Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Backups. Show all posts
Ransomware
Backups computer crime cryptocurrency Cyber Security Cybersecurity Data Recovery encryptor Hacking phishing Ransomware

The Evolution of Computer Crime: From Tinkering to Ransomware Threats

 



In the early days of computing, systems were relatively isolated, primarily reserved for academic and niche applications. Initial security incidents were more about experimentation gone wrong than intentional harm.

Today, the scenario is vastly different. Computers are everywhere—powering our homes, workplaces, and even critical infrastructure. With this increased reliance, new forms of cybercrime have emerged, driven by different motivations.

Computer crimes, which once revolved around simple scams and tech-savvy groups, have evolved. Modern attackers are more professional and devastating, often state-sponsored, like ransomware collectives.

A prime example of this evolution is ransomware. What began as simple criminal schemes has turned into a full-fledged industry, with criminals realizing that encrypting data and demanding payment is a highly lucrative enterprise.

Ransomware attacks follow a predictable pattern. First, the attacker deploys an encryptor on the victim’s system, locking them out. Then, they make their presence known through alarms and ransom demands. Finally, if the ransom is paid, some attackers provide a tool to decrypt the data, though others might threaten public exposure of sensitive data instead.

However, ransomware attackers face two key challenges. The first is infiltrating the target system, often achieved through phishing tactics or exploiting vulnerabilities. Attacks like WannaCry highlight how these methods can devastate unprotected systems.

The second challenge is receiving payment without revealing the attacker’s identity. Cryptocurrencies have helped solve this problem, allowing criminals to receive payments anonymously, making it harder for authorities to trace.

Preventing ransomware isn’t solely about avoiding the initial attack; it’s also about having a recovery strategy. Regular backups and proper employee training on cybersecurity protocols are crucial. Resilient companies use backup strategies to ensure they can restore systems quickly without paying ransoms.

However, backups must be thoroughly tested and isolated from the main system to prevent infection. Many companies fail to adequately test their backups, leading to a difficult recovery process in the event of an attack.

While ransomware isn’t a new concept in technical terms, its economic implications make it a growing threat. Cybercriminals can now act more ruthlessly and target industries that can afford to pay high ransoms. As these attacks become more common, companies must prepare to mitigate the damage and avoid paying ransoms altogether
Read more »
Qlik Servers
Backups Cactus ransomware Cyber Security Data Theft Qlik Servers

Qlik Sense Servers Prone To Cactus Ransomware Threats

 


Security experts are urgently warning about the vulnerability of thousands of Qlik Sense servers to potential ransomware attacks by the troubling Cactus group. Despite prior disclosures of vulnerabilities by Qlik, many organisations remain at risk due to unpatched systems.

Qlik, an eminent player in data visualisation and business intelligence, disclosed two critical vulnerabilities, known as CVE-2023-41266 and CVE-2023-41265, in August last year. These flaws, when exploited together, enable remote attackers to execute arbitrary code on vulnerable systems. Additionally, a subsequent disclosure in September, CVE-2023-48365, revealed a bypass of Qlik's initial fix, leaving systems vulnerable to exploitation.

Recent reports highlight the active exploitation of these vulnerabilities by the Cactus ransomware group to infiltrate target environments. Despite warnings from security vendors like Arctic Wolf, ongoing attacks persist. A recent scan by Fox-IT uncovered over 5,000 internet-accessible Qlik Sense servers, with a significant portion still vulnerable to exploitation.

Countries such as the US, Italy, Brazil, Netherlands, and Germany face a concerning number of vulnerable servers, elevating the risk for organisations in these regions. In response, security organisations like Fox-IT and the Dutch Institute for Vulnerability Disclosure (DIVD) have launched efforts under Project Melissa to disrupt Cactus group operations.

Upon identifying vulnerable servers, Fox-IT and DIVD have actively notified affected organisations, urging immediate action to mitigate the risk of a ransomware attack. Joining the effort, the ShadowServer Foundation emphasises the urgent need for remediation to prevent compromise.

To assist organisations in identifying potential compromise, specific indicators such as the presence of unusual font files, qle.ttf and qle.woff, have been highlighted. These files, not standard in Qlik Sense installations, may indicate unauthorised access or remnants of previous security incidents.

In recognizing the gravity of the situation, Fox-IT stressed the need for proactive measures to address the potential risks of ransomware attacks. These measures include promptly patching vulnerable systems to fix known security issues and conducting thorough security assessments to identify and resolve any existing weaknesses in the network infrastructure.

Additionally, organisations are encouraged to implement robust cybersecurity measures, such as deploying intrusion detection and prevention systems, enhancing network segmentation to limit the impact of potential breaches, and enforcing strong access controls to prevent unauthorised access to sensitive data.

Regular employee training and awareness programs play a crucial role in identifying and mitigating security risks, including phishing attacks or social engineering attempts. By educating employees about the latest cybersecurity threats and best practices, organisations can strengthen their overall security posture and reduce the risk of successful ransomware attacks.

Moreover, maintaining up-to-date backups of critical data is essential to ensure data integrity and facilitate recovery in the event of a ransomware attack. Organisations should establish a comprehensive backup strategy that includes regular backups, secure storage of backup data, and testing of backup restoration procedures to ensure their effectiveness.

Given these developments, the collective efforts of security organisations, alongside proactive measures by organisations, are critical in mitigating the risk posed by the Cactus ransomware group and similar threats.


Read more »
Ransomware
Backups Business Safety Cyber Security Data protection Ransomware

The High Cost of Neglecting Backups: A Ransomware Wake-Up Call

 


Ransomware attacks are becoming increasingly costly for businesses, with a new study shedding light on just how damaging they can be. According to research from Sophos, a staggering 94% of organisations hit by ransomware in 2023 reported attempts by cybercriminals to compromise their backups. This alarming trend poses a significant threat to businesses, as compromised backups can lead to a doubling of ransom demands and payments compared to incidents where backups remain secure.

The impact is particularly severe for certain sectors, such as state and local government, the media, and the leisure and entertainment industry, where 99% of attacks attempted to compromise backups. Perhaps most concerning is the revelation that overall recovery costs can skyrocket when backups are compromised, with organisations facing recovery costs up to eight times higher than those whose backups remain unaffected.

To mitigate the risk of falling victim to ransomware attacks, businesses are urged to take proactive measures. First and foremost, it's essential to backup data frequently and store backups securely in a separate physical location, such as the cloud, to prevent them from being compromised alongside the main systems. Regularly testing the restoration process is also crucial to ensure backups are functional in the event of an attack.

Furthermore, securing backups with robust encryption and implementing layered defences to prevent unauthorised access is essential for ransomware defence. Vigilance against suspicious activity that could signal attackers attempting to access backups is also recommended.

While it's tempting to believe that your organisation won't be targeted by ransomware, the reality is that it's not a matter of if, but when. Therefore, taking proactive steps to secure backups and prepare for potential attacks is imperative for businesses of all sizes.

For businesses seeking additional guidance on ransomware remediation, you can follow this step-by-step guide in order to navigate the recovery process. This Ransomware Defender solution aims to minimise the impact of data breaches and ensure business continuity by storing backups in a highly secure environment isolated from the main infrastructure.

The threat of ransomware attacks targeting backups is real and growing, with significant implications for businesses' financial, operational, and reputational security. By implementing robust backup strategies and proactive defence measures, organisations can better protect themselves against the rising tide of ransomware attacks.


Read more »
User Privacy
Backups Encrypted Files FBI Malicious actor Malicious Threat malware Multi-Factor Authentication (MFA) Ransomware Attacks. User Privacy

FBI Warns of Rising Dual Ransomware Attacks

Dual ransomware attacks have become a new, alarming trend in a digital environment replete with cyber threats. Using this smart strategy, criminals target an institution twice, multiplying the potential harm and raising the ransom demands. The FBI's most recent findings have shed insight on the seriousness of this developing threat.

According to the FBI, these attacks have surged in recent months, leaving organizations scrambling to bolster their cybersecurity measures. Special Agent Scott Smith, who leads the FBI’s Cyber Division, warns, "Dual ransomware attacks are a game-changer. They represent a significant escalation in the tactics employed by cybercriminals."

One high-profile incident detailed in a report by Tech Monitor involved a multinational corporation falling victim to a dual ransomware attack. The first attack infiltrated the company's network, encrypting critical files and crippling operations. Just as the organization was working to recover, a second attack hit, targeting backup systems and leaving the company with no option but to negotiate with the criminals.

The Register’s report further emphasizes the severity of this threat. It reveals that criminal organizations are becoming increasingly organized and resourceful, collaborating across borders to execute these attacks. The report quotes cybersecurity expert Dr. Emily Chen, who states, "Dual ransomware attacks signify a new level of sophistication among cyber criminals. It's no longer a matter of if an organization will be targeted, but when."

The implications of dual ransomware attacks are far-reaching. Not only do they result in financial losses from ransoms paid, but they also lead to significant operational disruptions and damage to an organization's reputation. Moreover, the psychological toll on employees can be immense, as they grapple with the stress and uncertainty of such attacks.

To mitigate the risks posed by dual ransomware attacks, organizations must adopt a multi-layered approach to cybersecurity. This includes regular employee training, robust threat intelligence programs, and the implementation of advanced security technologies. Additionally, maintaining up-to-date backups and a well-defined incident response plan can be crucial in the event of an attack.

Ransomware attacks that involve two different strains of malware are becoming more common, a clear indication that cybercriminals are becoming more sophisticated and organized. Businesses must take the lead in bolstering their cybersecurity defenses. A proactive and adaptable strategy is essential to safeguarding sensitive data and maintaining operational resilience in the ever-changing cyberwarfare landscape.

Read more »
Sensitive Data Leak
Backups Encryption Tools Linux Malware malware MFA Phishing Attacks Ransomware Attacks. Sensitive Data Leak

Monti Ransomware Strikes Government Systems Again

The notorious Monti ransomware has made an ominous comeback and is now targeting government organizations. Recent reports from cybersecurity professionals indicate that this malware version has reappeared with a new and powerful encryptor, specifically targeting Linux-powered devices. The cybersecurity community has been shaken by this development, which has prompted increased vigilance and efforts to block its advancements.

The Monti ransomware first gained notoriety for its sophisticated tactics and high-profile targets. Over the years, it has undergone several transformations to enhance its capabilities and expand its reach. Its focus on government entities raises concerns about potential disruptions to critical services, sensitive data leaks, and economic implications.

Security researchers at Trend Micro have identified the ransomware's latest campaign, which involves a newly designed encryptor tailored to Linux-based systems. This adaptation showcases the malware operators' determination to exploit vulnerabilities in various environments, with a clear emphasis on government networks this time. The attackers deploy phishing emails and exploit software vulnerabilities to gain unauthorized access, underlining the importance of consistent software updates and employee training in cybersecurity best practices.

The ramifications of a successful Monti ransomware attack on government systems could be dire. It could lead to halted public services, jeopardized confidential information, and the potential compromise of national security. As the attackers continue to refine their techniques, the need for a multi-layered security approach becomes paramount. This includes robust firewalls, intrusion detection systems, regular data backups, and continuous monitoring to promptly identify and mitigate any potential breaches.

The Monti ransomware's resurgence serves as further evidence of how cyber dangers are always changing. Cybercriminals are broadening their objectives to include industries that house sensitive data and essential infrastructure in addition to enhancing their attack routes. In order to effectively stop the ransomware's comeback, government agencies, business enterprises, and cybersecurity specialists must work together to exchange threat intelligence, best practices, and preventative measures.

Security companies are working hard to investigate the ransomware's behavior, extract the decryption keys, and create solutions that might be able to mitigate its effects in response to this most recent threat. However, prevention is still the best course of action. Government organizations must prioritize cybersecurity by putting money into cutting-edge technology, doing frequent vulnerability scans, and encouraging a cybersecurity awareness culture among staff members.

Read more »
Ransomware Attacks.
Backups Crypto Cyber Security Malicious actor RaaS Ransomware Attacks.

Ransomware Trends: RaaS and Cryptocurrency Impacts

Ransomware attacks have become a pressing concern for individuals, businesses, and governments worldwide. Cybercriminals are constantly evolving their tactics, and two significant trends that demand close monitoring are the rise of Ransomware-as-a-Service (RaaS) and the growing reliance on cryptocurrencies for ransom payments.

According to recent reports, ransomware attacks have become increasingly sophisticated due to the emergence of Ransomware-as-a-Service. This model allows even less experienced hackers to launch ransomware campaigns with ease. By using RaaS, malicious actors can purchase ready-to-use ransomware kits from more skilled developers, giving them access to advanced tools without the need for extensive technical knowledge. This trend has dramatically widened the scope of potential attackers, leading to a surge in ransomware incidents across the digital landscape.

The impact of Ransomware-as-a-Service is not limited to smaller-scale operations. It has enabled the creation of formidable cybercrime syndicates capable of orchestrating large-scale attacks on critical infrastructures and major corporations. As a result, businesses of all sizes must be vigilant in bolstering their cybersecurity measures to fend off these increasingly prevalent threats.

Furthermore, ransomware attackers are exploiting cryptocurrencies to anonymize their transactions and evade law enforcement. Cryptocurrencies, such as Bitcoin, have emerged as the preferred method of payment for ransoms due to their decentralized nature and pseudo-anonymous properties. Transactions carried out using cryptocurrencies are challenging to trace, making it difficult for authorities to identify and apprehend the criminals behind these attacks.

The use of cryptocurrencies in ransom payments also creates an additional layer of complexity for victims and law enforcement agencies. As transactions are conducted peer-to-peer, there is no central authority that can freeze or retrieve funds. Once the ransom is paid, it is often impossible to recover the funds, leaving victims with limited options for recourse.

One of the key aspects of tackling ransomware effectively is understanding the motivations and techniques employed by attackers. As cyber criminals adapt their strategies, organizations, and individuals must remain informed about the latest trends and statistics surrounding ransomware. By staying up-to-date, they can implement proactive measures to mitigate the risks associated with these evolving threats.

As an industry expert highlights, "The increase in Ransomware-as-a-Service offerings has democratized cybercrime, allowing more threat actors to participate and launch attacks. At the same time, the adoption of cryptocurrencies as the preferred payment method makes it imperative for organizations to invest in robust cybersecurity measures and maintain data backups to protect against potential ransomware attacks."

Collaboration between private businesses and law enforcement authorities is now essential in the face of the escalating ransomware threat. Sharing threat intelligence and best practices can be crucial to effectively battling ransomware and reducing its effects on both organizations and people.

Read more »
Threat actors
Backups Black Basta Cyber Attacks Cyberattack Encryption Ransomware attack Threat actors

Rheinmetall Hit by BlackBasta Ransomware: Disruption to Arms Production

Arms manufacturer Rheinmetall has recently confirmed that it fell victim to a ransomware attack orchestrated by the BlackBasta ransomware group. The cyberattack has caused significant disruption to the company's operations, including its arms production capabilities.

Rheinmetall, a prominent German defense contractor, specializes in manufacturing a wide range of military and security equipment. The attack on such a high-profile player in the defense industry underscores the growing threat of ransomware attacks targeting critical infrastructure and sensitive sectors.

The BlackBasta ransomware group, known for its aggressive tactics and targeting of large organizations, has been identified as the perpetrator of the attack. The group employs sophisticated techniques to infiltrate and encrypt the victim's systems, demanding a ransom payment in exchange for the decryption keys.

Rheinmetall has not disclosed the specific ransom amount demanded by the attackers or whether it has chosen to engage in negotiations. However, the incident highlights the potentially devastating impact that ransomware attacks can have on crucial industries, potentially leading to operational disruptions and financial losses.

The immediate consequences of the attack have been felt within Rheinmetall's production facilities, causing delays and interruptions to ongoing arms manufacturing processes. The company has initiated an extensive investigation to assess the extent of the breach and mitigate any potential long-term damage to its operations and reputation.

In response to the attack, Rheinmetall has taken immediate measures to contain the breach and secure its systems. It has engaged external cybersecurity experts to assist in the recovery process and strengthen its defenses against future threats. Additionally, the company has implemented stringent security protocols and is enhancing employee training on cybersecurity best practices.

The incident involving Rheinmetall serves as a stark reminder to organizations across all sectors of the critical importance of maintaining robust cybersecurity measures. Ransomware attacks continue to evolve in sophistication and scale, targeting both public and private entities. The consequences of a successful attack can be severe, ranging from financial losses to reputational damage and even threats to national security.

Organizations must adopt a proactive approach to cybersecurity, including regular system updates, robust backup procedures, and comprehensive incident response plans. By prioritizing cybersecurity measures, organizations can minimize the risk of falling victim to ransomware attacks and other cyber threats.
Read more »
Unauthorized access
Backups Cloud Computing Data Breach Encryption GigaOm MFA Unauthorized access

GAO Urges Federal Agencies to Implement Key Cloud Security Practices

The Government Accountability Office (GAO) has called on federal agencies to fully implement essential cloud security practices in order to enhance their cybersecurity posture. In a recent report, the GAO highlighted the importance of adopting and adhering to these practices to mitigate risks associated with cloud computing.

According to the GAO, four federal departments have not fully implemented cloud security practices, which puts their systems and data at increased vulnerability. The report emphasizes that addressing these shortcomings is critical for ensuring the confidentiality, integrity, and availability of sensitive information stored in the cloud.

Cloud computing offers numerous benefits to federal agencies, including increased efficiency, scalability, and cost-effectiveness. However, it also introduces unique cybersecurity challenges that must be addressed proactively. The GAO report outlines several key security practices that agencies should prioritize to strengthen their cloud security posture.

One of the primary recommendations is to implement strong identity and access management controls. This involves ensuring that only authorized individuals have access to sensitive data and systems and that user privileges are properly managed and monitored. By implementing multi-factor authentication and robust user access controls, agencies can significantly reduce the risk of unauthorized access.

Another crucial aspect highlighted by the GAO is the need for comprehensive data protection measures. This includes encrypting sensitive data both at rest and in transit, implementing secure data backup and recovery processes, and regularly testing the effectiveness of these measures. By employing encryption and backup protocols, agencies can minimize the impact of data breaches or system failures.

Additionally, the GAO emphasizes the importance of monitoring and logging activities within cloud environments. By implementing robust logging mechanisms and real-time monitoring tools, agencies can detect and respond to security incidents promptly. This enables them to identify unauthorized access attempts, suspicious activities, and potential vulnerabilities that could be exploited by attackers.

The GAO report further highlights the significance of training and awareness programs for agency personnel. It recommends providing comprehensive cybersecurity training to employees, ensuring they are aware of potential threats, best practices, and their role in maintaining a secure cloud environment. Regular training and awareness initiatives can help strengthen the overall security culture within agencies.

The GAO study concludes by serving as a reminder to government agencies of the significance of fully implementing important cloud security measures. Agencies can dramatically improve their cybersecurity posture in the cloud by giving priority to identity and access control, data protection, monitoring, and training. Federal agencies must act quickly on these recommendations and set aside the necessary funds to guarantee the integrity and security of their cloud-based systems and data.
Read more »
User Privacy
Backups Data Breach Phishing Attacks San Francisco User Privacy

San Francisco Battles Cybercrime Surge

 

San Francisco is currently battling a surge in cybercrime, which officials are calling a 'tsunami.' The recent attack on Oakland has been one of the biggest hits in the area, and authorities are working tirelessly to prevent similar incidents.

The Oakland attack was a ransomware attack, where hackers demanded payment in exchange for unlocking the city's computer systems. This attack caused significant disruptions to city services and resulted in a large financial cost.

The attack on Oakland is just one example of the increasing number of cyber attacks happening in the San Francisco area. Cybercriminals are using more sophisticated tactics, making it challenging for law enforcement to keep up.

To combat this surge in cybercrime, San Francisco officials are ramping up their efforts to prevent and respond to attacks. This includes increasing funding for cybersecurity and working with law enforcement agencies to share information about threats.

However, preventing cybercrime is not just the responsibility of officials. Individuals and businesses must also take steps to protect themselves. This includes using strong passwords, regularly updating software, and being cautious about opening suspicious emails or clicking on unknown links.

Furthermore, businesses should take additional steps to protect their data, such as backing up important files and implementing security protocols for remote workers.

While the rise in cybercrime is concerning, it is important to remember that there are steps that individuals and businesses can take to protect themselves. By working together, San Francisco can continue to combat this "tsunami" of cybercrime and protect its citizens and businesses from harm.

Read more »
User Privacy
Backups Canada Cyber Security Encryption Malicious actor Password United States User Privacy

5 Updates to Secure Data as Workers Return to Work

According to an Adastra survey, more than 77% of IT decision-makers in the U.S. and Canada estimate their organizations will likely experience a data breach over the next three years.

Employees should be aware of data security practices since the 2022 Verizon Data Breach Investigations Report states, 82% of data breaches are caused by human error, placing companies of all sizes at risk.

5 Upgrades to Data Security


1. Protect data, not simply the barrier

With approximately 90% of security resources going toward firewall technology, it appears that many firms are focusing on protecting the walls around their data. However, there are potential ways for firewalls, including via clients, partners, and staff. Such individuals can all get beyond external cyber security and abuse sensitive data. 

2. Be aware of threats

Insider threats can be challenging to identify and stop due to their nature. It might be as simple as a worker opening an email attachment that is from a credible source and activating a ransomware worm. Threats of this nature are the most frequent and expensive worldwide.

3. Encrypt each device

A growing number of individuals prefer to work on personal devices. A solid, unchangeable data backup strategy might aid a business in making a speedy incident recovery. 

4. Create secure passwords

Most firms tend to display weak password policies, resulting in basic, generic, and hackable passwords for vital accounts that have access to private and priceless data. Passwords should be fairly complex; they should be updated every 90 days. 

5. Develop a company safety strategy

Each person who has a username and password is responsible for data security. IT administrators must regularly remind managers and employees that they are never permitted to share their login information with any third parties.

Data security is identified as the largest disruptor in 2023 by researchers as businesses continue to boost their cybersecurity resilience. According to the poll, 68% of managers say that the company has a cybersecurity unit and another 18% indicate companies are in process of building one. Only 6% of participants claimed to have no cybersecurity section.

A breach could cost significantly more than an audit from a data security firm. The estimated cost of a data breach in the US increased from $9 million to $9.4 million in 2022, as per Statista.

Read more »
ransomware.
Backups Bitdefender cyber attack Cyber Security ransomware.

A New Decryptor by Bitdefender for Victims of LockerGoga Ransomware

 

As part of Bitdefender's official announcement, the company notified that it had released a free decryptor for ransomware called LockerGoga to recover the encrypted files without paying any ransom.
 
The Romania-based cybersecurity firm, Bitdefender released a universal LockGoga decryptor. The company stated in its published announcement, that the new decryptor is a combination of international law agencies, including Bitdefender, Europol, the NoMoreRansom project, the Zurich Public Prosecutor’s office, and the Zurich Cantonal Police. 
  
The new decryptor by Bitdefender is a helping tool for decrypting the files of the victims, free of cost. It uses the path containing pairs of clean-encrypted files and scans the entire system of files or file folders. This decryptor provides a feature called as “backup file”, which comes in handy in case of any problem during the decryption of the files.
 
LockerGoga is a program classified as ransomware, it came into notice in the 2019 cyber-attack against the U.S. and Norway-based companies, where the threat actors targeted high-profile organisations and individuals, including the world's greatest aluminum producer Norsk Hydro, and engineering firm Altran Technologies of France. They used it to encrypt the stored data on computers and blackmailed the users for ransom in exchange for decryption tools.
 
The National Cyber Security Centre (NCSC) reported that this computer infection was used in attacking over 1800 organizations all around the world. Cyberattacks involving various ransomware, one of them being LockerGoga, led to monetary damages of approximately 104 million US Dollars in 71 countries.
 
Around 12 of the attackers involved in the cyber-attack were arrested in October 2021 under an international law enforcement operation for spreading ransomware. In the wake of the arrest of its operator, LockerGoga was dismantled – which also led to the termination of all master private keys used in the encryption. As a result, those victims who did not pay the ransom to the threat actors were left with encrypted files waiting to recover them.
 
Read more »
WordPress
Backups Bugs data security Flaws Security Vulnerabilities and Exploits WordPress

New Zero-day Flaw in BackupBuddy Plugin Leaves WordPress Users at Risk

 

Wordfence, a WordPress security company, has disclosed that a zero-day vulnerability in the BackupBuddy plugin is being actively exploited. 

"This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it stated.

Users can back up their entire WordPress installation from the dashboard, including theme files, pages, posts, widgets, users, and media files, among other things. The flaw (CVE-2022-31474, CVSS score: 7.5) affects versions 8.5.8.0 to 8.7.4.1 of the plugin, which has an estimated 140,000 active installations. It was fixed in version 8.7.5, which was released on September 2, 2022. 

The problem stems from the "Local Directory Copy" function, which is intended to keep a local copy of the backups. The vulnerability, according to Wordfence, is the consequence of an insecure implementation that allows an unauthenticated threat actor to download any arbitrary file on the server. Additional information about the vulnerability has been withheld due to active in-the-wild abuse and the ease with which it can be exploited.

The plugin's developer, iThemes, said, "This vulnerability could allow an attacker to view the contents of any file on your server that can be read by your WordPress installation. This could include the WordPress wp-config.php file and, depending on your server setup, sensitive files like /etc/passwd."

Wordfence reported that the targeting of CVE-2022-31474 began on August 26, 2022, and that it has blocked nearly five million attacks since then. The majority of the intrusions attempted to read the files listed below -
  • /etc/passwd
  • /wp-config.php
  • .my.cnf
  • .accesshash
Users of the BackupBuddy plugin are encouraged to update to the most recent version. They should determine that they may have been compromised, it's recommended to reset the database password, change WordPress Salts, and rotate API keys stored in wp-config.php.
Read more »
User Privacy
Albanian Cyber Army Backups Cyber Attacks Microsoft Russia-Ukraine War User Privacy

Albania's Government Networks Were Disabled Amid Cyberattack

 

According to a report from the Albanian National Agency for the Information Society, a cyberattack from an anonymous source led the Albanian government to shut down the websites of the prime minister's office and the parliament. 

Most Albanian nationals and tourists from other countries utilize the e-Albania website, which currently acts as a hub for several formerly operational civil state offices. 

According to the Albanian National Agency for the Information Society (AKSHI), "we have been compelled to shut down government systems to survive these unprecedented and dangerous strikes until the enemy attacks are neutralized."

Only a few crucial services, like online tax filing, are still operating since they are provided by servers that were not targeted in the attack, while the majority of desk services for the public were disrupted.

Both the duration of the government systems' downtime and the identity of the cyberattack's perpetrator are unknown. According to Albanian media, the attack was comparable to those targeting critical systems in Ukraine, Belgium, Malta, Netherland, Germany, Lithuania, and Belgium.

While there have been instances of 'independent hacker groups' attacking countries in the past, Oliver Pinson-Roxburgh, CEO of cybersecurity platform Defense.com, said it is unlikely that such a group would be able to operate on this scale.

The report states that due to the early detection, the government's essential systems were able to shut down safely and they are all "backed-up and safe."

It said that to resolve the issue and 'restore normalcy,' Albanian officials were working with Microsoft and Jones Group International experts.



Read more »
WhatsApp
Backups malware phishing Phishing and Spam Spain Spanish WhatsApp

Bogus Backup Message from WhatsApp Delivers Malware to Spanish Users

 

Authorities in Spain have issued a warning about a phishing campaign that impersonates WhatsApp to deceive consumers into installing a trojan. The recipients are advised to get copies of their chats and call records from a website that only sells the NoPiques virus. 

The NoPiques (“Do not chop”) malware is packaged in an a.zip archive that infects vulnerable devices on execution. The Spanish language subject line for dangerous emails is often ‘Copia de seguridad de mensajes de WhatsApp *913071605 No (xxxxx)', however, this may not be the case always as it can vary. Unlike many malware-peddling phishing messages in English and other languages, the emails are written in grammatically correct Spanish, or at least with few faults. 

The Spanish National Cybersecurity Institute's (INCIBE) Oficina de Seguridad del Internauta (OSI) has issued a warning regarding the malware campaign. “If you haven't run the downloaded file, your device may not have been infected. All you have to do is delete the file that you will find in the download folder. You should also send the mail you have received to the trash,” said INCIBE. 

“If you have downloaded and run the malicious file, your device may have been infected. To protect your device, you must scan it with an updated antivirus or follow the steps that you will find in the device disinfection section. If you need support or assistance to eliminate the Trojan, INCIBE offers you its response and support service for security incidents,” they added. 

INCIBE said that they remind consumers: in case of doubt about the legitimacy of an email, they should not click on any link or download any attached file. To check the veracity, consumers can contact the company or the service that supposedly sent them the email, always through their official customer service channels. 

They also said that in addition, for greater security, it is advisable to periodically back up all the information that consumers consider important so that, if their computer is affected by a security incident, they do not lose it. They further added that it is also advisable to keep their devices updated and always protected with an antivirus.
Read more »
Windows
A2 Hosting Windows TITSUP Backups Breach of Security and Privacy malware Operating system Windows

A2 Hosting finds 'restore' the hardest word as Windows outage slips into May

The great A2 Hosting Windows TITSUP has entered its second week as the company continues to struggle to recover from a security breach that forced its System Operations team to shut down all its Windows services.

To recap, things went south on 23 April as malware spread over the company's Windows operation, causing a problem so severe that the A2 Hosting team decided the only way to recover was to restore data from backups. The company told furious customers last week that "Restores continue to progress at a steady pace".

Except, alas, things have not gone smoothly.

As some services gradually tottered into life, users made the horrifying discovery that the backups being restored from were less than minty fresh.

A "day or two" is bad enough for an ecommerce site, but the loss of several months' worth of data is an altogether angrier bag of monkeys. To make matters worse, the company has left it to users to work out just how whiffy those backups are.

Register reader David Sapery, who was lucky enough to see his services stagger back to life after a five-day liedown, was then somewhat embarrassed when his customers, finally able to access his sites, told him things looked a tad outdated.

Sapery told us: "Anything on any of my websites that was updated over the past 2+ months is gone."

Still, Sapery was at least able to recover. Another reader was not so lucky, describing his experience as "an unmitigated disaster."

Having spent eight months and "thousands of dollars", the unfortunate A2 Hosting customer told us that "my business and all my hard work has been gutted within seven days by a hosting company that clearly did not have robust security in place."

A2 Hosting will, of course, point to its Terms of Service where it makes it quite clear that it is not responsible for any data loss and that users are responsible for their own backups.
Read more »
Subscribe to: Posts (Atom)