We’re on a journey to advance and democratize artificial intelligence through open source and open science.

The Kaspersky GERT has detected a VBS script that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom.
#BitLocker #Data #Descriptions #Encryption #Incident #Malware #Microsoft #Ransomware #Technologies #Windows #response

The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations.
#Cybersecurity #Incident #Internal #LockBit #Ransomware #Security #Statistics #Threats #response #services

• In late February 2023, threat actors rode a wave of initial access using Microsoft OneNote files. In this case, we observed a threat actor deliver IcedID using this method.
• After loading IcedID and establishing persistence, there was no further actions, other than beaconing for over 30 days.
• The threat actor used Cobalt Strike and AnyDesk to target a file server and a backup server.
• The threat actor used FileZilla to exfiltrate data from the network before deploying Nokoyawa ransomware.

The International Monetary Fund (IMF) recently experienced a cyber incident, which was detected on February 16, 2024.

Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

Learn more about ACEMAGIC Mini PC's swift resolution to the virus incident, along with robust future security measures. Your safety is our top priority.

En décembre 2023, leteam sa a été victime d'une cyber-attaque. Un groupe de ransomware connu a pu accéder au réseau et crypter plusieurs disques. Grâce à une réaction rapide de l'équipe informatique et d'experts en sécurité externes, l'attaque a pu être rapidement contrée et les systèmes restaurés. L'analyse de l'incident a révélé une fuite de certaines données, mais celle-ci a été jugée à l'époque comme étant partiellement critique. Un monitoring a été mis en place pour surveiller une éventuelle publication de données.

On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and no Cloudflare customer data or systems were impacted by this event.

Resecurity identified bad actors offering a significant number of AnyDesk customer credentials for sale on the Dark Web.

Le 3 janvier 2024, une partie du trafic IP à destination de la filiale espagnole d'Orange n'a pas été transmis, en raison d'un problème BGP, le système dont dépend tout l'Internet. Une nouveauté, par rapport aux nombreux autres cas BGP du passé, est qu'il semble que le problème vienne du piratage d'un compte utilisé par Orange. Quelles leçons tirer de cette apparente nouveauté ?

Ubisoft is investigating whether it suffered a breach after images of the company's internal software and developer tools were leaked online.

Ubisoft is a French video game publisher known for well-known titles, including Assassin's Creed, FarCry, Tom Clancy's Rainbow Six Siege, and the new Avatar: Frontiers of Pandora.

Ubisoft told BleepingComputer that they are investigating an alleged data security incident after security research collective VX-Underground shared screenshots of what appears to be the company's internal services.

Message to current and former public service employees and members of the Canadian Armed Forces and Royal Canadian Mounted Police

According to ecrime.ch data, confirmed ransomware incidents occurred in 105 countries, originating from 58 ransomware groups.  This number is relatively consistent with last year’s data, in which we calculated that incidents impacted organizations in 109 countries and documented at least 60 distinct ransomware families.  Though the overall statistics remain relatively consistent from last year to this year, there is more to the story: new trends in the ecosystem include the shifting dynamics of ransomware groups, the rise of the education sector as a key target, and the trends in geographic distribution of attacks.

Okta Security has identified adversarial activity that leveraged access to a stolen credential to access Okta's support case management system.

The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases. It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted. In addition, the Auth0/CIC case management system is not impacted by this incident.

We detected suspicious activity on our Okta instance that we use to manage our employee-facing apps. We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing.

Due to a recent Google change, MFA isn't truly MFA.

As a result, today we are publishing details of activity by a sophisticated nation-state sponsored threat actor that gained unauthorized access to our systems to target a small and specific set of our customers. Prior to sharing this information, we notified and worked with the impacted customers. We have also been working with our incident response (IR) partners and law enforcement on both our investigation and steps designed to make our systems and our customers’ operations even more secure. The attack vector used by the threat actor has been mitigated.

Learn more about a failed extortion scheme against Dragos in May 2023. No Dragos systems were breached, including anything related to the Dragos Platform.

Charlotte, NC – February 22, 2023– Dole plc (DOLE:NYSE) announced today that the company recently experienced a cybersecurity incident that has been identified as ransomware.