The Week in Ransomware - October 20th 2023 - Fighting Back
This was a bad week for ransomware, with the Trigona ransomware suffering a data breach and law enforcement disrupting the RagnarLocker ransomware operation. [...]
Stay informed on the latest data breach incidents and security breaches. Protect your information with our up-to-date breach news and analysis.
Search across headline titles and summaries.
Background for this topic.
Breach means unauthorized access to a computer system or network that exposes or steals sensitive data like personal details, passwords, or proprietary information. Attackers often exploit software flaws, weak passwords, or social engineering to gain entry. Breaches can also result from insiders misusing access or accidental data exposure.
Understanding breaches is crucial because they reveal weaknesses in security controls and can lead to data theft or operational disruption. Effective defenses include promptly patching vulnerabilities, enforcing strong authentication, and segmenting networks to limit attacker movement. Detecting breaches quickly through monitoring and logging helps contain damage and guide targeted remediation efforts to secure affected systems and data.
This was a bad week for ransomware, with the Trigona ransomware suffering a data breach and law enforcement disrupting the RagnarLocker ransomware operation. [...]
The International Criminal Court provided additional information about the cyberattack five weeks ago, saying that it was a targeted operation for espionage purposes. [...]
Identity services provider Okta on Friday disclosed a new security incident that allowed unidentified threat actors to leverage stolen credentials to access its support case management system
Okta says attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials. [...]
Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a "very small number" of customers, however it appears the hackers responsible had access to Okta's support platform for at least two weeks before the company fully contained the intrusion.
Microsoft is extending Purview Audit log retention as promised after the Chinese Storm-0558 hacking group breached dozens of Exchange and Microsoft 365 corporate and government accounts in July. [...]
The Iranian hacking group tracked as MuddyWater (aka APT34 or OilRig) breached at least twelve computers belonging to a Middle Eastern government network and maintained access for eight months between February and September 2023. [...]
Class action lawsuits abound after mega breach A cybercriminal claims they've uploaded a second batch of stolen profile data from biotech company 23andMe, posting it to the same cybercrime forum that hosted the first batch two weeks ago.…
Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform. [...]
North Korean threat actors are actively exploiting a critical security flaw in JetBrains TeamCity to opportunistically breach vulnerable servers, according to Microsoft
Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. [...]
The router specialist says the attacker's claims to have heisted millions and millions of records are significantly overblown. But an incident did happen, stemming from a successful phish.
Who knew 3 million actually means 700 in cybercrime forum lingo? D-Link has confirmed suspicions that it was successfully targeted by cyber criminals, but is talking down the scale of the impact.…
A threat actor, presumably from Tunisia, has been linked to a new campaign targeting exposed Jupyter Notebooks in a two-fold attempt to illicitly mine cryptocurrency and breach cloud environments
Hackers are scanning for internet-exposed Jupyter Notebooks to breach servers and deploy a cocktail of malware consisting of a Linux rootkit, crypto miners, and password-stealing scripts. [...]
Taiwanese networking equipment manufacturer D-Link has confirmed a data breach that led to the exposure of what it said is "low-sensitivity and semi-public information." "The data was confirmed not from the cloud but likely originated from an old D-View 6 system, which reached its end of life as early as 2015," the company said
Once ethics guardrails are breached, generative AI and LLMs could become nearly unlimited in its capacity to enable evil acts, researchers warn.
Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month. [...]
The state-sponsored Russian hacking group tracked as 'Sandworm' has compromised eleven telecommunication service providers in Ukraine between May and September 2023. [...]
Also, CISA cataloging new ransomware data points, 17k WP sites hijacked by malware in Sept., and more critical vulns Infosec in brief The fallout from the exploitation of bugs in Progress Software's MOVEit file transfer software continues, with the US Securities and Exchange Commission (SEC) now investigating the matter, and lots of affected parties seeking compensation. …