Cyber Security Update New Nemty Ransomwar
Post# of 82686
(Total Views: 545)
Posted On: 08/26/2019 10:39:28 AM
Cyber Security Update
New Nemty Ransomware Taunts Antivirus Solutions, May Use RDP
(Monday, August, 26, 2019)
A new ransomware has been spotted over the weekend, carrying references to the Russian president and antivirus software. The researchers call is Nemty. This is the first version of Nemty ransomware, named so after the extension it adds to the files following the encryption process. The ransom demand Like any proper file-encrypting malware, Nemty will delete the shadow copies for the files it processes, taking away from the victim the possibility to recover versions of the data as created by the Windows operating system.
GitHub announces wider array of 2FA options, including security keys and biometrics
(Monday, August, 26, 2019)
GitHub has started supporting the Web Authentication (WebAuthn) web standard, allowing users to use security keys for two-factor authentication with a wide variety of browsers and devices. Developer accounts at online code and software package repositories are a great target for attackers: compromising one or more means that they can surreptitiously add malicious code to already popular and widely deployed libraries and software packages. GitHub users have had the ability to additionally protect their accounts by switching on 2-factor authentication since 2013, but the choices were limited to receiving the second factor via SMS or getting it from a Time-based One-Time Password app such as Google Authenticator.
Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs
(Monday, August, 26, 2019)
Attackers are taking advantage of recently released vulnerability details and PoC exploit code to extract private keys and user passwords from vulnerable Pulse Connect Secure SSL VPN and Fortigate SSL VPN installations. Attackers have been scanning for and targeting two vulnerabilities: Both vulnerabilities can be exploited remotely by sending a specially crafted HTTPS request, don’t require authentication, and allow attackers to download files/extract sensitive information from the vulnerable servers.
Hostinger Data Breach Affects Almost 14 Million Customers
(Sunday, August, 25, 2019)
Hosting provider Hostinger today announced that it reset the login passwords of 14 million of its customers following a recent security breach that enabled unauthorized access to a client database. The incident occurred on August 23 and a third party was able to access usernames, hashed passwords, emails, first names, and IP addresses. Unauthorized server access Hostinger offered more details about the incident in a blog post today, saying that an unauthorized party accessed one of their servers and was then able to obtain further access to customer information.
Prolific Sheerness hacker ordered to pay back £922k
(Friday, August, 23, 2019)
A hacker who carried out cyber attacks on more than 100 companies has been ordered to pay back £922,978.14 of cryptocurrency. Grant West had been jailed for fraud after carrying out attacks on brands such as Sainsbury's, Uber and Argos. A police investigation, codename "Operation Draba", uncovered West's activity on the dark web under the moniker of "Courvoisier". The confiscation order was made during a hearing at Southwark Crown Court. West, from Sheerness, Kent, used phishing email scams to obtain the financial data of tens of thousands of customers. He would then sell this personal data in different market places on the dark web, convert the profit made from selling financial details online into cryptocurrency,
Hackers Attack Indian Healthcare Website, Steal 68 Lakh Records
(Friday, August, 23, 2019)
A US-based cybersecurity firm on Thursday said hackers stole 68 lakh records of patient and doctor information from a leading India-based healthcare website. According to IANS, the firm, FireEye, did not mention the website, but said Chinese cyber criminals were selling data stolen from healthcare organisations and web portals in “underground markets”. The data was stolen from many countries, including India, according to the report. A bad actor that goes by the name “fallensky519″ stole 6,800,000 records associated with an India-based healthcare website that contains patient information and personally identifiable information (PII), doctor information and PII and credentials.
Chinese APT Groups Target Cancer Research Facilities
(Friday, August, 23, 2019)
Chinese advanced persistent threat groups are targeting cancer research organizations across the globe with the goal of stealing their work and using it to help the country address growing cancer rates among its population, according to researchers at cybersecurity company FireEye. In a wide-ranging report issued this week about cybersecurity threats in the healthcare industry, FireEye researchers note that as the cancer rate in China rises along with the cost of healthcare, the country may be looking for a fast way to gain access to research that will help it address those concerns. A Chinese group called APT18 - also known as "Wekby" - has been targeting biotech and pharmaceutical organizations as well as those conducting cancer research, the report notes. The FireEye researchers say APT18 had been in one medical device manufacturing company's network for at least 60 days before being detected, accessing about 14 users' accounts and using or installing backdoors on more than 450 systems. The group collected and exfiltrated several gigabytes of medical imaging equipment files.
Cyber attacks put city governments in Texas on their guard
(Friday, August, 23, 2019)
Cyberattacks that recently crippled nearly two dozen Texas cities have put other local governments on guard, offering the latest evidence that hackers can halt routine operations by locking up computers and public records and demanding steep ransoms. Government agencies that fail to keep reliable backups of their data could be forced to choose between paying ransoms or spending even more to rebuild lost systems. Officials are increasingly turning to cybersecurity insurance to help curb the growing threat. "I think we're entering an epidemic stage," said Alan Shark, executive director of the Public Technology Institute, which provides training and other support for local government technology employees. "The bad actors have been emboldened."
Gartner Recognizes Kudelski Security MSS in European Magic Quadrant
Kudelski Security was again recognized by industry analysts as a leading provider of managed security services. The just released ‘Magic Quadrant for MSS, Europe Context’ highlights Kudelski Security as one of ten providers with operations in Europe and specifically calls out new services and capabilities delivered by Kudelski Security’s Cyber Fusion Centers in Switzerland and the United States. Features called out in the Gartner report include unified monitoring wherever the data resides (on prem, cloud, hybrid, OT/IIoT); managed threat hunting and integrated incident response
New Nemty Ransomware Taunts Antivirus Solutions, May Use RDP
(Monday, August, 26, 2019)
A new ransomware has been spotted over the weekend, carrying references to the Russian president and antivirus software. The researchers call is Nemty. This is the first version of Nemty ransomware, named so after the extension it adds to the files following the encryption process. The ransom demand Like any proper file-encrypting malware, Nemty will delete the shadow copies for the files it processes, taking away from the victim the possibility to recover versions of the data as created by the Windows operating system.
GitHub announces wider array of 2FA options, including security keys and biometrics
(Monday, August, 26, 2019)
GitHub has started supporting the Web Authentication (WebAuthn) web standard, allowing users to use security keys for two-factor authentication with a wide variety of browsers and devices. Developer accounts at online code and software package repositories are a great target for attackers: compromising one or more means that they can surreptitiously add malicious code to already popular and widely deployed libraries and software packages. GitHub users have had the ability to additionally protect their accounts by switching on 2-factor authentication since 2013, but the choices were limited to receiving the second factor via SMS or getting it from a Time-based One-Time Password app such as Google Authenticator.
Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs
(Monday, August, 26, 2019)
Attackers are taking advantage of recently released vulnerability details and PoC exploit code to extract private keys and user passwords from vulnerable Pulse Connect Secure SSL VPN and Fortigate SSL VPN installations. Attackers have been scanning for and targeting two vulnerabilities: Both vulnerabilities can be exploited remotely by sending a specially crafted HTTPS request, don’t require authentication, and allow attackers to download files/extract sensitive information from the vulnerable servers.
Hostinger Data Breach Affects Almost 14 Million Customers
(Sunday, August, 25, 2019)
Hosting provider Hostinger today announced that it reset the login passwords of 14 million of its customers following a recent security breach that enabled unauthorized access to a client database. The incident occurred on August 23 and a third party was able to access usernames, hashed passwords, emails, first names, and IP addresses. Unauthorized server access Hostinger offered more details about the incident in a blog post today, saying that an unauthorized party accessed one of their servers and was then able to obtain further access to customer information.
Prolific Sheerness hacker ordered to pay back £922k
(Friday, August, 23, 2019)
A hacker who carried out cyber attacks on more than 100 companies has been ordered to pay back £922,978.14 of cryptocurrency. Grant West had been jailed for fraud after carrying out attacks on brands such as Sainsbury's, Uber and Argos. A police investigation, codename "Operation Draba", uncovered West's activity on the dark web under the moniker of "Courvoisier". The confiscation order was made during a hearing at Southwark Crown Court. West, from Sheerness, Kent, used phishing email scams to obtain the financial data of tens of thousands of customers. He would then sell this personal data in different market places on the dark web, convert the profit made from selling financial details online into cryptocurrency,
Hackers Attack Indian Healthcare Website, Steal 68 Lakh Records
(Friday, August, 23, 2019)
A US-based cybersecurity firm on Thursday said hackers stole 68 lakh records of patient and doctor information from a leading India-based healthcare website. According to IANS, the firm, FireEye, did not mention the website, but said Chinese cyber criminals were selling data stolen from healthcare organisations and web portals in “underground markets”. The data was stolen from many countries, including India, according to the report. A bad actor that goes by the name “fallensky519″ stole 6,800,000 records associated with an India-based healthcare website that contains patient information and personally identifiable information (PII), doctor information and PII and credentials.
Chinese APT Groups Target Cancer Research Facilities
(Friday, August, 23, 2019)
Chinese advanced persistent threat groups are targeting cancer research organizations across the globe with the goal of stealing their work and using it to help the country address growing cancer rates among its population, according to researchers at cybersecurity company FireEye. In a wide-ranging report issued this week about cybersecurity threats in the healthcare industry, FireEye researchers note that as the cancer rate in China rises along with the cost of healthcare, the country may be looking for a fast way to gain access to research that will help it address those concerns. A Chinese group called APT18 - also known as "Wekby" - has been targeting biotech and pharmaceutical organizations as well as those conducting cancer research, the report notes. The FireEye researchers say APT18 had been in one medical device manufacturing company's network for at least 60 days before being detected, accessing about 14 users' accounts and using or installing backdoors on more than 450 systems. The group collected and exfiltrated several gigabytes of medical imaging equipment files.
Cyber attacks put city governments in Texas on their guard
(Friday, August, 23, 2019)
Cyberattacks that recently crippled nearly two dozen Texas cities have put other local governments on guard, offering the latest evidence that hackers can halt routine operations by locking up computers and public records and demanding steep ransoms. Government agencies that fail to keep reliable backups of their data could be forced to choose between paying ransoms or spending even more to rebuild lost systems. Officials are increasingly turning to cybersecurity insurance to help curb the growing threat. "I think we're entering an epidemic stage," said Alan Shark, executive director of the Public Technology Institute, which provides training and other support for local government technology employees. "The bad actors have been emboldened."
Gartner Recognizes Kudelski Security MSS in European Magic Quadrant
Kudelski Security was again recognized by industry analysts as a leading provider of managed security services. The just released ‘Magic Quadrant for MSS, Europe Context’ highlights Kudelski Security as one of ten providers with operations in Europe and specifically calls out new services and capabilities delivered by Kudelski Security’s Cyber Fusion Centers in Switzerland and the United States. Features called out in the Gartner report include unified monitoring wherever the data resides (on prem, cloud, hybrid, OT/IIoT); managed threat hunting and integrated incident response
(0)
(0)