Windows TCO (Security Issues)
-
Krebs On Security ☛ Alleged Extortioner of Psychotherapy Patients Faces Trial
Prosecutors in Finland this week commenced their criminal trial against Julius Kivimäki, a 26-year-old Finnish man charged with extorting a once popular and now-bankrupt online psychotherapy practice and thousands of its patients. In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calling in bomb threats.
-
The Register UK ☛ BlackCat plays with malvertising traps to lure corporate victims
Rather than downloading the legitimate software, victims are instead infected with Nitrogen malware – an initial access payload that can be used to launch second-stage attacks, akin to the the deployment of ransomware.
-
[Old] Botnet Cleaning and Malware Analysis Centre, India ☛ Nitrogen Malware
Once the user unknowingly downloads the malicious ISO installer named "install.exe" from deceitful websites, these installers contain a dangerous DLL file named "msi.dll" that is secretly added to the system. This file then acts as the installer for the Nitrogen primary access malware.
-
Security Week ☛ Bad Bots Account for 73% of Internet Traffic: Analysis
Bots are automated processes acting out over the internet. Some perform useful purposes, such as indexing the internet; but the majority are Bad Bots designed for malicious ends. Bad Bots are increasing dramatically — Arkose estimates that 73% of all internet traffic currently (Q3, 2023) comprises Bad Bots and related fraud farm traffic.
-
Security Week ☛ Ransomware Group Files SEC Complaint Over Victim’s Failure to Disclose Data Breach
The ransomware group known as Alphv and BlackCat claims to have breached the systems of MeridianLink, a California-based company that provides digital lending solutions for financial institutions and data verification solutions for consumers.
The cybercriminals claim to have stolen a significant amount of customer data and operational information belonging to MeridianLink, and they are threatening to leak it unless a ransom is paid.
-
[Repeat] Data Breaches ☛ We seldom see breach reports from Nebraska, so here are two.
Neither of these incidents has appeared on HHS’s public breach tool — at least, not yet. If they do, that will bring Nebraska to nine reports so far for this year.
-
Data Breaches ☛ Rackspace racks up $12M bill in ransomware raid recovery
How much does incident response cost following a ransomware attack? Would you believe $12 million and counting?
-
[Repeat] The Register UK ☛ How much to clean up a ransomware infection? For Rackspace, about $11M
Four days later, the corporation determined that a ransomware infection was responsible for the email meltdown, which lasted into January. Rackspace ultimately blamed the Play crew for the intrusion, and said the miscreants broke in after exploiting CVE-2022-41080, a critical Exchange privilege escalation bug, before Microsoft could issue a fix.
[...]
In a quarterly report at the end of last year, Rackspace told the securities regulator it had spent $5.9 million in ransomware-related costs. That means the total spent to date is $10.9 million, offset naturally by those insurance proceeds.