Security Leftovers

posted by Roy Schestowitz on Mar 08, 2023,
updated Mar 08, 2023

• Medusa claims responsibility for Minneapolis Public Schools’ “encryption event,” provides proof of how much data they accessed

  There’s another update to the “encryption event” first disclosed by Minneapolis Public Schools (MPS) in February.

  As of their most recent last update, MPS had stated that they had been able to restore systems and no ransom had been paid. At that time, DataBreaches had not found any gang claiming responsibility for the breach or leaking data but suggested that since the district had not paid ransom, it could likely be only a matter of time before the data did appear. Now it has.

  The Medusa ransomware gang has claimed responsibility for the attack on MPS. And not only have they claimed responsibility, they have already leaked a significant amount of proof of claims — proof that includes employee information and student information.

• 2023-03-06 Scanning s3 buckets, (Mon, Mar 6th)

• Israel publicly blames Iran for cyberattack on major university last month [Ed: Instead of blaming Microsoft for back doors and holes they try to blame a nation, which may or may not have exploited these]

  The Israel National Cyber Directorate announced Tuesday that a group affiliated with Iranian intelligence was behind an internet attack last month on the Technion, a top Israeli research and education institute.

  In a statement, the directorate said an investigation found the attack was carried out by a group known as MuddyWater, “which is affiliated with Iran’s Ministry of Intelligence and Security.”

• Acer Data Breach? Hacker Claims to Sell 160GB Trove of Stolen Data

  The hacker claims that it took them days to go through the list of what had been allegedly breached.

  Acer Inc., a major global technology company based in Taiwan, is facing a potential data breach from a hacker going by the alias “Kernelware.” The hacker is claiming responsibility for a major data breach at Acer Inc., a leading multinational company based in Taiwan that designs and sells hardware and electronics products.

  According to Kernelware, the alleged breach occurred in mid-February 2023 and resulted in the theft of a vast amount of sensitive information, totalling 160GB of 655 directories and 2869 files.

• Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing

  Wallarm Detect warns of ongoing exploitation of a critical vulnerability in VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V).

• Android’s March 2023 Updates Patch Over 50 Vulnerabilities

  Google has released patches for more than 50 vulnerabilities as part of the March 2023 security updates for the Android platform.

• Cyberattack Hits Major Hospital in Spanish City of Barcelona

  A ransomware attack on one of Barcelona’ s main hospitals has crippled the center’s computer system and forced the cancellation of non-urgent operations and patient checkups.

• Police Looking for Russian Suspects Following DoppelPaymer Ransomware Crackdown

  Several locations in Germany and Ukraine were raided recently as part of an international law enforcement operation targeting the DoppelPaymer ransomware.

• Police arrested two members of DoppelPaymer ransomware group

  German and Ukrainian police announced today that they have arrested two individuals believed to be members of the DoppelPaymer ransomware group following raids on multiple locations in February.

• 2023-03-07 Remote Code Execution as a Service