Windows TCO: Ransomware, PowerShell, and Data Breaches
-
The Register UK ☛ Insecure software makers are the real cyber villains – CISA
Even calling security holes "software vulnerabilities" is too lenient, she added. This phrase "really diffuses responsibility. We should call them 'product defects,'" Easterly said. And instead of automatically blaming victims for failing to patch their products quickly enough, "why don't we ask: Why does software require so many urgent patches? The truth is: We need to demand more of technology vendors."
-
Silicon Angle ☛ Ransomware attacks: Rising threats and increasing demands
Back in 2019, ransomware attacks were just ramping up, focusing on infecting single machines. However, by 2020 and 2021, ransomware became more aggressive, with attacks targeting entire organizations and leading to more widespread damage, according to Kimberly Goody (pictured), head of cyber crime analysis at Google LLC. By 2023, an alarming new trend emerged: although fewer organizations paid ransoms, the median ransom payment skyrocketed from $200,000 to $1.5 million, a shocking seven-fold increase.
-
The Register UK ☛ Valencia Ransomware crew 'hits' California city and more
The alleged victims are the city of Pleasanton, and the crims claim to have stolen 304GB of data from this California municipality; Bangladeshi drugs maker Globe Pharmaceuticals Limited (200MB data); Indian paper manufacturer Satia Industries (7.1GB); Malaysian pharma firm Duopharma Biotech Berhad (25.7GB); and Spanish fashion retailer Tendam, with an unspecified amount of data allegedly stolen.
-
Scoop News Group ☛ What more can be done to stop ransomware attacks?
“The rewards of ransomware are so great” for attackers, said Brett Callow, a managing director at FTI Consulting. “We really need a very powerful deterrent or we need very effective mechanisms to reduce the amount of money that’s flowing into the ransomware ecosystem. Until we do one of those two things, or a combination of both, we’re not really going to get to grips with this problem.”
-
Krebs On Security ☛ This Windows PowerShell Phish Has Scary Potential
PowerShell is a powerful, cross-platform [sic] automation tool built into Windows that is designed to make it simpler for administrators to automate tasks on a PC or across multiple computers on the same network.
According to an analysis at the malware scanning service Virustotal.com, the malicious file downloaded by the pasted text is called Lumma Stealer, and it’s designed to snarf any credentials stored on the victim’s PC.
-
Cyble Inc ☛ Stillwater Data Breach Exposes Info Of 7,258 Employees
The hacking group RansomHouse claimed responsibility for the cyberattack on StillWater in late July and allegedly leaked the stolen data in mid-August. The hackers claimed to have exfiltrated 1.2 TB of data from StillWater. RansomHouse emerged in March 2022 and is labelled as a multi-pronged extortion threat.