CISA released three Industrial Control Systems (ICS) advisories on May 02, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link lol
Read More
The company says there’s ‘no evidence that the threat actor accessed the contents of users’ accounts’ in the breach of its Dropbox Sign service. Dropbox disclosed that its eSignature service, Dropbox Sign, was compromised and authentication data such as hashed passwords, API keys and OAuth tokens for some users were accessed. Certain customer information and…
Read More
May 02, 2024NewsroomVulnerability / Android Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app’s home directory. “The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an…
Read More
Microsoft has confirmed that it won’t provide an automated fix for a known issue causing 0x80070643 errors when installing recent Windows Recovery Environment (WinRE) updates. The problematic updates were issued during the January 2024 Patch Tuesday to fix CVE-2024-20666, a BitLocker encryption bypass vulnerability that allows attackers to access encrypted data. The issue impacts Windows…
Read More
Yaroslav Vasinskyi, a Ukrainian national, was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution for his involvement in the REvil ransomware operation. According to the U.S. Department of Justice, Vasinskyi, also known by his alias “Rabotnik,” was involved in over 2,500 REvil (Sodinokibi) attacks demanding ransom payments surpassing…
Read More
‘We know how to bridge the gap between the promise of technology and transformational outcomes. And since deploying AI drives a need for technology investments across the full stack, with entry points across the entire stack, we are uniquely positioned to serve our customers,’ says CDW Chairperson and CEO Christine Leahy. Global IT solution provider…
Read More
Yaroslav Vasinskyi, 24, must also pay more than $16 million in restitution. Yaroslav Vasinskyi, a Ukrainian national accused in the July 2, 2021, ransomware attack against MSP tools vendor Kaseya, has been sentenced in the United States to 13 years and seven months in prison for his role in more than 2,500 ransomware attacks. Vasinskyi…
Read More
A former cybersecurity consultant was arrested for allegedly attempting to extort a publicly traded IT company by threatening to disclose confidential and proprietary data unless they paid him $1,500,000. A staffing company assigned Vincent Cannady, 57, to assess and remediate potential vulnerabilities in a New York-based multinational information technology infrastructure services provider. After the termination of…
Read More
“Only then the desired credentials are acquired, and multi-factor authentication (MFA) is bypassed, by serving a cloned website to capture the MFA token (which failed) and later by sending MFA push notifications to the victim (which succeeded),” Mandiant said. These campaigns were carried out in three subsequent steps, Mandiant added. It starts with the victim…
Read More
May 02, 2024NewsroomRansomware / Cyber Crime A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims. Yaroslav Vasinskyi (aka Rabotnik), 24, along with his co-conspirators part of the REvil ransomware group orchestrated more than…
Read More