Month: May 2024
Yaroslav Vasinskyi, a Ukrainian national, was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution for his involvement in the REvil ransomware operation. According to the U.S. Department of Justice, Vasinskyi, also known by his alias “Rabotnik,” was involved in over 2,500 REvil (Sodinokibi) attacks demanding ransom payments surpassing…
Read More
‘We know how to bridge the gap between the promise of technology and transformational outcomes. And since deploying AI drives a need for technology investments across the full stack, with entry points across the entire stack, we are uniquely positioned to serve our customers,’ says CDW Chairperson and CEO Christine Leahy. Global IT solution provider…
Read More
Yaroslav Vasinskyi, 24, must also pay more than $16 million in restitution. Yaroslav Vasinskyi, a Ukrainian national accused in the July 2, 2021, ransomware attack against MSP tools vendor Kaseya, has been sentenced in the United States to 13 years and seven months in prison for his role in more than 2,500 ransomware attacks. Vasinskyi…
Read More
A former cybersecurity consultant was arrested for allegedly attempting to extort a publicly traded IT company by threatening to disclose confidential and proprietary data unless they paid him $1,500,000. A staffing company assigned Vincent Cannady, 57, to assess and remediate potential vulnerabilities in a New York-based multinational information technology infrastructure services provider. After the termination of…
Read More
“Only then the desired credentials are acquired, and multi-factor authentication (MFA) is bypassed, by serving a cloned website to capture the MFA token (which failed) and later by sending MFA push notifications to the victim (which succeeded),” Mandiant said. These campaigns were carried out in three subsequent steps, Mandiant added. It starts with the victim…
Read More
May 02, 2024NewsroomRansomware / Cyber Crime A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims. Yaroslav Vasinskyi (aka Rabotnik), 24, along with his co-conspirators part of the REvil ransomware group orchestrated more than…
Read MoreThe UK Bans Default Passwords The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. The Product Security and Telecommunications Infrastructure…
Read More
A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks. The vulnerability in question is CVE-2015-2051 (CVSS score: 9.8), which affects D-Link DIR-645 routers and allows remote attackers to execute arbitrary commands by means of specially…
Read More
May 02, 2024NewsroomCyber Attack / Data Breach Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product. The company, in a filing with the U.S. Securities and Exchange Commission…
Read More
Like antivirus software, vulnerability scans rely on a database of known weaknesses. That’s why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sample is detected by multiple virus scanning engines, but this concept hasn’t existed in the vulnerability management space. The benefits of using multiple scanning engines Generally…
Read More