SANS Reveals Top 5 Most Dangerous Cyberattacks for 2023
Expert instructors from the SANS Institute here yesterday detailed what they cite as the most dangerous forms of cyberattacks for 2023. Some of the key themes bubbling to the surface included the intersection of AI with attack patterns and the ways that attackers are taking advantage of highly flexible development environments. “This is my favorite…
Experts released PoC Exploit code for actively exploited PaperCut flaw
Hackers are actively exploiting PaperCut MF/NG print management software flaws (tracked as CVE-2023-27350 and CVE-2023-27351) in attacks in the wild. The threat actors were observed installing the Atera remote management software to take over vulnerable servers. On April 19th, Print management software provider PaperCut confirmed that it is aware of the active exploitation of the…
American Bar Association (ABA) suffered a data breach,1.4 million members impacted
The American Bar Association (ABA) is a voluntary bar association of lawyers and law students; it is not specific to any jurisdiction in the United States. The ABA has 166,000 members as of 2022. The attackers may have gained access to the members’ credentials for a legacy member system that was decommissioned in 2018. The…
‘EvilExtractor’ All-in-One Stealer Campaign Targets Windows User Data
A phishing campaign that launched in March and is actively targeting Microsoft operating system users in Europe and the US is making the rounds, using the EvilExtractor tool as its weapon of choice. Research this week from FortiGuard Labs details the EvilExtractor attack chain, explaining that it usually starts with a legitimate-seeming Adobe PDF or…
Trigona Ransomware Trolling for ‘Poorly Managed’ MS-SQL Servers
The Trigona ransomware threat actors are waging a campaign against Microsoft SQL database servers because many of them have external connections and weak passwords, leaving them open targets for brute force or dictionary attacks. These vulnerable MS-SQL servers were designated as “poorly managed” by AhnLab Security’s new alert about Trigona’s nefarious activities. “If a threat…
Russian cyber spy group APT28 backdoors Cisco routers via SNMP
APT28, the hacking arm of Russia’s GRU military intelligence agency has been backdooring Cisco routers by exploiting a remote code execution vulnerability in the Cisco IOS implementation of the simple network management protocol (SNMP), according to a statement by Western security agencies. The malware deployed on compromised routers patches the router’s authentication mechanism to always…
Aloha PoS Restaurant Software Downed by Ransomware Attack
After days of outages, NCR Corp. has confirmed that its Aloha point-of-sale (PoS) software platform, used by thousands of restaurants across the US, was taken down by a ransomware attack on one of its data centers. The BlackCat ransomware group has claimed responsibility for the Aloha POS cyberattack. “Please rest assured that we have a…
A cyberattack on the Cornwall Community Hospital in Ontario is causing treatment delays
A cyberattack on the Cornwall Community Hospital in Ontario, Canada, is causing delays to scheduled and non-urgent care. The cyber attack was discovered on Tuesday, April 11, 2023, it is investigating the incident with the help of cybersecurity experts. “On April 11, 2023, Cornwall Community Hospital (CCH) identified a network issue, which an investigation has…
RTM Locker: Emerging Cybercrime Group Targeting Businesses with Ransomware
Cybersecurity researchers have detailed the tactics of a “rising” cybercriminal gang called “Read The Manual” (RTM) Locker that functions as a private ransomware-as-a-service (RaaS) provider and carries out opportunistic attacks to generate illicit profit. “The ‘Read The Manual’ Locker gang uses affiliates to ransom victims, all of whom are forced to abide by the gang’s…
Votiro Raises $11.5 Million to Prevent File-Borne Threats
Consisting of new capital and a loan to equity conversion, the investment round was led by Harvest Lane Asset Management. Founded in 2010, Austin-based Votiro keeps organizations safe by disarming weaponized files delivered via email, collaborative platforms, web downloads, or file sharing services, as well as those that are uploaded to consumer-facing web portals. The…
