The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev and charged him with using Lockbit to attack more than 2,000 victims and extort at least $100 million in ransomware payments. Khoroshev, a resident of Voronezh, Russia, was charged in a 26-count indictment by a grand jury in New Jersey. READ MORE...
The names and bank details of thousands of serving British soldiers, sailors and air force members have been exposed in a data breach by a "malign actor" who may have had state help, defense officials said Tuesday. The Ministry of Defense said the breach occurred at a third-party payroll system holding bank details of as many as 272,000 serving armed forces personnel and recent veterans. In a few cases, addresses may also have been exposed. READ MORE...
University System of Georgia is notifying 800,000 individuals that their personal and financial information was compromised in the May 2023 MOVEit hack. The data breach occurred after the Russia-linked Cl0p ransomware group exploited a vulnerability in Progress Software's MOVEit Transfer managed file transfer (MFT) software and stole data from organizations using it. To date, more than 2,000 organizations have disclosed impact from the MOVEit hack, including roughly 900 US schools. READ MORE...
China-linked attackers are exploiting zero-day vulnerabilities and using the defensive gaps in network security devices to gain persistent access to U.S. critical infrastructure organizations and enterprises, experts said Monday at the RSA Conference. Espionage groups linked to China are identifying, researching and exploiting the most zero-day vulnerabilities out there, and they're focusing on devices that typically don't support endpoint detection and response. READ MORE...
Mobile medical care firm DocGo confirmed it suffered a cyberattack after threat actors breached its systems and stole patient health data. DocGo is a healthcare provider that offers mobile health services, ambulance services, and remote monitoring for patients in thirty US states and across the United Kingdom. In a Tuesday evening FORM 8-K filing filed with the SEC, DocGo warned that they recently suffered a cyberattack and are working with third-party cybersecurity experts. READ MORE...
Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch. Veeam Service Provider Console is a cloud platform used by managed services providers (MSPs) and enterprises to manage and monitor data backup operations. "Service providers can deploy Veeam Service Provider Console to deliver Veeam-powered Backup-as-a-Service and Disaster Recovery-as-a-Service services to their customers. READ MORE...
As ransomware gangs step up their attacks against healthcare, schools, and other US critical infrastructure, CISA is ramping up a program to help these organizations fix flaws exploited by extortionists in the first place. The US government's cybersecurity nerve center launched its Ransomware Vulnerability Warning Pilot scheme in January 2023, and during its first year the system sent out 1,754 notifications to entities operating internet-accessible vulnerable devices. READ MORE...
Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw. Tinyproxy is an open-source HTTP and HTTPS proxy server designed to be fast, small, and lightweight. It is specifically tailored for UNIX-like operating systems and is commonly used by small businesses, public WiFi providers, and home users. READ MORE...