German multinational defense contractor Hensoldt confirmed to that some of its systems were infected by Lorenz ransomware.

Hensoldt, a multinational defense contractor, confirmed that some of its UK subsidiary’s systems were infected with Lorenz ransomware. This week a Hensholdt spokesperson confirmed the security breach to BleepingComputer explaining that a small number of mobile devices in its UK subsidiary has been affected.

The Lorenz ransomware gang gas been active since April and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransoms to the victims.

The defense multinational develops sensor solutions for defense, aerospace, and security applications, is listed on the Frankfurt Stock Exchange, its revenue was 1.2 billion euros in 2020.

The company has classified and sensitive contracts with the US government, its products include and equip tanks, helicopter platforms, submarines, Littoral Combat Ships among others.

The Lorenz ransomware gang has already added the company name of the compromised organizations on its Tor leak site.

At the time of this writing, the ransomware group claims to have already uploaded 95% of all stolen files to its leak site.

The gang labeled the archive file as “Paid,” this means that the Hensoldt one someone else has paid to avoid the files being leaked.

Ransomware cyberattack forces New Mexico jail to lock down

 A ransomware cyberattack has knocked the jail’s internet connection offline, rendering most of their data systems, security cameras, and automatic doors unusable. Prisoners were confined in their cells while MDC technicians struggled to get everything back up and running again.

This attack forced the facility to suspend all prison visits, including from family members and lawyers, which the facility claimed was for the safety of everyone involved.

No, the Metropolitan Detention Center was not targeted

According to a 7-page Emergency Notice, the entire Bernalillo County was attacked by unknown ransomware threat actors on the 5th of January, Wednesday, between midnight and 5:30AM local time.

A breach in the system could result in unforseen problems

This ransomware cyberattack has pushed Bernalillo County into potentially violating a settlement agreement [PDF] from a two-decade old lawsuit, which is why it filed an emergency notice to the federal court. This agreement requires county jails to improve conditions within the facility and address complaints like overcrowding

213K Florida Digestive Health patients informed of 2020 data compromise

The U.S. Department of Health and Human Services building is shown Aug. 16, 2006, in Washington. (Photo by Mark Wilson/Getty Images)

Florida Digestive health Specialists recently notified 212,509 patients that their data was potentially compromised one year ago, during the hack of multiple employee email accounts.

First discovered on Dec. 16 2020, an employee reported suspicious activity within their FDHS email account, stemming from a number of emails being sent that were not generated by the user. Five days later, FDHS company funds were rerouted to an unknown bank account, which prompted an investigation.

All impacted individuals will receive a year of free credit monitoring and identity restoration services. FDHS has since reset all user passwords, enabled multi-factor authentication for its IT systems, deployed additional security controls, bolstered password protocols, and reconfigured the firewall.

Data accessed in Fertility Centers of Illinois systems hack

Approximately 80,000 Fertility Centers of Illinois patients were recently notified that their data was accessed nearly one year ago, after a systems hack in February 2021. The FCI notice does not explain the delay in reporting the breach.

Huge patient data leak from Siriraj Hospital

Patients pass through thermal scanning as they enter Siriraj Hospital in Bangkok. Their records may be among the reported huge data theft from the hospital. (File photo: Chanat Katanyu)

Patients pass through thermal scanning as they enter Siriraj Hospital in Bangkok. Their records may be among the reported huge data theft from the hospital. (File photo: Chanat Katanyu)

About 39 million purported patient records from Siriraj Hospital have been offered for sale on an internet database-sharing forum in what appears to be the latest hack of the country’s public health sector.

Authorities are investigating the post, which was on raidforums.com.

The leak is said to include records of VIP patients.

“There was a large data leak concerning Siriraj’s patient records that has been offered for sale,” Dr Sutee Tuvirat, an information systems security professional, told the Bangkok Post.

The data is not only from Siriraj Hospital but also from nearby Siriraj Piyamaharajkarun Hospital, which has records of VIP patients, he said.

Most local hospitals still had no cybersecurity teams or chief information security officers who could monitor threats.

“Even some department stores which invested in cybersecurity have been hacked, but hospitals which keep a great deal of sensitive data still do not make investment in this area a priority,” Dr Sutee said.

New Ways to Hide Malware Inside SSD Firmware Discovered

One of the attacks targets an invalid data area using non-erased information and available between the Over-Provisioning (OP) area and usable SSD space, whose size is based on the two.

The First Attack

  • An attacker can make changes to the size of the OP area with the firmware manager to create exploitable invalid data space.
  • The issue is that most SSD manufacturers do not erase the invalid data area to save on resources and assume that breaking the link of the mapping table can stop unauthorized access.
  • Thus, an attacker can use this issue to obtain access to sensitive information. Moreover, the NAND flash memory can disclose data that has not been deleted for six months.

The second attack

In the  second attack, the OP area is used as a secret place to hide malware that can be wiped or monitored by a user.

  • It is supposed that two storage devices SSD1/SSD2 are attached to a channel. 
  • Both of the devices have a 50% OP area, and after an attacker hides a malware code in SSD2, they can quickly limit the OP area of SSD1 to 25% and increase SSD2’s OP area to 75%. 
  • At the same time, the malware code is stored inside a hidden area of SSD2 that can be activated at any time by resizing the OP area. Further, using 100% area makes it harder to detect.

What to do???

For protection against the first attack, SSD manufacturers should wipe their OP area using a pseudo-erase algorithm without affecting performance. For the second attack, the recommended countermeasure is to implement valid-invalid data rate monitoring systems to watch the ratio in SSDs in real-time. This can warn the user in case the invalid data ratio rises suddenly and provide an option to verifiably wipe data in the OP area.

Google fixes chrome site bug

A set of features meant to speed up web page loading in chrome contained a bug that allowed attackers to bypass the browser’s Site Isolation feature, a security researcher has discovered.

Chrome uses same origin policy to prevent websites from accessing each other’s data inside the browser, but sometimes, subtle security bugs such as Spectre open pathways to bypassing these policies.

Site isolation

Site Isolation is an additional line of defense that protects browsers against such threats. Introduced to Google chrome in 2018 and replicated in last month’s Firefox releases , Site Isolation means documents from different websites are rendered independently rather than in a shared process.

Service worker contracts bug

A service worker is javascript code that runs in the background, separate from the web page, and supports functions that don’t require user interaction such as push notifications and background sync.

GoDaddy’s Latest Breach Affects 1.2M Customers

Web-hosting giant GoDaddy has confirmed another data breach, this time affecting at least 1.2 million of its customers.

On Monday, the world’s largest domain registrar said in a public filing to the SEC that an “unauthorized third party” managed to infiltrate its systems on Sept. 6 – and that the person(s) had continued access for almost two and a half months before GoDaddy noticed the breach on Nov. 17.

“We identified suspicious activity in our Managed WordPress hosting environment and immediately began an investigation with the help of an IT forensics firm and contacted law enforcement,” Demetrius Comes, GoDaddy CISO, said in the website notice.

Specifically, the attackers compromised GoDaddy’s Managed WordPress hosting environment – a site-building service that allows companies and individuals to use the popular WordPress content management system (CMS) in a hosted environment, without having to manage and update it themselves.

52% of SMBs have experienced a cyberattack in the last year

The consequences of a breach have never been more severe, with global cybercrime collectively totaling $16.4 billion each day, a Devolutions survey reveals.

Many SMBs falling victim to a cyberattack

While the pandemic forced many SMBs to scale back their operations, cyberattacks actually increased throughout 2020 and 2021 for small and midsize businesses.

Survey report:-

  • 72% are more concerned about cybersecurity now than compared a year ago.
  • 52% have experienced a cyberattack in the last year – and 10% have experienced more than 10 cyberattacks.
  • 40% do not have a comprehensive and up-to-date cybersecurity incident response plan.
  • Only 13% have a fully deployed PAM solution in place.

It’s not all bad news, however

A few stats from the survey that reflect the cybersecurity progress being made by SMBs:

  • 92% have a process in place to revoke account access for ex-employees.
  • 74% are providing their workforce with cybersecurity training.
  • 71% are using a password manager to store passwords.

Canadian teen nabbed in $36.5M crypto heist – possibly the biggest haul yet by a single individual

A Canadian teenager has been arrested for allegedly stealing $37 million worth of cryptocurrency ($46M Canadian) via a SIM swap scam, making it the largest virtual cash heist affecting a single person yet, according to police.

Together with the FBI and the US Secret Service Electronic Crimes Task Force, Hamilton Police in the Canadian province of Ontario launched a joint probe to investigate the breach of a US resident’s mobile phone account.

The victim was reportedly targeted with a SIM swap attack – their phone number was hijacked and ported to a different phone belonging to the attacker. The miscreant was then able to enter personal accounts via two-factor authentication requests and obtain details of the victim’s cryptocurrency wallet. From there, millions of dollars were siphoned off, it’s claimed.

Arcaro is due to be sentenced on 7 January and faces up to 20 years in prison, while Kumbhani’s current whereabouts are believed to still be unknown. The FBI and IRS Criminal Investigation are continuing to investigate the alleged crime.

20% of Defense Contractors at Risk for Ransomware Attack

A report featuring some of the United States’ top defense contractors suggests that about 20% of them are “highly susceptible” to a ransomware attack, with 42% having experienced a data breach in 2020 alone.

This data comes from Black Kite, a cybersecurity research firm. Report authors looked defense contractors working in financial services, health care, manufacturing, critical infrastructure and business services, and evaluated each company on their cybersecurity protocols and procedures to determine an industrywide index grade across defense contractors. 

The average score implies a safe level of risk management––and 54% of defense contractors are considered relatively safe from ransomware attacks. However, 43% of contractors were found to have old or dated cybersecurity systems, yielding a higher risk of cyberattacks.

Cybercriminals are targeting critical infrastructure more than ever, with each attack having a stronger impact on our national security. The trends we’re seeing in our RSI findings are alarming,” Black Kite’s Chief Security Officer Bob Maley said in a press release. “When organizations maintain a continuous view of their cyber risk posture, they are armed with detailed information to protect their most critical assets and controls.”

The report also highlighted that certain industries, namely within the manufacturing sector, were particularly likely to be targeted by hackers. 

Design a site like this with WordPress.com
Get started