Security Affairs

NOVEMBER 15, 2023

The report includes IOCs and TTPs identified through investigations as recently as September 2023. The Rhysida ransomware group has been active since May 2023, according to the gang’s Tor leak site, at least 62 companies are victims of the operation. The victims of the group are “targets of opportunity.”

Ransomware 338

Ransomware Manufacturing Education Passwords 338

Security Affairs

SEPTEMBER 23, 2023

In May 2023, a ransomware attack hit the IT systems at the City of Dallas , Texas. Between April 7, 2023, and May 4, 2023, Royal performed data exfiltration and ransomware delivery preparation activities. ” The group was able to steal data from the City and leaked approximately 1.169 TB at a time prior to May 03, 2023.

Ransomware 334

Ransomware Encryption Systems administration Cybersecurity 334

Security Affairs

APRIL 5, 2023

A series of vulnerabilities in multiple smart devices manufactured by Nexx can be exploited to remotely open garage doors, and take control of alarms and plugs. Authorization Bypass Through User-Controlled Key CWE-639 ( CVE-2023–1749 , CVSS3.0: Authorization Bypass Through User-Controlled Key CWE-639 ( CVE-2023–1750 , CVSS3.0:

Manufacturing 246

Manufacturing Cybersecurity Education Authentication 246

Security Affairs

SEPTEMBER 25, 2023

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. The experts tracked the cluster as CL-STA-0046, the malicious activity spanned over six months between 2022-2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government.

Government 334

Government Manufacturing Education Access 334

Security Affairs

FEBRUARY 19, 2024

In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023. The LockBit ransomware operation operated under a Ransomware-as-a-Service (RaaS) model, recruiting affiliates to carry out ransomware attacks through the utilization of LockBit ransomware tools and infrastructure.

Energy and Utilities 336

Energy and Utilities Ransomware Agriculture Financial Services 336

Security Affairs

FEBRUARY 12, 2024

“This study examines Rhysida ransomware, which caused significant damage in the second half of 2023, and proposes a decryption method. The Rhysida ransomware group has been active since May 2023. In December 2023, FBI and CISA published a joint Cybersecurity Advisory (CSA) to warn of Rhysida ransomware attacks.

Ransomware 325

Ransomware Encryption Paper Manufacturing 325

Security Affairs

JUNE 15, 2023

Help us #StopRansomware by visiting [link] pic.twitter.com/G5jpxtB0Fw — Cybersecurity and Infrastructure Security Agency (@CISAgov) June 14, 2023 The LockBit ransomware operation was the most active in 2022 and according to the researchers it is one of the most prolific RaaS in 2023. was the prevalent variant in 2023.

Ransomware 246

Ransomware Cybersecurity Agriculture Education 246

Security Affairs

FEBRUARY 8, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Energy and Utilities 338

Energy and Utilities Communications Military Manufacturing 338

Security Affairs

DECEMBER 13, 2023

In November 2023, the experts noticed that the botnet started targeting Axis IP cameras, such as the M1045-LW, M1065-LW, and p1367-E. The KV-botnet logical network map, December 2023 In May, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. and Guam without being detected.

Communications 338

Communications Manufacturing Education Government 338

Security Affairs

APRIL 6, 2023

Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally. Ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). MSI is headquartered in Taipei, Taiwan.

Ransomware 246

Ransomware IT Manufacturing Education 246

Security Affairs

FEBRUARY 28, 2024

“These operations have targeted various industries, including Aerospace & Defense, Education, Energy & Utilities, Governments, Hospitality, Manufacturing, Oil & Gas, Retail, Technology, and Transportation. ” reads the joint report. ” continues the report.

Energy and Utilities 332

Energy and Utilities Military Government Phishing 332

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Energy and Utilities 330

Energy and Utilities Communications Military Access 330

Security Affairs

SEPTEMBER 15, 2024

The Rhysida ransomware group has been active since May 2023. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. Port of Seattle confirmed on Friday that the Rhysida ransomware group was behind the cyberattack.

Ransomware 322

Ransomware Manufacturing Education Encryption 322

Security Affairs

APRIL 15, 2023

The Brazilian retail arm of car manufacturing giant Volvo leaked sensitive files, putting its clientele in the vast South American country in peril. Exposed sensitive files On February 17, 2023, the Cybernews research team discovered public access to sensitive files hosted on dimasvolvo.com.br The issue causing the leak has been fixed.

Retail 246

Retail Manufacturing Communications Passwords 246

Security Affairs

JUNE 16, 2023

The US authorities arrested the man in Arizona last month DoJ states that from at least as early as August 2020 to March 2023, Astamirov and other members of the LockBit ransomware gang committed wire fraud and compromised many computer systems worldwide attempting to extort the victims of ransomware attacks. law enforcement).

Ransomware 246

Ransomware Agriculture Education Government 246

Security Affairs

FEBRUARY 21, 2024

In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023. Today, additional criminal charges against Kondratyev were unsealed in the Northern District of California related to his deployment in 2020 of ransomware against a victim located in California.” reads the press release published by DoJ.

Energy and Utilities 332

Energy and Utilities Ransomware Agriculture Manufacturing 332

The Last Watchdog

NOVEMBER 12, 2023

I recently discussed the current state of tech standards with DigiCert’s Mike Nelson , Global Vice President of Digital Trust and, Dean Coclin , Senior Director of Trust Services, at DigiCert Trust Summit 2023. We drilled down on Matter as well as another new standard, BIMI , which stands for “brand indicators for message?identification.”

Security 276

Security Manufacturing Authentication Marketing 276

Security Affairs

JUNE 3, 2023

Royal ransomware is one of the most notable ransomware families of 2022, it made the headlines in early May 2023 with the attack against the IT systems in Dallas, Texas. Experts noticed that the new Linux ransomware BlackSuit has significant similarities with the Royal ransomware family. New #ransomware #BlackSuit targets Windows, #Linux.

Ransomware 246

Ransomware Encryption File names Cybersecurity 246

Security Affairs

APRIL 7, 2023

Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally. This week the ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International).

Ransomware 246

Ransomware Security Manufacturing Cybersecurity 246

Security Affairs

APRIL 9, 2023

The defendant was arrested in Estonia on March 28, 2023, he used several Estonian-based business entities (the “Estonian Shell Companies”) to buy goods that would have been unavailable to Russian end-users. “As alleged in the indictment and other court filings, Shevlyakov procured sensitive electronics from U.S.

Computer and Electronics 246

Computer and Electronics Military Manufacturing Government 246

Security Affairs

APRIL 16, 2023

It manufactures self-service kiosks, point-of-sale terminals, automated teller machines, check processing systems, and barcode scanners. NCR Corporation , previously known as National Cash Register, is an American software, consulting and technology company providing several professional services and electronic products.

Ransomware 246

Ransomware Sales Manufacturing Cybersecurity 246

Security Affairs

APRIL 4, 2023

As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. Threat actors behind the 3CX supply chain attack have targeted a limited number of cryptocurrency companies with a second-state implant.

Manufacturing 246

Manufacturing Cybersecurity Education Security 246

Security Affairs

JUNE 6, 2024

In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023. The LockBit ransomware operation operated under a Ransomware-as-a-Service (RaaS) model, recruiting affiliates to carry out ransomware attacks through the utilization of LockBit ransomware tools and infrastructure.

Energy and Utilities 342

Energy and Utilities Ransomware Agriculture Encryption 342

Security Affairs

FEBRUARY 20, 2024

In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023. Today, additional criminal charges against Kondratyev were unsealed in the Northern District of California related to his deployment in 2020 of ransomware against a victim located in California.”

Energy and Utilities 332

Energy and Utilities Ransomware Manufacturing Agriculture 332

Security Affairs

APRIL 12, 2023

Data breach at @Hyundai_Italia : pic.twitter.com/oMMcFiG2Ud — Troy Hunt (@troyhunt) April 11, 2023 In response to the incident, the company has taken the impacted systems offline. According to the letter, financial data were not exposed. The number of impacted individuals is still unclear.

Data breaches 246

Data breaches Manufacturing Cybersecurity Education 246

Security Affairs

AUGUST 28, 2023

The malicious code was used in attacks targeting multiple sectors including the gaming industry, technology industry, and luxury car manufacturers. Since mid-July 2023, the binary observed in the attacks includes support for telnet scanning and support for more CPU architectures. ” reads the report published by Akamai.

IoT 246

IoT Mining Manufacturing Education 246

IT Governance

DECEMBER 11, 2023

Known records breached Up to 3,806 organisations with DICOM (Digital Imaging and Communications in Medicine) servers Source (New) Healthcare Unknown Unknown >59 million Akumin Source (New) Healthcare USA Yes 5 TB AMCO Proteins Source (New) Manufacturing USA Yes 4 TB Norton Healthcare Source (New) Healthcare USA Yes 2.5 and Robert W.

Data Privacy 97

Data Privacy Energy and Utilities Privacy Manufacturing 97

Security Affairs

MARCH 3, 2023

According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. In February 2023, Royal operators added support for encrypting Linux devices and target VMware ESXi virtual machines.

Ransomware 246

Ransomware Encryption Cybersecurity Communications 246

eSecurity Planet

NOVEMBER 6, 2023

30, 2023 NGINX Ingress Controller for Kubernetes Flaws Can Lead to Credential Theft Type of Attack: Path sanitization bypass and injection vulnerabilities discovered in the NGINX Ingress controller can allow for credential theft, arbitrary command execution, and critical data access. CVE-2023-5044 (Code Injection): This CVSS score 7.6

Ransomware 113

Ransomware Authentication Cybersecurity Access 113

Security Affairs

AUGUST 27, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Energy and Utilities 325

Energy and Utilities Communications Authentication Access 325

IT Governance

DECEMBER 5, 2023

35 TB of data exfiltrated from Henry Schein, plus ALPHV/BlackCat re-encrypted the newly restored files As we first reported last month , the US healthcare solutions provider Henry Schein announced on 15 October that it had suffered a cyber attack that caused disruption to its manufacturing and distribution businesses.

Data Privacy 100

Data Privacy Privacy Manufacturing Security 100

Security Affairs

NOVEMBER 13, 2024

In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

e-Discovery 193

e-Discovery Communications Ransomware Government 193

IT Governance

OCTOBER 24, 2023

Publicly disclosed data breaches and cyber attacks City of Philadelphia discloses data breach after five months Date of breach: 24 May 2023 ( notice issued 20 October 2023). International Criminal Court says cyberattack was attempted espionage Date of breach: 19 September 2023 ( update on 20 October 2023).

Data Privacy 104

Data Privacy Privacy Security Data breaches 104

KnowBe4

OCTOBER 19, 2023

October 18, 2023, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One. We could not agree more.

Phishing 114

Phishing Manufacturing Education Ransomware 114

IT Governance

OCTOBER 13, 2023

EvilProxy phishing campaign targets Microsoft 365 accounts via indeed.com A phishing campaign identified by Menlo Security has been targeting senior executives in various industries – most notably banking and financial services, property management and real estate, and manufacturing – since July.

Phishing 105

Phishing Financial Services Manufacturing Personal data 105

The Last Watchdog

JULY 13, 2023

London, July 13, 2023 — Beazley, the leading specialist insurer, today published its latest Risk & Resilience report: Spotlight on: Cyber & Technology Risks 2023. Companies with an annual revenue of US$250,000 to US$999,999 report feeling less prepared to deal with cyber risks in 2023 (76%) than they did in 2022 (70%).

Risk 189

Risk Insurance Energy and Utilities Marketing 189

The Last Watchdog

SEPTEMBER 21, 2023

21, 2023 — MxD, the Digital Manufacturing and Cybersecurity Institute, today hosted a roundtable discussion with the White House Office of the National Cyber Director. manufacturers from cyber-attacks by providing role-based training to the next generation of cybersecurity workers in manufacturing. Chicago, Ill.,

Cybersecurity 113

Cybersecurity Manufacturing Military Artificial Intelligence 113