March 22, 2024 at 07:27AM The ThreatLocker® Zero Trust Endpoint Protection Platform enforces a strict deny-by-default, allow-by-exception security posture to protect organizations from various cyber threats, promoting compliance with multiple frameworks. The platform offers free guidance on implementing compliance best practices, covering 24 technical controls across different compliance frameworks. Download the free guide for more … Read more
March 21, 2024 at 11:33AM Rhysida ransomware group claimed responsibility for a cyberattack on MarineMax, a US luxury yacht dealer, disrupting its business operations. Despite MarineMax’s denial of maintaining sensitive data in the affected information environment, Rhysida posted stolen documents on its website and announced a seven-day auction. The group has a history of similar … Read more
March 20, 2024 at 07:30AM Multiple threat actors are exploiting security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan. The attacks entail the exploitation of CVE-2024-27198, enabling adversaries to gain administrative control over affected servers. Organizations using TeamCity are urged to update their software … Read more
March 19, 2024 at 06:18AM Hackers are targeting a recently patched Aiohttp vulnerability, potentially affecting thousands of servers globally. A Shodan search reveals over 70,000 instances, with notable exposure in the US, China, and Germany. Cyble’s scanner identified 43,000 exposed instances, with high percentages in the US and Europe. Exploitation attempts have been observed, including … Read more
March 19, 2024 at 01:27AM Moldovan national Sandu Boris Diaconu has been sentenced to 42 months in a US prison for operating the illicit E-Root Marketplace, offering hundreds of thousands of compromised credentials. The DoJ seized the infrastructure associated with E-Root and Perfect Money and said it’s recovering $2.3 million worth of cryptocurrency linked to … Read more
March 18, 2024 at 11:03PM UnitedHealth is in the process of restoring systems following a cyberattack by ransomware group ALPHV. The company has largely restored pharmacy claims and payment processing systems, and is now testing software for medical claims submission. The attack disrupted the healthcare system, prompting federal investigators to assess potential exposure of protected … Read more
March 16, 2024 at 04:48PM ShadowSyndicate, a ransomware actor, has targeted servers vulnerable to CVE-2024-23334 in the aiohttp Python library. The vulnerability allows remote attackers to access files on affected servers. Exploitation attempts were observed, originating from five IP addresses connected to ShadowSyndicate. Cyble’s data shows about 44,170 exposed aiohttp instances globally, making the extent … Read more
March 14, 2024 at 12:09PM MarineMax, a leading boat and yacht retailer, experienced a cybersecurity incident prompting business continuity measures and containment efforts. Despite some disruption, the company asserted that its operations have continued without material impact. The incident, possibly a ransomware attack, is under investigation amid compliance with SEC disclosure rules. Stakeholders are awaiting … Read more
March 14, 2024 at 10:51AM A 34-year-old Russian-Canadian, Mikhail Vasiliev, received a nearly four-year jail sentence in Canada for his involvement in the LockBit ransomware operation. He pleaded guilty to cyber extortion, mischief, and weapons charges. Vasiliev, described as a “cyber-terrorist,” sought ransom payments from Canadian companies and has been ordered to pay back over … Read more
March 13, 2024 at 12:51PM Russian-Canadian national Mikhail Vasiliev, 34, sentenced to nearly four years in prison in Canada for his role in LockBit ransomware operation. He targeted at least three organizations in Canada, seeking ransom payments. The US is also pursuing charges against him. LockBit, operating under ransomware-as-a-service model, was a prolific operation until … Read more