Updated on 2023-01-05: SickKids ransomware attack The LockBit ransomware gang has apologized for its attack on the Sick Kids Hospital chain and released a free decrypter to help the victim recover files without paying. Updated on 2023-01-02 LockBit apologized for the attack on SickKids, Canada, and released a free decryptor for the hospital. It claimed …
Updated on 2022-12-22: FBI warns about BEC attacks on food industry The FBI also issued another security advisory last week, warning about BEC attacks on the food industry where criminal groups have redirected shipments of food and ingredients rather than redirecting and stealing a company’s bank funds. Updated on 2022-12-16 The FBI, the FDA OCI, …
Updated on 2022-12-13 A severe vulnerability in Amazon ECR Public Gallery could enable attackers to delete any container image or insert malicious code into the images of other accounts. Read more: Amazon ECR Public Gallery flaw could have wiped or poisoned any image Overview: AWS ECR vulnerability Cybersecurity firm Ligthspin has discovered a vulnerability in …
Updated on 2022-12-12: Japan On Board with Disrupting Hackers The Japanese government is planning to introduce laws to allow it to launch cyber operations to disrupt attackers when a potential risk is identified. This appears to be just one part of the Japanese government rethinking the country’s pacifist approach to self-defence. The Washington Post reported …
Updated on 2022-12-12: Phosphorus APT brazenness Researchers with Team Cymru say that even if one of their servers was exposed in a CISA alert in September, Phosphorus, an Iranian threat actor group, has continued to use it for subsequent attacks throughout October and November 2022. Read more: Alert (AA22-257A): Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber …
Updated on 2022-12-12: MuddyWater APT Deep Instinct researchers have a report out on a recent spear-phishing campaign carried out by the MuddyWater Iranian APT. This particular campaign was of note because of two things. First, the group used compromised corporate accounts to send out emails to their targets. Second, the final payload was Syncro, a …
Updated on 2022-12-09: NYC Metropolitan Opera Website Down Due to Cyberattack A cyberattack has disabled New York City’s Metropolitan Opera website, box office, and call center. The incident has prevented the Met from selling tickets. On Friday, the Met announced it would be selling some tickets through a Lincoln Center website. The attack has also …
Updated on 2022-12-07: Fantasy Wiper Used in Attacks Against Diamond Industry and Others While researchers at ESET were analyzing a supply chain attack affecting Israeli software developer, they detected a wiper being used by the Agrius APT group. The wiper, Fantasy, and its execution tool, known as Sandals, were used after Agrius gained access to …
Updated on 2022-12-13 The Play ransomware family claimed credit for the recent attack on Antwerp, Belgium. The entry on its leak site claims that the attackers stole 557 GB of data, including passports and IDs. Read more: Play ransomware claims attack on Belgium city of Antwerp Updated on 2022-12-06: Antwerp Digital Services Affected by Cyberattack …
Updated on 2022-12-07 A newly spotted web skimming campaign, active since at least 2021, has infected 40 e-commerce sites. The threat actor, Group X, leveraged a unique supply-chain technique. Read more: Defcon Skimming: A new batch of Web Skimming attacks Updated on 2022-12-06: Groups X, Y, Z Jscrambler researchers have an analysis of recent Magecart …
Updated on 2022-12-06: BYOF attacks Researchers with cloud security firm Sysdig say they’re seeing attacks carried out by a new threat actor that deploys an open-source tool on infected servers to simplify cross-platform compatibility issues. Named PRoot, the tool deploys a universal filesystem that works across multiple Linux versions. Sysdig says the attacker is installing …
Updated on 2022-12-02: Accuro hack New Zealand health insurer Accuro said that hackers gained access to its systems in a security incident last week. The company said that while it has no evidence that customer data was accessed, it can’t rule out this possibility and urged users to be vigilant of possible fraud. Read more: …
A complex of French hospitals was forced to temporarily suspend emergency services in the wake of a cyberattack. So far, six patients, three from intensive care and three from the neonatal unit, have been transferred to other hospitals; other patients are scheduled for transfer as well. The Andre-Mignot Hospital, which is part of the Hospital …
Updated on 2022-12-04 U.K. water supplier hacked: Not a great week for the 1.7 million customers of South Staffs Water and Cambridge Water in the U.K., whose parent company has confirmed a breach of customer bank details — though it’s not saying how many customers are actually affected (assume the worst). The water supplier is …
Updated on 2022-12-01: Vatican DDoS The official website of the Vatican went offline on Wednesday following a DDoS attack carried out by pro-Russian hacktivists. As CNA points out, the attack came a day after Moscow criticized Pope Francis’s latest condemnation of Russia’s invasion of Ukraine. Read more: The Vatican says it’s been hacked — again …
