Snowflake breach snowballs as more victims, perps, come forward

June 23, 2024 at 10:21PM Snowflake breach continues to expand with victims, including Ticketek and Advance Auto Parts. Hacker claims to have accessed Snowflake by compromising third parties. CDK faces ransomware attack and potential payment. Critical vulnerabilities found in Juniper Secure Analytics, CAREL Boss-Mini, Westermo L210-F2G, and RAD Data Communications SecFlow-2. Alleged Apple tools leaked. … Read more

UNC3886 hackers use Linux rootkits to hide on VMware ESXi VMs

June 20, 2024 at 01:49PM Threat actor UNC3886, suspected to be Chinese, uses open-source rootkits like ‘Reptile’ and ‘Medusa’ on VMware ESXi virtual machines to conduct credential theft, command execution, and lateral movement. Mandiant tracked UNC3886’s attacks on government organizations and revealed their recent use of rootkits, custom malware tools, and attacks targeting various industries … Read more

BlackBerry Cylance Data Offered for Sale on Dark Web

June 11, 2024 at 09:03AM BlackBerry is investigating a potential data breach involving Cylance data being sold on the dark web. The company states that the data appears to be old and not from their own systems. No current Cylance customers seem to be affected, and the data was accessed from a third-party platform unrelated … Read more

Snowflake Breach Exposes 165 Customers’ Data in Ongoing Extortion Campaign

June 11, 2024 at 03:21AM As many as 165 Snowflake customers had their data potentially exposed in a campaign targeting data theft and extortion, identified as UNC5537 by Mandiant. The group is believed to operate under various aliases, targeting organizations worldwide and collaborating with a party based in Turkey. Snowflake is taking measures to enhance … Read more

Snowflake Cloud Accounts Felled by Rampant Credential Issues

June 10, 2024 at 05:48PM Mandiant’s investigation confirmed that recent account compromises at Snowflake were due to customers’ failure to implement multifactor authentication (MFA) and access control. Attackers systematically accessed accounts using stolen credentials obtained elsewhere. Compromised accounts’ data was extorted or sold on cybercrime forums. MFA implementation and stronger authentication methods are recommended to … Read more

Advance Auto Parts stolen data for sale after Snowflake attack

June 5, 2024 at 05:57PM Threat actors are claiming to sell 3TB of data stolen from Advance Auto Parts. The stolen data includes 380 million customer profiles, 140 million customer orders, and other sensitive information. The breach is linked to compromised Snowflake accounts, affecting multiple customers. However, Snowflake claims it was not due to any … Read more

Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide

June 5, 2024 at 07:01AM RansomHub, a new ransomware strain, has been identified as a rebranded version of Knight ransomware. It employs double extortion tactics and targets various platforms, using phishing campaigns for distribution. The group behind it has been linked to recent attacks and is recruiting affiliates. Ransomware activity has been on the rise, … Read more

Fed-run LockBit site back from the dead and vows to really spill the beans on gang

May 6, 2024 at 07:52PM LockBit’s website, shut down in February by law enforcement, has been relaunched, teasing the release of unmasking documents. The site was initially seized in Operation Cronos, and has now resurfaced with countdowns to unveil disclosures. Law enforcement’s previous articles on the site were uneventful, but upcoming reveals may provide substantial … Read more

Mandiant: Orgs are detecting cybercriminals faster than ever

April 23, 2024 at 09:16AM Global organizations are detecting cyberattacks more quickly, with average detection time reaching an all-time low of ten days, down from 16 days last year. However, there are still regional variations and a significant reliance on external sources to detect intrusions. Mandiant emphasizes the need for continued vigilance and improved threat … Read more

Russian Sandworm hackers targeted 20 critical orgs in Ukraine

April 22, 2024 at 08:34AM The Russian hacker group Sandworm, also known as BlackEnergy, Seashell Blizzard, Voodoo Bear, and APT44, carried out disruptive cyberattacks on critical infrastructure in Ukraine. The attacks targeted energy, water, and heating suppliers, exploiting weaknesses in cybersecurity practices. CERT-UA conducted counter-cyberattack operations from March 7 to March 15, 2024, and identified … Read more