait des investissements importants dans la sécurité.
>A new generation of cybercriminals have breached a slew of major firms, even those that have made major investments in security. |
Ransomware | ★★ | |
 |
2023-11-21 21:25:14 | 73% des organisations touchées par des attaques de ransomwares à l'échelle mondiale en 2023, selon Statista 73% of Organizations Affected by Ransomware Attacks Globally in 2023, According to Statista (lien direct) |
Ransomware Studies | ★★★ | ||
|
2023-11-21 19:26:00 | Jouez au ransomware va commercial - maintenant offert en tant que service aux cybercriminels Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals (lien direct) |
La souche des ransomwares connue sous le nom de Play est désormais offerte à d'autres acteurs de menace "en tant que service", a révélé de nouvelles preuves découvertes par Adlumin.
"Le manque inhabituel de petites variations entre les attaques suggère qu'ils sont effectués par des affiliés qui ont acheté les ransomwares en tant que service (RAAS) et suivent les instructions étape par étape des livres de jeu avec lui", les "la
The ransomware strain known as Play is now being offered to other threat actors "as a service," new evidence unearthed by Adlumin has revealed. "The unusual lack of even small variations between attacks suggests that they are being carried out by affiliates who have purchased the ransomware-as-a-service (RaaS) and are following step-by-step instructions from playbooks delivered with it," the |
Ransomware Threat Commercial | ★★★ | |
 |
2023-11-21 13:15:00 | Résultats de l'étude comparative sur les attaques de ransomware Linux et Windows, explorant les tendances notables et la montée des attaques sur les systèmes Linux Comparative Study Results on Linux and Windows Ransomware Attacks, Exploring Notable Trends and Surge in Attacks on Linux Systems (lien direct) |
> Fait saillie: & # 160;Évolution du paysage: Check Point Research (RCR) dévoile une étude complète explorant la surtension des attaques de ransomwares contre les systèmes Linux, faisant des comparaisons avec leurs homologues Windows.Tendance de simplification: L'analyse de la RCR en RCR révèle une tendance notable vers la simplification parmi les familles de ransomwares ciblant les linux.Les fonctionnalités de base réduites aux processus de cryptage de base, rendant ces menaces insaisissables et difficiles à détecter les informations de chiffrement: un examen comparatif des techniques de chiffrement entre Windows et Linux expose une préférence pour les algorithmes Chacha20 / RSA et AES / RSA dans les ransomwares de Linux.& # 160;Dans une étude récente menée par Check Point Research (RCR), un examen approfondi des attaques de ransomwares contre Linux et Windows [& # 8230;]
>Highlights: Evolving Landscape: Check Point Research (CPR) unveils a comprehensive study exploring the surge in ransomware attacks on Linux systems, drawing comparisons to their Windows counterparts. Simplification Trend: CPR’s analysis reveals a notable trend towards simplification among Linux-targeting ransomware families. Core functionalities reduced to basic encryption processes, making these threats elusive and challenging to detect Encryption Insights: A comparative examination of encryption techniques between Windows and Linux exposes a preference for ChaCha20/RSA and AES/RSA algorithms in Linux ransomware. In a recent study conducted by Check Point Research (CPR), an in-depth examination of ransomware attacks on Linux and Windows […] |
Ransomware Studies Prediction Technical | ★★★★ | |
|
2023-11-21 13:12:07 | La plate-forme est importante: une étude comparative sur les attaques de ransomware Linux et Windows The Platform Matters: A Comparative Study on Linux and Windows Ransomware Attacks (lien direct) |
> Recherche de: Marc Salinas Fernandez Points clés Points Introduction Au cours des derniers mois, nous avons mené une étude de certaines des principales familles de ransomwares (12 au total) qui ont soit développé directement des ransomwares pour les systèmes Linux ou ont été développés en langues avec une solide croixComposant de plate-forme, comme Golang ou Rust, leur permettant ainsi d'être [& # 8230;]
>Research by: Marc Salinas Fernandez Key Points Introduction During the last few months, we conducted a study of some of the top ransomware families (12 in total) that either directly developed ransomware for Linux systems or were developed in languages with a strong cross-platform component, such as Golang or Rust, thereby allowing them to be […] |
Ransomware Studies | ★★★ | |
 |
2023-11-21 12:48:02 | Bibliothèque britannique: les données des employés ont fui dans la cyberattaque British Library: Employee data leaked in cyber attack (lien direct) |
Un groupe de cybercriminels a affirmé qu'ils étaient à l'origine de l'attaque des ransomwares et ont mis aux enchères les données.
A group of cyber criminals have claimed they are behind the ransomware attack and are auctioning off the data. |
Ransomware | ★★ | |
 |
2023-11-21 11:00:00 | 7 Questions incontournables pour les leaders sur la culture de la sécurité 7 must-ask questions for leaders on security culture (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. It\'s not uncommon in today\'s corporate world to see a creative marketer launching catchy security awareness campaigns, steering the entire company towards robust online safety practices. Elsewhere, job reviews increasingly assess how well employees are performing on the cybersecurity front. The shift in focus is clear. Organizations have come to understand that sophisticated tech tools aren\'t the ultimate solution. People are the weak spot. In fact, researchers from Stanford University revealed that roughly 88% of data breaches are caused by employee mistakes. Not to mention that we\'ve observed a surging trend of attacks that sidestep technology and instead, zero in on people. The strategy is proving effective. Prominent ransomware incidents, such as those affecting Colonial Pipeline, JBS Foods, and Kaseya, have dominated headlines. As our tech-driven defenses become more advanced, malicious actors are adapting, always looking for the easiest entry point. Seeking efficiency and reduced effort, these cyberattackers often find employees to be the most appealing targets. So, training everyone to have better awareness about cybersecurity isn\'t just a good idea; it\'s a must. Based on all this, we\'ve got some recommendations for what leaders need to know and smart questions they should keep in mind for their next big meeting. Five things leaders need to know about cybersecurity culture Understanding security culture The ambiguity surrounding the term "security culture" often stems from a foundational problem: its frequent usage without a clear definition. This lack of clarity paves the way for varied interpretations and assumptions. With this work, we aim to bring clarity to the concept. Security culture is described as the beliefs, traditions, and collective behaviors of a group that shape its security posture. Why does security culture matter? Sometimes, employees adopt poor security habits, either independently or due to a lack of proper guidance from the organization. Addressing these habits can be challenging. However, establishing a robust security culture can change their behaviors, enabling an organization to safeguard its reputation, brand, and financial well-being. What does a good security culture look like? Suppose an employee, Alex, receives an email from a bank filled with typos and featuring a suspicious link. At a workplace lacking a security culture, Alex thinks, "This is odd. I\'ll set it aside for now." However, in a company with a solid security culture, Alex’s immediate reaction is, "This could be dangerous. I need to inform IT." Such a prompt action gives the tech team an early warning, allowing them to act before more damage occurs. It isn\'t about turning every employee into a cybersecurity specialist; it\'s about ensuring each individual acts responsibly, embodying the qualities of a "security champion." Prioritizing values, attitudes, and beliefs over rules and policies Cyber threats often catch organizations off-guard because a significant portion of their workforce isn\'t adequately informed or prepared for these risks. Leaders hope for their teams to act responsibly, like locking an unattended computer or reporting suspicious emails. However, just organizing train | Ransomware Tool Prediction | ★★★ | |
|
2023-11-21 08:35:02 | Prévenir les attaques de fatigue du MFA: sauvegarder votre organisation Preventing MFA Fatigue Attacks: Safeguarding Your Organization (lien direct) |
Gaining access to critical systems and stealing sensitive data are top objectives for most cybercriminals. Social engineering and phishing are powerful tools to help them achieve both. That\'s why multifactor authentication (MFA) has become such an important security measure for businesses and users. Without MFA as part of the user authentication process, it is much less challenging for an attacker with stolen credentials to authenticate a user\'s account. The primary goal of MFA is to reduce the risk of unauthorized access, especially in situations where passwords alone may not provide enough protection. Even if an attacker steals a user\'s password, with MFA they still need the second factor (and maybe others) to gain access to an account. Examples of MFA factors include biometrics, like fingerprints, and signals from user devices, like GPS location. MFA isn\'t a perfect solution, though-it can be bypassed. Adversaries are relentless in their efforts to undermine any security defenses standing in the way of their success. (The evolution of phish kits for stealing MFA tokens is evidence of that.) But sometimes, attackers will choose to take an in-your-face approach that is not very creative or technical. MFA fatigue attacks fall into that category. What are MFA fatigue attacks-and how do they work? MFA fatigue attacks, also known as MFA bombing or MFA spamming, are a form of social engineering. They are designed to wear down a user\'s patience so that they will accept an MFA request out of frustration or annoyance-and thus enable an attacker to access their account or device. Many people encounter MFA requests daily, or even multiple times per day, as they sign-in to various apps, sites, systems and platforms. Receiving MFA requests via email, phone or other devices as part of that process is a routine occurrence. So, it is logical for a user to assume that if they receive a push notification from an account that they know requires MFA, it is a legitimate request. And if they are very busy at the time that they receive several push notifications in quick succession to authenticate an account, they may be even more inclined to accept a request without scrutinizing it. Here\'s an overview of how an MFA attack works: A malicious actor obtains the username and password of their target. They can achieve this in various ways, from password-cracking tactics like brute-force attacks to targeted phishing attacks to purchasing stolen credentials on the dark web. The attacker then starts to send MFA notifications to the user continuously, usually via automation, until that individual feels overwhelmed and approves the login attempt just to make the requests stop. (Usually, the push notifications from MFA solutions require the user to simply click a “yes” button to authenticate from the registered device or email account.) Once the attacker has unauthorized access to the account, they can steal sensitive data, install malware and do other mischief, including impersonating the user they have compromised-taking their actions as far as they can or want to go. 3 examples of successful MFA fatigue attacks To help your users understand the risk of these attacks, you may want to include some real-world examples in your security awareness program on this topic. Here are three notable incidents, which are all associated with the same threat actor: Uber. In September 2022, Uber reported that an attacker affiliated with the threat actor group Lapsus$ had compromised a contractor\'s account. The attacker may have purchased corporate account credentials on the dark web, Uber said in a security update. The contractor received several MFA notifications as the attacker tried to access the account-and eventually accepted one. After the attacker logged in to the account, they proceeded to access other accounts, achieving privilege escalation. One action the attacker took was to reconfigure Uber\'s OpenDNS to display a graphic image on some of the company\'s internal sites. Cisco. Cisco suffer | Ransomware Data Breach Malware Tool Threat Technical | Uber | ★★★ |
 |
2023-11-21 04:30:00 | Des documents internes divulgués alors que Rhysida revendique la responsabilité de l'attaque des ransomwares de la bibliothèque britannique Internal documents leaked as Rhysida claims responsibility for British Library ransomware attack (lien direct) |
Gaining access to critical systems and stealing sensitive data are top objectives for most cybercriminals. Social engineering and phishing are powerful tools to help them achieve both. That\'s why multifactor authentication (MFA) has become such an important security measure for businesses and users. Without MFA as part of the user authentication process, it is much less challenging for an attacker with stolen credentials to authenticate a user\'s account. The primary goal of MFA is to reduce the risk of unauthorized access, especially in situations where passwords alone may not provide enough protection. Even if an attacker steals a user\'s password, with MFA they still need the second factor (and maybe others) to gain access to an account. Examples of MFA factors include biometrics, like fingerprints, and signals from user devices, like GPS location. MFA isn\'t a perfect solution, though-it can be bypassed. Adversaries are relentless in their efforts to undermine any security defenses standing in the way of their success. (The evolution of phish kits for stealing MFA tokens is evidence of that.) But sometimes, attackers will choose to take an in-your-face approach that is not very creative or technical. MFA fatigue attacks fall into that category. What are MFA fatigue attacks-and how do they work? MFA fatigue attacks, also known as MFA bombing or MFA spamming, are a form of social engineering. They are designed to wear down a user\'s patience so that they will accept an MFA request out of frustration or annoyance-and thus enable an attacker to access their account or device. Many people encounter MFA requests daily, or even multiple times per day, as they sign-in to various apps, sites, systems and platforms. Receiving MFA requests via email, phone or other devices as part of that process is a routine occurrence. So, it is logical for a user to assume that if they receive a push notification from an account that they know requires MFA, it is a legitimate request. And if they are very busy at the time that they receive several push notifications in quick succession to authenticate an account, they may be even more inclined to accept a request without scrutinizing it. Here\'s an overview of how an MFA attack works: A malicious actor obtains the username and password of their target. They can achieve this in various ways, from password-cracking tactics like brute-force attacks to targeted phishing attacks to purchasing stolen credentials on the dark web. The attacker then starts to send MFA notifications to the user continuously, usually via automation, until that individual feels overwhelmed and approves the login attempt just to make the requests stop. (Usually, the push notifications from MFA solutions require the user to simply click a “yes” button to authenticate from the registered device or email account.) Once the attacker has unauthorized access to the account, they can steal sensitive data, install malware and do other mischief, including impersonating the user they have compromised-taking their actions as far as they can or want to go. 3 examples of successful MFA fatigue attacks To help your users understand the risk of these attacks, you may want to include some real-world examples in your security awareness program on this topic. Here are three notable incidents, which are all associated with the same threat actor: Uber. In September 2022, Uber reported that an attacker affiliated with the threat actor group Lapsus$ had compromised a contractor\'s account. The attacker may have purchased corporate account credentials on the dark web, Uber said in a security update. The contractor received several MFA notifications as the attacker tried to access the account-and eventually accepted one. After the attacker logged in to the account, they proceeded to access other accounts, achieving privilege escalation. One action the attacker took was to reconfigure Uber\'s OpenDNS to display a graphic image on some of the company\'s internal sites. Cisco. Cisco suffer | Ransomware | ★★★ | |
|
2023-11-20 21:00:00 | Informations personnelles des forces armées canadiennes, la GRC a volé en cyberattaque Personal info of Canadian Armed Forces, RCMP stolen in cyberattack (lien direct) |
Les données de certains employés du gouvernement canadien - y compris les membres actuels et anciens des forces armées canadiennes et du personnel de police monté royal canadien - ont été divulguées lors d'une cyberattaque sur les systèmes d'un entrepreneur gouvernemental utilisé pour les services de relocalisation.En octobre, le Gang de ransomware Lockbit a affirmé qu'il avait attaqué Sirva , une entreprise mondiale qui
The data of some Canadian government employees - including current and former members of the Canadian Armed Forces and Royal Canadian Mounted Police personnel - was leaked during a cyberattack on the systems of a government contractor used for relocation services. In October, the LockBit ransomware gang claimed it attacked SIRVA, a global company that |
Ransomware | ★★★ | |
|
2023-11-20 20:25:28 | Une plongée profonde dans le ransomware de Phobos, récemment déployé par le groupe 8Base A Deep Dive into Phobos Ransomware, Recently Deployed by 8Base Group (lien direct) |
#### Description
Cisco Talos a récemment observé une augmentation de l'activité menée par 8Base, un groupe de ransomwares qui utilise une variante des ransomwares Phobos et d'autres outils accessibles au public pour faciliter leurs opérations.
La plupart des variantes Phobos du groupe \\ sont distribuées par SmokeLoader, un cheval de Troie de porte dérobée.Ce chargeur de marchandises baisse ou télécharge généralement des charges utiles supplémentaires lors du déploiement.Dans les campagnes 8Base, cependant, il a le composant Ransomware intégré à ses charges utiles cryptées, qui est ensuite déchiffrée et chargée dans la mémoire du processus smokeloader \\ '.
####URL de référence (s)
1. https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/
2. https://blog.talosintelligence.com/Understanding-the-phobos-affiliate-structure/
#### Date de publication
17 novembre 2023
#### Auteurs)
Guilherme Veree
#### Description Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations. Most of the group\'s Phobos variants are distributed by SmokeLoader, a backdoor trojan. This commodity loader typically drops or downloads additional payloads when deployed. In 8Base campaigns, however, it has the ransomware component embedded in its encrypted payloads, which is then decrypted and loaded into the SmokeLoader process\' memory. #### Reference URL(s) 1. https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/ 2. https://blog.talosintelligence.com/understanding-the-phobos-affiliate-structure/ #### Publication Date November 17, 2023 #### Author(s) Guilherme Venere |
Ransomware Tool | ★★★ | |
|
2023-11-20 19:00:00 | La bibliothèque britannique dit que les pirates de ransomware ont volé des données dans les fichiers RH British Library says ransomware hackers stole data from HR files (lien direct) |
La bibliothèque britannique - l'une des plus grandes bibliothèques du monde et la Bibliothèque nationale du Royaume-Uni - a déclaré que le gang de ransomware derrière une récente attaque contre ses systèmes semblait divulguer des données volées à ses fichiers de ressources humaines.Pendant près d'un mois, la bibliothèque a été confrontée à un gamme de problèmes technologiques
The British Library - one of the largest libraries in the world and the national library of the United Kingdom - said the ransomware gang behind a recent attack on its systems appeared to leak data stolen from its human resources files. For nearly a month, the library has faced a range of technological issues |
Ransomware | ★★★ | |
 |
2023-11-20 18:11:31 | Alerte de menace: Ransomware INC THREAT ALERT: INC Ransomware (lien direct) |
|
Ransomware Threat | ★★★ | |
|
2023-11-20 15:42:54 | Vx-Underground Malware Collective encadré par Phobos Ransomware VX-Underground malware collective framed by Phobos ransomware (lien direct) |
Une nouvelle variante de ransomware Phobos encadre le populaire collectif de partage de logiciels malveillants VX-Underground, indiquant que le groupe est derrière les attaques à l'aide de l'encrypteur.[...]
A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. [...] |
Ransomware Malware Technical | ★★★★ | |
 |
2023-11-20 14:36:02 | Logistique intégrée brune frappée par le ransomware Lockbit 3.0 Brown Integrated Logistics hit by LockBit 3.0 Ransomware (lien direct) |
La Brown Integrated Logistics Company, connue pour les services de la logistique, le courtage, l'entreposage, l'entreposage, la maintenance de la flotte et le camionnage dédié ont été touchés [plus ...]
The Brown Integrated Logistics company, which is known for it’s services in third party logistics, brokerage, warehousing, fleet maintenance and dedicated trucking has been hit [more...] |
Ransomware | ★★ | |
|
2023-11-20 11:54:10 | Le moteur Yamaha confirme la violation des données après une attaque de ransomware Yamaha Motor Confirms Data Breach Following Ransomware Attack (lien direct) |
> Yamaha Motor révèle une attaque de ransomware impactant les informations personnelles de ses employés de la filiale des Philippines. .
>Yamaha Motor discloses ransomware attack impacting the personal information of its Philippines subsidiary\'s employees. |
Ransomware Data Breach | ★★★ | |
 |
2023-11-20 02:33:12 | Votre hygiène de mot de passe reste atroce, explique Nordpass Your password hygiene remains atrocious, says NordPass (lien direct) |
Aussi: FCC réduit les escroqueries d'échanges de sim, le vieux zérologon ciblé par de nouveaux ransomwares et les vulnérabilités critiques infosec en bref c'est cette période de l'annéeEncore une fois & # 8211;Nordpass a publié sa liste annuelle des mots de passe les plus courants.Et bien qu'il semble que certains d'entre vous aient pris à cœur que certains d'entre vous aient échangé de mauvais pour pire..html \\ '->
ALSO: FCC cracks down on SIM-swap scams, old ZeroLogon targeted by new ransomware, and critical vulnerabilities Infosec in brief It\'s that time of year again – NordPass has released its annual list of the most common passwords. And while it seems some of you took last year\'s chiding to heart, most of you arguably swapped bad for worse.… |
Ransomware | ★★★ | |
|
2023-11-19 20:15:33 | Lockbit 3.0 frappe le secteur de la réfrigération industrielle dans Ransomware Cyberattack LockBit 3.0 Hits Industrial Refrigeration Sector in Ransomware Cyberattack (lien direct) |
Que se passe-t-il lorsqu'une entreprise de réfrigération proéminente devient la dernière cible d'un groupe de ransomware notoire?Dans le monde en évolution rapide des menaces de cybersécurité, le [plus ...]
What happens when a prominent refrigeration company becomes the latest target of a notorious ransomware group? In the rapidly evolving world of cybersecurity threats, the [more...] |
Ransomware Industrial | ★★★ | |
|
2023-11-18 16:57:00 | 8Base Group déploiement de nouvelles variantes de ransomware Phobos via SmokeLoader 8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader (lien direct) |
Les acteurs de la menace derrière les ransomwares à 8 bases tirent parti d'une variante des ransomwares de Phobos pour mener leurs attaques motivées financièrement.
Les résultats proviennent de Cisco Talos, qui a enregistré une augmentation de l'activité réalisée par les cybercriminels.
"La plupart des variantes de phobos du groupe \\ sont distribuées par Smokeloader, un chevalet de porte dérobée", a déclaré le chercheur en sécurité Guilherme Venere
The threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated attacks. The findings come from Cisco Talos, which has recorded an increase in activity carried out by cybercriminals. “Most of the group\'s Phobos variants are distributed by SmokeLoader, a backdoor trojan," security researcher Guilherme Venere said in an |
Ransomware Threat | ★★ | |
 |
2023-11-18 14:00:00 | La startup qui a transformé l'industrie du piratage pour l'embauche The Startup That Transformed the Hack-for-Hire Industry (lien direct) |
Plus: l'inaction déroutante du FBI \\ sur un groupe de ransomwares, une violation massive des services publics d'électricité danois, et plus encore.
Plus: The FBI\'s baffling inaction on a ransomware group, a massive breach of Danish electric utilities, and more. |
Ransomware | ★★ | |
|
2023-11-18 13:10:41 | Grande société immobilière danoise EDC frappée par Black Basta Ransomware Large Danish Real Estate Company EDC hit by Black Basta Ransomware (lien direct) |
Le gang de ransomware agressif Black Basta a répertorié une autre entreprise sur leur site de fuite de données.Cette fois, c'est un immobilier danois [Plus ...]
The aggressive ransomware gang Black Basta has listed down yet another company on their data leakage site. This time, it is a Danish real estate [more...] |
Ransomware | ★★★ | |
|
2023-11-17 22:35:00 | Les pirates d'armement les règles de divulgation de la SEC contre les cibles de l'entreprise Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (lien direct) |
Ransomware Group BlackCat / AlphV Files SEC Plainte contre sa dernière victime, mettant une nouvelle touche audacieuse aux tactiques de cyber norme.
Ransomware group BlackCat/ALPHV files SEC complaint against its latest victim, putting an audacious new twist on cyber extortion tactics. |
Ransomware | ★★ | |
|
2023-11-17 21:49:00 | La bibliothèque britannique confirme que les attaques de ransomware ont provoqué des pannes British Library Confirms Ransomware Attack Caused Outages (lien direct) |
La bibliothèque a déclaré qu'elle s'attend à ce que bon nombre de ses services soient restaurés au cours des prochaines semaines.
The library said that it expects many of its services to be restored in the forthcoming weeks. |
Ransomware | ★★ | |
|
2023-11-17 21:45:00 | Plus de 330 000 bénéficiaires de Medicare affectés par la violation de Moveit More than 330,000 Medicare recipients affected by MOVEit breach (lien direct) |
Dans les dernières divulgations liées à l'exploitation par un gang rancées russe du service de transfert de fichiers Moveit, une agence du gouvernement fédéral a révélé que plus de 330 000 bénéficiaires de Medicare étaient affectés dans une fuite de données sensibles.Le Centre américain pour Medicare & AMP;Medicaid Services (CMS) offre une couverture sanitaire à plus de 160 millions de personnes
In the latest disclosures related to a Russian ransomware gang\'s exploitation of the popular MOVEit file transfer service, a federal government agency revealed that more than 330,000 Medicare recipients were affected in a leak of sensitive data. The U.S. Center for Medicare & Medicaid Services (CMS) provides health coverage to more than 160 million people |
Ransomware | ★★★ | |
|
2023-11-17 19:15:00 | Yamaha et Welllife Network confirment les cyber-incidents après que les gangs ransomwares réclament des attaques Yamaha and WellLife Network confirm cyber incidents after ransomware gang claims attacks (lien direct) |
Le fabricant japonais Yamaha Motor et l'organisation de santé WellLlife Network ont confirmé les cyberattaques après avoir été ajoutée au site de fuite d'un gang de ransomware cette semaine.Yamaha Motor a publié jeudi un avis confirmant qu'un serveur géré par sa filiale de fabrication et de vente de motos aux Philippines avait été frappé par une attaque de ransomware
Japanese manufacturer Yamaha Motor and the healthcare organization WellLife Network have confirmed cyberattacks after being added to the leak site of a ransomware gang this week. Yamaha Motor published a notice on Thursday confirming that a server managed by its motorcycle manufacturing and sales subsidiary in the Philippines had been hit with a ransomware attack |
Ransomware | ★★ | |
|
2023-11-17 18:26:29 | La semaine en ransomware - 17 novembre 2023 - Citrix dans la réticule The Week in Ransomware - November 17th 2023 - Citrix in the Crosshairs (lien direct) |
Les gangs de ransomware ciblent les dispositifs Citrix NetScaler exposés à l'aide d'un exploit accessible au public pour violer les grandes organisations, voler des données et crypter les fichiers.[...]
Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files. [...] |
Ransomware Threat | ★★★ | |
 |
2023-11-17 16:31:50 | Ransomware Gang Fichiers Sec Plainte Ransomware Gang Files SEC Complaint (lien direct) |
un gang de ransomware, ennuyé de ne pas être payé, a déposé une plainte à la SEC contre sa victime pour ne pas avoir divulgué sa violation de sécurité dans les quatre jours requis.
Ceci est exagéré, mais ce n'est qu'un autre exemple des gangs de ransomware extrêmes qui ont mis des entreprises après avoir saisi leurs données.Les gangs traversent maintenant les données, à la recherche de données particulièrement importantes ou embarrassantes pour menacer les cadres d'exposition.J'ai entendu des histoires de cadres & # 8217;Les familles sont menacées, de porno consensuel identifié (les gens mélangent régulièrement le travail et les e-mails personnels) et exposés, et des victimes & # 8217;Les clients et les partenaires sont directement contactés.Les rançon sont dans les millions, et les gangs font de leur mieux pour garantir que la pression de payer est intense ...
A ransomware gang, annoyed at not being paid, filed an SEC complaint against its victim for not disclosing its security breach within the required four days. This is over the top, but is just another example of the extreme pressure ransomware gangs put on companies after seizing their data. Gangs are now going through the data, looking for particularly important or embarrassing pieces of data to threaten executives with exposing. I have heard stories of executives’ families being threatened, of consensual porn being identified (people regularly mix work and personal email) and exposed, and of victims’ customers and partners being directly contacted. Ransoms are in the millions, and gangs do their best to ensure that the pressure to pay is intense... |
Ransomware | ★★ | |
|
2023-11-17 15:56:46 | KnowBe4 s'intègre au duo Cisco pour rationaliser Secure Sign Ins KnowBe4 Integrates With Cisco Duo To Streamline Secure Sign Ins (lien direct) |
Ransomware | ★★ | ||
|
2023-11-17 13:02:00 | Les agences de cybersécurité américaines mettent en garde contre l'écosystème de cybercriminalité Gen Z de Sported Spider \\ U.S. Cybersecurity Agencies Warn of Scattered Spider\\'s Gen Z Cybercrime Ecosystem (lien direct) |
Les agences de cybersécurité et de renseignement américaines ont publié un avis conjoint sur un groupe cybercriminal connu sous le nom d'araignée dispersée qui est connue pour utiliser des tactiques de phishing sophistiquées pour infiltrer des cibles.
"Les acteurs de la menace d'araignée dispersés s'engagent généralement dans un vol de données pour l'extorsion à l'aide de plusieurs techniques d'ingénierie sociale et ont récemment exploité le ransomware BlackCat / Alphv aux côtés de leur
U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that\'s known to employ sophisticated phishing tactics to infiltrate targets. "Scattered Spider threat actors typically engage in data theft for extortion using multiple social engineering techniques and have recently leveraged BlackCat/ALPHV ransomware alongside their |
Ransomware Threat | ★★ | |
|
2023-11-17 13:00:00 | \\ 'Sex Life Data \\' Volé au gouvernement britannique parmi un nombre record d'attaques de ransomwares \\'Sex life data\\' stolen from UK government among record number of ransomware attacks (lien direct) |
Des données sur la vie sexuelle de 10 000 personnes ont été volées à un département du gouvernement britannique dans l'une des attaques record d'attaques de ransomwares pour avoir frappé Westminster au premier semestre de cette année.On ne sait pas à quel département les informations ont été volées, ni pourquoi le gouvernement tenait cela
Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information was stolen from, nor why the government was holding this |
Ransomware | ★★★ | |
|
2023-11-17 11:45:27 | Yamaha Motor confirme l'attaque des ransomwares contre la filiale des Philippines Yamaha Motor confirms ransomware attack on Philippines subsidiary (lien direct) |
La filiale de fabrication de motos Philippines de Yamaha Motor \\ a été frappée par une attaque de ransomware le mois dernier, ce qui a entraîné le vol et la fuite de certains employés \\ 'Informations personnelles.[...]
Yamaha Motor\'s Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak of some employees\' personal information. [...] |
Ransomware | ★★ | |
 |
2023-11-17 10:33:46 | Double Blow - Un groupe de ransomware rapporte ses victimes aux autorités américaines Double blow - A ransomware group reports its victims to the US authorities (lien direct) |
Double Blow - Un groupe de ransomwares rapporte ses victimes aux autorités américaines explique Mark Molyneux, EMEA CTO à Cohesity.
-
opinion
Double blow - A ransomware group reports its victims to the US authorities explains Mark Molyneux, EMEA CTO at Cohesity. - Opinion |
Ransomware | ★★★ | |
|
2023-11-17 10:23:29 | Exploitation de vulnérabilité citrichlée suspectée dans l'attaque de ransomware Toyota CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack (lien direct) |
> Toyota Financial Services a été frappée par une attaque de ransomware qui pourrait avoir impliqué l'exploitation de la vulnérabilité agricole.
>Toyota Financial Services has been hit by a ransomware attack that may have involved exploitation of the CitrixBleed vulnerability. |
Ransomware Vulnerability | ★★ | |
|
2023-11-17 10:00:00 | Royal Mail à dépenser & livre; 10m en ransomware assortiment Royal Mail to Spend £10m on Ransomware Remediation (lien direct) |
Le service postal a été violé en janvier 2023
Postal service was breached in January 2023 |
Ransomware | ★★ |
To see everything:
