On July 18, CrowdStrike, an independent cybersecurity company, released a software update that began impacting IT systems globally. Although this was not a Microsoft incident, given it impacts our ecosystem, we want to provide an update on the steps we’ve taken with CrowdStrike and others to remediate and support our customers.

I want to sincerely apologize directly to all of you for today’s outage. All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority.

The outage was caused by a defect found in a Falcon content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a cyberattack.

Businesses worldwide are experiencing outages, including Windows "blue screen of death" errors on their computers, in what has already become one of the

Delaying security updates and neglecting regular reviews created vulnerabilities that were exploited by attackers, resulting in severe ransomware consequences.

• Initial access via FortiGate Firewall SSL VPN using a dormant account
• Deployed persistent backdoor (“svchost.exe”) on the failover server, and conducted lateral movement via RDP.
• Exploitation attempts of CVE-2023-27532 was followed by activation of xp_cmdshell and rogue user account creation.
• Threat actors made use of NetScan, AdFind, and various tools provided by NirSoft to conduct network discovery, enumeration, and credential harvesting.
• Windows Defender was permanently disabled using DC.exe, followed by ransomware deployment and execution with PsExec.exe.

On 2024-06-23, 00:19 AM UTC, a phishing email was sent out to 35,794 email addresses by updates@blog.ethereum.org with the following content

TeamViewer says that a recently discovered breach appears to be limited to its internal corporate IT network. The software company has attributed it to a hacking operation associated with Russian intelligence.

See the results of our investigation into the phishing campaign encountered by our company and get information to defend against it. 

Here are some key findings:

• We found around 72 phishing domains pretending to be real or fake companies. These domains created believable websites that tricked people into sharing their login details.
• The attack was sophisticated, using advanced techniques like direct human interaction to deceive targets.
• We analyzed several fake websites and reverse-engineered their web-facing application.
• At the end of the post, you will find a list of IOCs that can be used for improving your organization’s security.

The company “identified a security incident that involved bad actors targeting a limited number of HubSpot customers and attempting to gain unauthorized access to their accounts” on June 22.

Personal information, including partial payment details, may have been obtained by bad actors during an automated credential-stuffing attack on Levi’s online store.

The maker of the famous Levi’s denim jeans reported that over 72,000 accounts were affected during a “security incident” that was detected on July 13th.

Key Takeaways In October 2023, we observed an intrusion that began with a spam campaign, distributing a forked IcedID loader. The threat actor used Impacket’s wmiexec and RDP to install Scree…

We’re on a journey to advance and democratize artificial intelligence through open source and open science.

The Kaspersky GERT has detected a VBS script that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom.
#BitLocker #Data #Descriptions #Encryption #Incident #Malware #Microsoft #Ransomware #Technologies #Windows #response

The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations.
#Cybersecurity #Incident #Internal #LockBit #Ransomware #Security #Statistics #Threats #response #services

• In late February 2023, threat actors rode a wave of initial access using Microsoft OneNote files. In this case, we observed a threat actor deliver IcedID using this method.
• After loading IcedID and establishing persistence, there was no further actions, other than beaconing for over 30 days.
• The threat actor used Cobalt Strike and AnyDesk to target a file server and a backup server.
• The threat actor used FileZilla to exfiltrate data from the network before deploying Nokoyawa ransomware.

The International Monetary Fund (IMF) recently experienced a cyber incident, which was detected on February 16, 2024.

Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

Learn more about ACEMAGIC Mini PC's swift resolution to the virus incident, along with robust future security measures. Your safety is our top priority.

En décembre 2023, leteam sa a été victime d'une cyber-attaque. Un groupe de ransomware connu a pu accéder au réseau et crypter plusieurs disques. Grâce à une réaction rapide de l'équipe informatique et d'experts en sécurité externes, l'attaque a pu être rapidement contrée et les systèmes restaurés. L'analyse de l'incident a révélé une fuite de certaines données, mais celle-ci a été jugée à l'époque comme étant partiellement critique. Un monitoring a été mis en place pour surveiller une éventuelle publication de données.

On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and no Cloudflare customer data or systems were impacted by this event.

Resecurity identified bad actors offering a significant number of AnyDesk customer credentials for sale on the Dark Web.