News – February 2024

  • #StopRansomware: Phobos Ransomware

    February 29, 2024

    The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint CSA, to disseminate known TTPs and IOCs associated with the Phobos ransomware variants observed as recently as February 2024, according to open source reporting. Phobos is structured as a ransomware-as-a-service ...

  • Golden Corral Corporation Provides Notice of Data Privacy Event

    February 29, 2024

    Golden Corral Corporation is notifying certain individuals of a recent incident that may impact the privacy of past and present employees, dependents, and beneficiary personal information. Golden Corral is unaware of any misuse of the information and is providing notice to potentially affected individuals out of an abundance of caution. On or about August 15, 2023, ...

  • Ireland: Dept of Foreign Affairs investigating potential cybersecurity incident

    February 29, 2024

    The Department of Foreign Affairs (DFA) has said that it is investigating a potential cybersecurity incident involving its systems. The DFA said that it was notified by Ireland’s National Cyber Security Centre (NCSC) yesterday about the possible security breach and is working closely with the NCSC to establish whether this allegation is authentic. It follows reports ...

  • Cyber attack affects numerous services at most Nebraska state hospital

    February 29, 2024

    The Nebraska Hospital Association said most state hospitals were affected by a cyber attack. The NHA said Change Health Care was hit with the attack on Feb. 21. The technology company assists with things like prior authorizations, insurance verification and patient billing. All of those services are affected. Read more… Source: MSN News  

  • A ransomware gang claims to have hacked nearly 200GB of Epic Games internal data

    February 28, 2024

    A ransomware gang claims to have hacked Epic Games, saying it has nearly 200 gigabytes of internal data. Reportedly, the gang, which goes by the name Mogilevich, posted a message on its darknet leak site giving more information on its claimed leak of the Fortnite and Epic Games Store company. “We have quietly carried out an ...

  • Pennsylvania: Welch plant in North East restarts after cyber attack shuts facility down for 3 weeks

    February 28, 2024

    In a statement provided to the Erie Times-News, the company said: “On Monday, we restarted our spreads production bringing more than 100 employees back to work at our North East plant. We expect additional employees to return to work over the next few days as we get more production lines running. Throughout this disruption, we’ve continued ...

  • Pharma giant Cencora hit by major cyberattack

    February 28, 2024

    Cencora has confirmed suffering a data breach earlier this month which resulted in the theft of sensitive, personal data. Cencora is a drug wholesale company and a contract research firm that was previously known as Amerisource Bergen. It was formed in 2001, after the merger of Bergen Brunswig and AmeriSource. Read more… Source: MSN News  

  • Navigating the Cloud: Exploring Lateral Movement Techniques

    February 28, 2024

    In this post, Unit 42 researchers reseat examine lateral movement techniques, showcasing some that they have observed in the wild within cloud environments. Lateral movement can be achieved by leveraging both cloud APIs and access to compute instances, with access at the cloud level potentially extending to the latter. We explore cloud lateral movement techniques in ...

  • Most data breaches on enterprise attack the supply chain

    February 28, 2024

    The vast majority of data breaches happening in the enterprise occurred through the software and technology supply chain. This is according to the Global Third-Party Cybersecurity Breach Report, a new research paper published by the SecurityScorecard security organization. As per the report, 75% of all third-party breaches targeted the software and technology supply chains, mostly because ...

  • Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts

    February 27, 2024

    Mandiant and Ivanti’s investigations into widespread Ivanti zero-day exploitation have continued across a variety of industry verticals, including the U.S. defense industrial base sector. Following the initial publication on Jan. 10, 2024, Mandiant observed mass attempts to exploit these vulnerabilities by a small number of China-nexus threat actors, and development of a mitigation bypass exploit targeting ...