Tag Archive for: Affected
Report: 90% of companies affected by ransomware in 2022
Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
An annual SpyCloud survey found that 90% of organizations were impacted by ransomware over the past twelve months, an alarming increase from last year’s 72.5%.
To compile the 2022 Ransomware Defense Report, SpyCloud asked over 300 individuals in active IT security roles at U.S., UK and Canadian organizations with at least 500 employees to evaluate the threat of ransomware, as well as their companies’ cyber readiness, over the past 12 months.
Their insights show that while companies have activated to strengthen their cybersecurity postures across the board in light of the increased threat of ransomware, criminals are becoming more sophisticated, leveraging gaps in security to perpetrate attacks.
Despite increased investment in cybersecurity, over the past year, the relentless tide of ransomware continued to disrupt operations and put organizations’ data at risk. Moreover, organizations were more likely than last year to be impacted more than once: 50% were hit at least twice, 20.3% were hit between 6 and 10 times and 7.4% were attacked more than 10 times.
Event
MetaBeat 2022
MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
The growing prevalence of repeat attacks is an indication that popular methods such as data backups –– which respondents saw as their most important ransomware countermeasure –– still leave sensitive data exposed. Once an attack has occurred, retrieving lost data does not prevent attackers from sharing it on the dark web, allowing criminals to use it for future nefarious activities, including their next attack.
Malware hits security defense gaps
Malware preparedness also represents a major gap in organizations’ defenses. IT security teams face a near-total lack of visibility into malware infections on…
Bellingham, Wash., Library Says 735 Patrons Affected by Hack
(TNS) — Bellingham Public Library has reported a data breach affecting “a limited number” of patrons, part of a recent attack on the Whatcom County Library System, city officials said Thursday, July 21.
“A recent data breach affecting Whatcom County Library System’s computer networks also resulted in the unauthorized downloading of some Bellingham Public Library patron data. No data was downloaded directly from Bellingham Public Library or city of Bellingham computer systems,” said Janice Keller, the city’s communications director.
A total of 735 Bellingham Public Library patrons are affected, Keller said in the emailed statement.
“Our library and city teams, in collaboration with Whatcom County Library System, are working swiftly to address this incident and take all necessary and required steps to address it. The investigation into this incident is ongoing,” she said.
Bellingham Public Library has some 89,898 total accounts, Keller said. There are about 60,000 active card holders, according to the library website.
Both the Bellingham and the Whatcom County libraries share a catalog and an electronic management system, and patrons can borrow materials from either library.
In June, an apparent malware attack crippled some Whatcom County library systems, including its phones, email and some digital services..
Affected Bellingham library patrons were informed of the breach, which included their name, birth date, library account number, and library password or PIN.
“Although the investigation is ongoing, we have no reason to believe any additional patron data has been exposed,” Library Director Rebecca Judd said in a letter to affected patrons that was shared with The Bellingham Herald.
©2022 The Bellingham Herald, Distributed by Tribune Content Agency, LLC.
RCE Vulnerability In UnRAR Library Affected Zimbra Platform
A severe remote code execution vulnerability affected the Zimbra email client. The bug typically existed in the UnRAR library that could trigger RCE on the Zimbra platform. Thankfully, the bug received a fix before malicious exploitation.
Zimbra UnRAR Library Vulnerability
Researchers from Sonar recently shared insights about a severe security flaw affecting the Zimbra email platform.
Specifically, the researchers found a zero-day vulnerability in a third-party UnRAR utility used in Zimbra that could trigger RCE. Exploiting the bug didn’t even require authentication. Describing the bug, CVE-2022-30333, the file write vulnerability in the RarLab’s unrar binary, the researchers stated,
An attacker is able to create files outside of the target extraction directory when an application or victim user extracts an untrusted archive. If they can write to a known location, they are likely to be able to leverage it in a way leading to the execution of arbitrary commands on the system.
Although, the bug didn’t directly affect Zimbra. Nonetheless, exploiting it could let an attacker access the sent and received emails on the compromised email server. An adversary could also deploy backdoors on compromised servers, steal credentials and other data, and gain access to other unauthorized areas on the network. Such explicit access became possible due to the unhindered permissions to UnRar utility for Zimbra.
The researchers have shared the technical details of the vulnerability in their post.
Patch Deployed
Following this discovery, Sonar researchers reported the matter to RarLab, and “gave a heads-up” to Zimbra for an upcoming fix.
Eventually, RarLab patched the vulnerability with UnRar binary version 6.12. Hence, all UnRar utility users should get this patched version or later to receive the fix.
Besides, Zimbra also addressed the glitch by configuring 7z as default for extracting RAR archives by Amavis instead of UnRar.
Let us know your thoughts in the comments.