Tag Archive for: alert

LockBit Ransomware Threat Persists | MSSP Alert

/in


MSSPs, MSPs and various cybersecurity providers continue to offer analysis and advice in the aftermath of the stunning LockBit ransomware group takedown this week, while urging caution against other ransomware operations seeking the next opportunity to attack.

It’s possible that the threat may not be over yet. Late this week Sophos X-Ops reported through its social media handle that despite the recent law enforcement activity, Sophos X-Ops had observed several attacks over the preceding 24 hours that appeared to be carried out with LockBit ransomware, built using a leaked malware builder tool. Sophos posted this news in an update to its blog post about the ConnectWise ScreenConnect vulnerabilities.

LockBit Law Enforcement Action

On February 20, the U.S. Justice Department announced that the U.K. National Crime Agency’s (NCA) Cyber Division, working in cooperation with the Federal Bureau of Investigation (FBI) and other international law enforcement partners, seized numerous public-facing websites and servers used by LockBit administrators. The effort dealt a major blow to LockBit threat actors’ ability to attack and encrypt networks and extort victims by threatening to publish stolen data.

The LockBit ransomware variant first appeared around January 2020 and had grown into one of the most active and destructive variants in the world, the Justice Department said. Moreover, LockBit members have executed attacks against more than 2,000 victims in the U.S. and around the world, making at least hundreds of millions of U.S. dollars in ransom demands and receiving over $120 million in ransom payments. 

According to Sophos X-Ops’ analysis, over the past four years LockBit has been among the top 10 most reported ransomware infections since 2020. Sophos’ Incident Response team in 2023 found that LockBit accounted for one in five of all ransomware infections.

Chester Wisniewski, field chief technology officer for Sophos, an MSSP Alert MDR Top 40 company, was cautiously optimistic LockBit had been dealt a death blow.

“Much of LockBit’s infrastructure is still online, but I don’t expect them to make a triumphant return,” Wisniewski said. “These groups continually rebrand and…

Source…

CERT-In Issues High-Risk Security Alert On Certain Samsung Mobile Android Versions

/in


SUMMARY

The affected software includes Samsung mobile Android versions 11, 12, 13 and 14

Multiple vulnerabilities have been reported in Samsung products which could allow an attacker to bypass implemented security restrictions, access sensitive information and execute arbitrary code on the targeted system: CERT-In

Samsung is one of the leading smartphone manufacturers in India, along with companies including Xiaomi, OPPO, OnePlus and Apple

The Computer Emergency Response Team (CERT-In), the Centre’s nodal agency dealing with cyber security, has issued a high-risk security alert for four versions of Samsung phones, saying that multiple vulnerabilities have been reported in the products with certain software.

The affected software includes Samsung mobile Android versions 11, 12, 13 and 14.

“Multiple vulnerabilities have been reported in Samsung products which could allow an attacker to bypass implemented security restrictions, access sensitive information and execute arbitrary code on the targeted system,” said CERT-In in its vulnerability note.

These vulnerabilities exist due to issues such as improper access control in Knox features, issues in the facial recognition software, improper authorisation verification vulnerability in AR emoji, improper input validation vulnerability in Smart Clip, and others, said the advisory. 

“Successful exploitation of these vulnerabilities may allow an attacker to trigger heap overflow and stack-based buffer overflow, access device SIM PIN, send broadcast with elevated privilege, read sandbox data of AR emoji, bypass Knox guard lock via changing system time, access arbitrary files, gain access to sensitive information, execute arbitrary code and compromise the targeted system,” it added.

These vulnerabilities are likely to affect a range of Samsung devices, including the Galaxy S23 series, Galaxy Flip 5, and Galaxy Fold 5. 

Meanwhile, Samsung is one of the leading smartphone manufacturers in India, along with companies including Xiaomi, OPPO, OnePlus and Apple. The company has also been bolstering its position as one of the top smartphone manufacturers in the country.

As per a Canalys report, Samsung maintained its top position with…

Source…

Lurie Children’s Hospital faces computer network outage amid nationwide cybersecurity alert

/in


Computer outage impacts Lurie Childrens Hospital

The Chicago areas largest childrens hospital is currently grappling with a computer network outage, coinciding with a nationwide alert regarding cyber attacks targeting hospitals.

CHICAGOThe Chicago area’s largest children’s hospital is currently grappling with a computer network outage, coinciding with a nationwide alert regarding cyber attacks targeting hospitals.

This is not the first time Lurie Children’s Hospital has faced data-related issues. Last year, the hospital experienced a leak of social security numbers, names, birthdays, and addresses.

Concerns arose on Wednesday morning when parents noticed online irregularities. A message on the hospital’s website indicates an ongoing network outage affecting the internet, emails, phone service, and access to MyChart, a platform crucial for patients containing important health information, the ability to schedule doctor’s visits, and details on upcoming procedures.

Sources informed FOX 32 that a memo was circulated, stating that phone, email, and online medical records were disabled as a precautionary measure.

While Lurie Children’s Hospital has not confirmed any hacking or compromise of their systems, an expert sheds light on potential scenarios.

“It could have been a ransomware attack, where you have a group of individuals who targeted an institution, shut down their system and said, ‘hey if you don’t pay me X amount, we’re not going to turn things back on.’ It could be foreign nationals, quite possibly the Chinese. I know that’s been floated recently in testimony this week before Congress. Their efforts to penetrate and be able to disable US infrastructure is becoming quite rampant,” said Ross Rice, former FBI agent.

Efforts to obtain clarification from Lurie Children’s Hospital about the situation have been made, but as of now, there has been no response.

An alert on the hospital’s website states that they are actively working to resolve the issue.

Source…

Scam Alert: Fake obituary links on Facebook can lead to malware, virus – 11Alive.com WXIA

/in



Scam Alert: Fake obituary links on Facebook can lead to malware, virus  11Alive.com WXIA

Source…