What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-06-24 18:45:00 | Data Breach at WorkForce West Virginia (lien direct) | Mountain State governor confirms data breach impacting jobseekers' database | Data Breach | ||
 |
2021-06-23 11:53:28 | Tulsa warns of data breach after Conti ransomware leaks police citations (lien direct) | The City of Tulsa, Oklahoma, is warning residents that their personal data may have been exposed after a ransomware gang published police citations online. [...] | Ransomware Data Breach | ||
 |
2021-06-22 18:18:00 | Anomali Cyber Watch: Klingon RAT Holding on for Dear Life, CVS Medical Records Breach, Black Kingdom Ransomware and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Black Kingdom, Darkside, Go, Klingon Rat, Microsoft PowerApps, Ransomware and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Andariel Evolves to Target South Korea with Ransomware
(published: June 15, 2021)
Researchers at securelist identified ransomware attacks from Andariel, a sub-group of Lazarus targeting South Korea. Attack victims included entities from manufacturing, home network service, media and construction sectors. These attacks involved malicious Microsoft Word documents containing a macro and used novel techniques to implant a multi-stage payload. The final payload was a ransomware custom made for this specific attack.
Analyst Comment: Users should be wary of documents that request Macros to be enabled. All employees should be educated on the risk of opening attachments from unknown senders. Anti-spam and antivirus protections should be implemented and kept up-to-date with the latest version to better ensure security.
MITRE ATT&CK: [MITRE ATT&CK] System Network Connections Discovery - T1049 | [MITRE ATT&CK] Process Discovery - T1057 | [MITRE ATT&CK] Screen Capture - T1113 | [MITRE ATT&CK] Standard Non-Application Layer Protocol - T1095 | [MITRE ATT&CK] Exfiltration Over Command and Control Channel - T1041 | [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: Lazarus group, Lazarus, Andariel, Hidden Cobra, tasklist, Manuscrypt, Banking And Finance, Malicious documents, Macros
Matanbuchus: Malware-as-a-Service with Demonic Intentions
(published: June 15, 2021)
In February 2021, BelialDemon advertised a new malware-as-a-service (MaaS) called Matanbuchus Loader and charged an initial rental price of $2,500. Malware loaders are malicious software that typically drop or pull down second-stage malware from command and control (C2) infrastructures.
Analyst Comment: Malware as a Service (MaaS) is a relatively new development, which opens the doors of crime to anyone with the money to pay for access. A criminal organization that wants to carry out a malware attack on a target no longer requires in-house technical expertise or infrastructure. Such attacks in most cases share tactics, techniques, and even IOCs. This highlights the importance of intelligence sharing for proactive protection.
MITRE ATT&CK: [MITRE ATT&CK] System Network Configuration Discovery - T1016
Tags: BelialDemon, Matanbuchus, Belial, WildFire, EU, North America
Black Kingdom ransomware
(published: June 17 |
Ransomware Data Breach Malware Vulnerability Threat Medical | APT 38 APT 28 | |
 |
2021-06-21 19:56:22 | Embryology Data Breach Follows Fertility Clinic Ransomware Hit (lien direct) | Approximately 38,000 of RBA's customers had their embryology data stolen by a ransomware gang. | Ransomware Data Breach | ★★★ | |
|
2021-06-21 18:33:00 | Ohio Medicaid Provider Suffers Data Breach (lien direct) | Personal data could have been stolen in unauthorized access incident at Maximus | Data Breach | ||
 |
2021-06-21 13:02:06 | Turbotax Customer Data Breach – Cyber Expert Comments (lien direct) | BACKGROUND: TurboTax has warned customers of a data breach, apparently caused by people reusing passwords from other sites. BACKGROUND: TurboTax has warned customers of a data breach, apparently caused by… | Data Breach | ||
|
2021-06-21 12:45:28 | (Déjà vu) Supermarket Chain Wegmans Notifies Customers Of Data Breach (lien direct) | BACKGROUND: Wegmans Food Markets notified customers that some of their information was exposed after the company became aware that two of its databases were publicly accessible on the Internet because… | Data Breach | ||
|
2021-06-21 08:53:00 | Over 30,000 Fertility Clinic Patients Hit by Ransomware Data Breach (lien direct) | Atlanta-based Reproductive Biology Associates claims data has been deleted | Ransomware Data Breach | ||
|
2021-06-20 10:06:59 | Fertility clinic discloses data breach exposing patient info (lien direct) | A Georgia-based fertility clinic has disclosed a data breach after files containing sensitive patient information were stolen during a ransomware attack. [...] | Ransomware Data Breach | ||
 |
2021-06-18 20:03:52 | US supermarket chain Wegmans discloses data breach (lien direct) | The supermarket chain Wegmans US Wegmans discloses a data breach, customers information was exposed on the Internet due to a misconfiguration issue. Wegmans Food Markets disclosed a data breach, the supermarket chain notified customers that some of their information was exposed as a result of the accidental availability online of two of its databases due […] | Data Breach | ||
|
2021-06-18 12:26:49 | (Déjà vu) Cruise operator Carnival discloses a security breach (lien direct) | Carnival Corp. said that the data breach it has suffered in March might have impacted its customers and employees. Carnival Corp. this week confirmed that the data breach that took place in March might have exposed personal information about customers and employees of Carnival Cruise Line, Holland America Line, and Princess Cruises. Carnival Corporation & plc […] | Data Breach | ||
|
2021-06-18 11:15:16 | Experts Insight On Carnival Cruises Recent Data Breach (lien direct) | Carnival Cruises have disclosed a data breach after attackers gained access to customers’ personal information. Carnival Cruises have disclosed a data breach after attackers gained access to customers’ personal information. | Data Breach | ||
 |
2021-06-18 11:01:39 | Cruise Giant Carnival Says Customers Affected by Breach (lien direct) | Carnival Corp. said Thursday that a data breach in March might have exposed personal information about customers and employees on Carnival Cruise Line, Holland America Line and Princess Cruises. | Data Breach | ||
|
2021-06-18 09:15:06 | US supermarket chain Wegmans notifies customers of data breach (lien direct) | Wegmans Food Markets notified customers that some of their information was exposed after the company became aware that two of its databases were publicly accessible on the Internet because of a configuration issue. [...] | Data Breach | ||
|
2021-06-17 17:47:15 | (Déjà vu) Eggfree Cake Box suffer data breach exposing credit card numbers (lien direct) | Eggfree Cake Box has disclosed a data breach after threat actors hacked their website to stole credit card numbers. [...] | Data Breach Threat | ||
|
2021-06-17 17:47:15 | Egg free Cake Box suffer data breach exposing credit card numbers (lien direct) | Eggfree Cake Box has disclosed a data breach after threat actors hacked their website to stole credit card numbers. [...] | Data Breach Threat | ||
|
2021-06-17 15:14:27 | UK Law Firm Gateley Discloses Data Breach (lien direct) | Gateley, a legal and professional services group in the UK, on Wednesday revealed that it's investigating a cybersecurity incident that resulted in the exposure of some data, including client information. | Data Breach | ||
|
2021-06-17 12:15:23 | Carnival Cruise hit by data breach, warns of data misuse risk (lien direct) | Carnival Corporation, the world's largest cruise ship operator, has disclosed a data breach after attackers breached some email accounts and accessed personal, financial, and health information belonging to customers, employees, and crew. [...] | Data Breach | ||
|
2021-06-16 17:36:06 | (Déjà vu) Criminals are mailing altered Ledger devices to steal cryptocurrency (lien direct) | Scammers are sending fake replacement devices to Ledger customers exposed in a recent data breach that are used to steal cryptocurrency wallets. [...] | Data Breach | ||
|
2021-06-16 17:36:06 | Scammers mail fake Ledger devices to steal your cryptocurrency (lien direct) | Scammers are sending fake replacement devices to Ledger customers exposed in a recent data breach that are used to steal cryptocurrency wallets. [...] | Data Breach | ||
|
2021-06-16 12:18:40 | Expert Reaction On The World\'s Largest Data Breach (lien direct) | BACKGROUND: The BBC report that the Irish Council for Civil Liberties issuing a branch of the Interactive Advertising Bureau (IAB) and others over what it describes as “the world’s largest… | Data Breach | ||
|
2021-06-16 12:08:57 | Volkswagen, Audi Disclose Data Breach Impacting Over 3.3 Million Customers, Interested Buyers (lien direct) | BACKGROUND: Volkswagen has revealed a data breach impacting over 3.3 million customers. On Friday, the automaker said that a compilation of data used for sales and marketing purposes between 2014… | Data Breach | ||
|
2021-06-15 08:37:23 | Largest US propane distributor discloses \'8-second\' data breach (lien direct) | America's largest propane provider, AmeriGas, has disclosed a data breach that lasted ephemerally but impacted 123 employees and one resident. AmeriGas servers over 2 million customers in all 50 U.S. states and has over 2,500 distribution locations. [...] | Data Breach | ||
|
2021-06-14 11:14:27 | Experts React: McDonald\'s Suffers Data Breach (lien direct) | BACKGROUND: It has been reported that McDonald’s, the world’s largest burger chain, has suffered a data breach today. Locations in South Korea and Taiwan have had data exposed including some customer and… | Data Breach | ★★★ | |
 |
2021-06-14 09:33:07 | Volkswagen, Audi disclose data breach impacting over 3.3 million customers, interested buyers (lien direct) | An unsecured treasure trove of data used for sales was exposed online. | Data Breach | ||
 |
2021-06-13 23:59:46 | Chinese Hackers Believed to be Behind SITA, Air India Data Breach (lien direct) | The cyber assault on Air India that came to light last month lasted for a period of at least two months and 26 days, new research has revealed, which attributed the incident with moderate confidence to a Chinese nation-state threat actor called APT41.
Group-IB dubbed the campaign "ColunmTK" based on the names of the command-and-control (C2) server domains that were used for communications. "The |
Data Breach Threat Guideline | APT 41 | |
|
2021-06-12 16:37:01 | McDonald\'s discloses data breach in US, Taiwan and South Korea (lien direct) | McDonald’s fast-food chain disclosed a data breach, hackers have stolen information belonging to customers and employees from the US, South Korea, and Taiwan. McDonald’s, the world’s largest restaurant chain by revenue, has disclosed a data breach that impacted customers and employees from the US, South Korea, and Taiwan. The hackers compromised the system of the […] | Data Breach | ||
|
2021-06-12 13:39:38 | Volkswagen discloses data breach, 3.3 million customers impacted (lien direct) | Volkswagen America discloses a data breach at a third-party vendor that exposed the personal details of more than 3.3 million of its customers. Volkswagen America discloses a data breach suffered by a third-party vendor used by the car vendor for sales and marketing purposes. The security breach affected a subsidiary Audi and authorized dealers in […] | Data Breach | ||
|
2021-06-12 12:27:59 | Audi, Volkswagen data breach affects 3.3 million customers (lien direct) | Audi and Volkswagen have suffered a data breach affecting 3.3 million customers after a vendor exposed unsecured data on the Internet. [...] | Data Breach | ||
|
2021-06-11 18:59:35 | Volkswagen America Discloses Data Breach Impacting 3.3 Million (lien direct) | Volkswagen Group of America this week revealed that approximately 3.3 million people might have been affected in a data breach that impacted both Audi of America and Volkswagen of America (together VWGoA). | Data Breach | ||
|
2021-06-11 17:00:00 | McDonald\'s Suffers Data Breach (lien direct) | Burger chain breach impacts US operations and employees and diners in South Korea and Taiwan | Data Breach | ||
|
2021-06-11 12:45:46 | McDonald\'s discloses data breach after theft of customer, employee info (lien direct) | McDonald's, the largest fast-food chain globally, has disclosed a data breach after hackers breached its systems and stole information belonging to customers and employees from the US, South Korea, and Taiwan. [...] | Data Breach | ||
|
2021-06-11 11:34:00 | Gaming Giant EA Suffers Major Data Breach (lien direct) | Hackers stole 780GB of data, including source code for the popular football game FIFA 21 | Data Breach | ||
|
2021-06-10 17:24:00 | Texas to Publish Data Breach Notifications (lien direct) | New law requires data breaches affecting 250 or more Texas residents to be posted online | Data Breach | ||
|
2021-06-09 17:34:00 | Nebraska Medicine Data Breach Settlement Approved (lien direct) | Judge approves preliminary settlement in data breach lawsuit brought against Nebraska Medicine | Data Breach | ||
|
2021-06-07 12:47:16 | US truck and military vehicle maker Navistar discloses data breach (lien direct) | Navistar International Corporation (Navistar), a US-based maker of trucks and military vehicles, says that unknown attackers have stolen data from its network following a cybersecurity incident discovered at the end of last month. [...] | Data Breach | ||
 |
2021-06-04 05:01:00 | Digital transformation explained (lien direct) |
This article was written by an independent guest author.
No matter what sector your organization does business in, you’ve probably heard the term digital transformation. In every industry, digital transformation is going to be critical to remain competitive and resilient.
But what does digital transformation mean? And how does cybersecurity fit in? Today’s organizations are facing an increasingly complex environment of securing everything attached to the network; applications, data, and endpoints.
What is digital transformation?
At its most basic definition, digital transformation (or DX) is the process of improving your business by leveraging the latest technologies and solutions.
Digital transformation harnesses third platform technologies - think cloud and data analytics, and acceleration technologies - think IoT and mobile apps to transform business operations.
The primary goals of digital transformation are to increase agility for customer responsiveness, flexibility to accommodate new ways of working, and scalability to help your business do more.
What’s driving digital transformation?
The main drivers of digital transformation are:
Skyrocketing data transmission speeds
Increased storage capacities
Expansion of mobile functionality
All these signs point to a rapid decrease of on-premises computing and storage.
With the cloud, the amount of time and resources spent on hardware maintenance and upkeep is drastically reduced because you no longer need to own, maintain, and upgrade these resources in your own data center.
Rebuffing the maintenance mindset, the preference for most IT departments is to spend more on innovation vs. the traditional “keep the lights on” tasks. However, because “turning the lights off” isn’t feasible, the bulk of IT budgets continue to be allocated to maintenance. A 2020 Deloitte Inisights report underscores the reality: the average IT department allocates over half its budget on maintenance but only 19 percent on innovation.
And according to a 2021 State of IT Spiceworks Ziff Davis study, updating outdated IT infrastructure is the number one factor driving IT budget increases — cited by 56% of organizations planning on growing IT spend.
Also driving cloud adoption is the need to address disaster recovery (DR). While DR has not been typically cost-effective for small to mid-sized businesses, many cloud vendors and providers offer DR solutions like DRaaS (Disaster Recovery as a Service) that address those challenges.
But perhaps the greatest driver of cloud adoption today is COVID-19. The pandemic’s disruption to the business landscape forced organizations to consider advanced technologies. The work from home or remote work model is here to stay, and the demand for software-as-a-service (SaaS) applications that allow teams to collaborate from anywhere is steadily increasing.
The main spheres of digital transformation
While one can argue that the components of digital transformation are numerous, we are highlighting five important spheres.
Security
As network access moves beyond the office perimeter to meet the demands of a remote workforce, robust security measures are required to maintain the confidentiality, integrity, and availability of corporate and customer data. |
Data Breach Threat | Deloitte | |
|
2021-06-03 13:50:20 | Scripps Health notifies patients of data breach after ransomware attack (lien direct) | Nonprofit healthcare provider, Scripps Health in San Diego, has disclosed a data breach exposing patient information after suffering a ransomware attack last month. [...] | Ransomware Data Breach | ||
|
2021-06-02 16:00:00 | Scripps Notifying 147K People of Data Breach (lien direct) | Healthcare provider shares news of ransomware attack that exposed patient data | Ransomware Data Breach | ||
|
2021-06-01 15:19:00 | Model Sues Law Firm Over Data Breach (lien direct) | Goldberg Segalla accused of leaking fashion model's personal information on PACER | Data Breach | ||
|
2021-05-29 21:57:58 | FBI will share compromised passwords with HIBP Pwned Passwords (lien direct) | The FBI is going to share compromised passwords discovered during investigations with Have I Been Pwned (HIBP)’s ‘Pwned Passwords’ service. The FBI will share compromised passwords that were discovered during investigations with the ‘Pwned Passwords‘ service implemented by the data breach notification site Have I Been Pwned (HIBP). The Pwned Passwords service allows users to search […] | Data Breach | ★★ | |
|
2021-05-27 17:59:19 | Japanese Ministries Confirm Impact from Fujitsu Data Breach (lien direct) | Japan's Ministry of Foreign Affairs and Ministry of Land, Infrastructure, Transport and Tourism this week confirmed impact from a data breach at service provider Fujitsu Limited. | Data Breach | ||
|
2021-05-27 16:42:00 | (Déjà vu) Data Breach at Canada Post (lien direct) | Malware attack on third-party supplier leads to data breach at Canada Post | Data Breach Malware Guideline | ||
|
2021-05-27 14:38:13 | Canada Post Discloses Data Breach (lien direct) | BACKGROUND: It has been reported that Canada Post has informed 44 of its large business customers that information relating to more than 950,000 customers was compromised after one of its… | Data Breach | ||
|
2021-05-27 14:08:26 | Canada Post hit by data breach after supplier ransomware attack (lien direct) | Canada Post has informed 44 of its large commercial customers that a ransomware attack on a third-party service provider exposed shipping information for their customers. [...] | Ransomware Data Breach | ||
|
2021-05-25 15:00:00 | Anomali Cyber Watch: Bizzaro Trojan Expands to Europe, Fake Call Centers Help Spread BazarLoader Malware, Toshiba Business Reportedly Hit by DarkSide Ransomware and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: BazarCall, DarkSide, Data breach, Malware, Phishing, Ransomware and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Air India passenger data breach reveals SITA hack worse than first thought
(published: May 23, 2021)
Adding to the growing body of knowledge related to the March 2021 breach of SITA, a multinational information technology company providing IT and telecommunication services to the air transport industry, Air India announced over the weekend that the personal information of 4.5 million customers was compromised. According to the airline, the stolen information included passengers’ name, credit card details, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data. The compromise included data for passengers who registered with Indian Airlines between 26 August 2011 and 3 February 2021; nearly a decade. Air India adds to the growing list of SITA clients impacted by their data breach, including Malaysia Airlines, Finnair, Singapore Airlines, Jeju Air, Cathay Pacific, Air New Zealand, and Lufthansa.
Analyst Comment: Unfortunately, breaches like this are commonplace. While customers have no control over their information being included in such a breach, they can and should take appropriate actions once notified they may be impacted, Those actions can include changing passwords and credit cards associated with the breached accounts, engaging with credit reporting agencies for enhanced credit monitoring or freezing of credit inquiries without permission, and reaching out to companies that have reportedly been breached to learn what protections they may be offering their clients.
Tags: Data Breach, Airline, PII
BazarCall: Call Centers Help Spread BazarLoader Malware
(published: May 19, 2021)
Researchers from PaloAlto’s Unit42 released a breakdown of a new infection method for the BazarLoader malware. Once installed, BazarLoader provides backdoor access to an infected Windows host which criminals can use to scan the environment, send follow-up malware, and exploit other vulnerable hosts on the network. In early February 2021, researchers began to report a “call center” method of distributing BazarLoader. Actors would send phishing emails with trial subscription-based themes encouraging victims to phone a number to unsubscribe. If a victim called, the actor would answer the phone and direct the victim through a process to infect the computer with BazarLoader. Analysts dubbed this method of infection “BazarCall.”
Analyst Comment: This exemplifies social engineering tactics threat actors employ to trick users into installing malware on their machines. All social media users should be cautious when accepting unknown requests to connect, and particularly cautious when receiving communication from unknown users. Even if cal |
Ransomware Data Breach Malware Hack Tool Vulnerability Threat Guideline | ||
|
2021-05-25 14:37:16 | Domino\'s India discloses data breach after hackers sell data online (lien direct) | Domino's India has disclosed a data breach after a threat actor hacked their systems and sold their stolen data on a hacking forum. [...] | Data Breach Threat | ||
|
2021-05-25 12:20:42 | (Déjà vu) Expert Commentary on Audio Maker Bose Recent Data Breach (lien direct) | Bose Corporation (Bose) has disclosed a data breach following a ransomware attack that hit the company’s systems in early March. The Attorney General of Bose released the below statement: “experienced… | Ransomware Data Breach | ||
|
2021-05-25 09:03:00 | GDPR Anniversary: Security Leaders More Concerned About Litigation Than Fines (lien direct) | 90% of security leaders are concerned about data breach litigation because of GDPR | Data Breach Guideline | ||
 |
2021-05-25 07:59:31 | (Déjà vu) Bose reports data breach following ransomware attack (lien direct) | Bleeping Computer has reported that audio maker Bose disclosed a data breach after ransomware attack that hit the company’s systems in early March. A breach notification letter filed with New Hampshire’s Office of the Attorney General by Bose stated the company “experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across” its “environment.” | Ransomware Data Breach | ★★★★ |
To see everything:
Our RSS (filtrered)
