Found 34 bookmarks
Custom sorting
How ransomware abuses BitLocker | Securelist
How ransomware abuses BitLocker | Securelist
The Kaspersky GERT has detected a VBS script that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom. #BitLocker #Data #Descriptions #Encryption #Incident #Malware #Microsoft #Ransomware #Technologies #Windows #response
#Descriptions#Incident#BitLocker#Microsoft#Windows#Encryption#Ransomware#Malware#response#Data#Technologies
·securelist.com·
How ransomware abuses BitLocker | Securelist
From OneNote to RansomNote: An Ice Cold Intrusion - The DFIR Report
From OneNote to RansomNote: An Ice Cold Intrusion - The DFIR Report
  • In late February 2023, threat actors rode a wave of initial access using Microsoft OneNote files. In this case, we observed a threat actor deliver IcedID using this method. After loading IcedID and establishing persistence, there was no further actions, other than beaconing for over 30 days. The threat actor used Cobalt Strike and AnyDesk to target a file server and a backup server. * The threat actor used FileZilla to exfiltrate data from the network before deploying Nokoyawa ransomware.
#thedfirreport#EN#2024#2023#incident#incident-analysis#IcedID#OneNote#FileZilla#Nokoyawa#ransomware
·thedfirreport.com·
From OneNote to RansomNote: An Ice Cold Intrusion - The DFIR Report
le team sa - Informations sur le cyberincident chez leteam sa
le team sa - Informations sur le cyberincident chez leteam sa
En décembre 2023, leteam sa a été victime d'une cyber-attaque. Un groupe de ransomware connu a pu accéder au réseau et crypter plusieurs disques. Grâce à une réaction rapide de l'équipe informatique et d'experts en sécurité externes, l'attaque a pu être rapidement contrée et les systèmes restaurés. L'analyse de l'incident a révélé une fuite de certaines données, mais celle-ci a été jugée à l'époque comme étant partiellement critique. Un monitoring a été mis en place pour surveiller une éventuelle publication de données.
#team.jobs#FR#incident#ransomware#BlackBasta#informations
·team.jobs·
le team sa - Informations sur le cyberincident chez leteam sa
Du nouveau dans la (l'in) sécurité de l'Internet ?
Du nouveau dans la (l'in) sécurité de l'Internet ?
Le 3 janvier 2024, une partie du trafic IP à destination de la filiale espagnole d'Orange n'a pas été transmis, en raison d'un problème BGP, le système dont dépend tout l'Internet. Une nouveauté, par rapport aux nombreux autres cas BGP du passé, est qu'il semble que le problème vienne du piratage d'un compte utilisé par Orange. Quelles leçons tirer de cette apparente nouveauté ?
#bortzmeyer#FR#2024#Orange#Espagne#BGP#analyse#incident
·bortzmeyer.org·
Du nouveau dans la (l'in) sécurité de l'Internet ?
Ubisoft says it's investigating reports of a new security breach
Ubisoft says it's investigating reports of a new security breach
Ubisoft is investigating whether it suffered a breach after images of the company's internal software and developer tools were leaked online. Ubisoft is a French video game publisher known for well-known titles, including Assassin's Creed, FarCry, Tom Clancy's Rainbow Six Siege, and the new Avatar: Frontiers of Pandora. Ubisoft told BleepingComputer that they are investigating an alleged data security incident after security research collective VX-Underground shared screenshots of what appears to be the company's internal services.
#bleepingcomputer#EN#2023#ubisoft#incident#Screenshots#vx-underground
·bleepingcomputer.com·
Ubisoft says it's investigating reports of a new security breach
2022 RTF Global Ransomware Incident Map: Attacks continue worldwide, groups splinter, education sector hit hard
2022 RTF Global Ransomware Incident Map: Attacks continue worldwide, groups splinter, education sector hit hard
According to ecrime.ch data, confirmed ransomware incidents occurred in 105 countries, originating from 58 ransomware groups.  This number is relatively consistent with last year’s data, in which we calculated that incidents impacted organizations in 109 countries and documented at least 60 distinct ransomware families.  Though the overall statistics remain relatively consistent from last year to this year, there is more to the story: new trends in the ecosystem include the shifting dynamics of ransomware groups, the rise of the education sector as a key target, and the trends in geographic distribution of attacks.
#securityandtechnology#EN#2023#2022#Global#Ransomware#Incident#Map#ecrime
·securityandtechnology.org·
2022 RTF Global Ransomware Incident Map: Attacks continue worldwide, groups splinter, education sector hit hard
Tracking Unauthorized Access to Okta's Support System
Tracking Unauthorized Access to Okta's Support System
Okta Security has identified adversarial activity that leveraged access to a stolen credential to access Okta's support case management system. The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases. It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted. In addition, the Auth0/CIC case management system is not impacted by this incident.
#okta#EN#2023#incident
·sec.okta.com·
Tracking Unauthorized Access to Okta's Support System
Okta incident and 1Password | 1Password
Okta incident and 1Password | 1Password
We detected suspicious activity on our Okta instance that we use to manage our employee-facing apps. We immediately terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing.
#1password#EN#2023#okta#incident
·blog.1password.com·
Okta incident and 1Password | 1Password
[Security Update] Incident Details
[Security Update] Incident Details
As a result, today we are publishing details of activity by a sophisticated nation-state sponsored threat actor that gained unauthorized access to our systems to target a small and specific set of our customers. Prior to sharing this information, we notified and worked with the impacted customers. We have also been working with our incident response (IR) partners and law enforcement on both our investigation and steps designed to make our systems and our customers’ operations even more secure. The attack vector used by the threat actor has been mitigated.
#jumpcloud#EN#2023#compromise#APT#Incident
·jumpcloud.com·
[Security Update] Incident Details
How we handled a recent phishing incident that targeted Dropbox
How we handled a recent phishing incident that targeted Dropbox
We were recently the target of a phishing campaign that successfully accessed some of the code we store in GitHub. No one’s content, passwords, or payment information was accessed, and the issue was quickly resolved. Our core apps and infrastructure were also unaffected, as access to this code is even more limited and strictly controlled. We believe the risk to customers is minimal. Because we take our commitment to security, privacy, and transparency seriously, we have notified those affected and are sharing more here.
#dropbox#EN#2022#incident#phishing#GitHub
·dropbox.tech·
How we handled a recent phishing incident that targeted Dropbox
How we handled a recent phishing incident that targeted Dropbox
How we handled a recent phishing incident that targeted Dropbox
We were recently the target of a phishing campaign that successfully accessed some of the code we store in GitHub. No one’s content, passwords, or payment information was accessed, and the issue was quickly resolved. Our core apps and infrastructure were also unaffected, as access to this code is even more limited and strictly controlled. We believe the risk to customers is minimal. Because we take our commitment to security, privacy, and transparency seriously, we have notified those affected and are sharing more here.
#dropbox#EN#2022#incident#phishing#GitHub
·dropbox.tech·
How we handled a recent phishing incident that targeted Dropbox