The NoEscape ransomware gang claims to have hit two more medical entities. They provide no proof of claims, however, and there is no notice on either entity's site about any incident. BUT:
One of them is Southeastern Orthopaedic Specialists in NC. NoEscape claims it locked them on October 25 and the victim hasn't responded to them at all. As we've seen with NoEscape before, they appear to now be hitting the victim with a DDoS attack and attempts to connect to the entity's site right now are failing/timing out. NoEscape claims to have 400,000 files / 3 GB of data. DataBreaches has written to the entity, but that was just a few minutes ago and unsurprisingly, no reply as yet.
The other entity hit is Caresprings in Ohio and Kentucky. No DDoS on this one. NoEscape claims to have locked them on Nov. 10 and to have exfil'd 364 GB of files. There is no notice on Carespring's site at this time.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #45/2023 is out! It includes the following and much more:
➝ 🔓 ✈️ #Boeing breach: LockBit leaks 50 GB of data
➝ 🇨🇳 World’s largest commercial bank #ICBC confirms #ransomware attack
➝ 🔓 ☁️ Sumo Logic alerts customers about #securityincident; advises rotate Sumo Logic API access keys
➝ 🔓 🇮🇪 Electric Ireland admits data breach that could see customer financial data compromised
➝ 🔓 🇨🇦 #TransForm says ransomware data breach affects 267,000 patients
➝ 🔓 🇸🇬 #Singapore Marina Bay Sands reward members data breached, over 650k people exposed
➝ 🇮🇱 🇵🇸 🇮🇷 Cyber ops linked to #Israel-#Hamas conflict largely improvised, researchers say
➝ 🧨 🤖 #OpenAI confirms #DDoS attacks behind ongoing #ChatGPT outages
➝ 🛍️ 💸 Fake Ledger Live app in #Microsoft Store steals $768,000 in #crypto
➝ 🔓 🐰 ‘Looney Tunables’ #Glibc Vulnerability Exploited in #Cloud Attacks
➝ 🇺🇸 🇷🇺 US Sanctions Russian National for Helping Ransomware Groups Launder Money
➝ 🇮🇷 🇮🇱 Iranian Hackers Launch Destructive Cyber Attacks on Israeli #Tech and #Education Sectors
➝ 🇫🇷 🇬🇧 #France, #UK Seek Greater Regulation of Commercial #Spyware
➝ 🇪🇺 🤐 #Europe is trading security for digital #sovereignty
➝ 🇷🇺 🇺🇦 Russian Hackers Used #OT Attack to Disrupt Power in #Ukraine Amid Mass Missile Strikes
➝ 🦠 🚪 Highly invasive #backdoor snuck into #opensource packages targets developers
➝ 🦠 🇰🇵 N. Korea's #BlueNoroff Blamed for Hacking #macOS Machines with ObjCShellz #Malware
➝ 🫣 #Signal tests usernames that keep your phone number private
➝ 🔐 Microsoft Authenticator now blocks suspicious #MFA alerts by default
➝ ☁️ 💰 Researchers Uncover Undetectable #CryptoMining Technique on #Azure Automation
➝ 👥 💰 Data Brokers Expose Sensitive US Military Member Info to Foreign Threat Actors: Study
➝ 🩹 Microsoft Says Exchange ‘Zero Days’ Disclosed by #ZDI Already Patched or Not Urgent
➝ 🐛 Veeam warns of critical bugs in #Veeam ONE monitoring platform
📚 This week's recommended reading is: "How the F*ck Did This Happen?: A guide for executives who need to understand Cyber Security in plain, actionable language" by Dr Darryl Carlton
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
"Aktor przeprowadza tymczasowy atak, robi zrzuty ekranu «dowodzące» wystąpienia awarii, która często trwa przez krótki czas i dotyka niewielkiej liczby użytkowników, a następnie twierdzi, że jest to ogromny sukces" - tak Alexander Leslie z firmy Recorded Future podsumował ostatnie działania grupy Anonymous Sudan wymierzone w OpenAI. Od dłuższego czasu przyglądam się różnym grupom prorosyjskich haktywistów (o Killnecie będę zresztą opowiadać na Oh My H@ck) i całkowicie się zgadzam z powyższym spostrzeżeniem - większość tego typu grup bardziej niż na atakach skupia się na budowaniu własnej marki 🤡
> Just as GitHub was founded on Git, today we are re-founded on Copilot. 🤖 See how GitHub’s AI-powered platform vision evolved into a new reality for the world’s developers, and find out everything we announced at this year’s #GitHubUniverse. https://nitter.net/github/status/1722309261680607674?s=20
For years I've been saying that using Microsoft GitHub to host #FLOSS code is dangerous and would backfire. :blobcatcoffee:
Shure I could spin up a #GitLab but then try to find some Hoster that is willing to deal with #KiwiFarms apologists #DDoS'ing it offline or harrassing staff of said hoster.
I know #Microsoft - like #AllGafamsAreEvil and they are a #PRISM collaborator, but I've yet to see a better option that doesn't cost me €€€€€, cuz my projects have literally ZERO funding.
Cloudflare. A #cybersecurity service that "protects" you from bad actors, #hackers, #DDoS and other online threats.
What seemingly no one talks about is that 80% of #CDN market is owned by Cloudflare. They move more traffic than #FAANG companies combined!
They hold such obscene amount of power and control over the #internet, its hard to describe.
They are the gatekeepers, they are enforcers of whom to block, and what to allow to exist.
Google holds no power when compared to Cloudflare.
Unit 42 reported on a new campaign from the XorDDoS Trojan. While the attacking domains remain unchanged, the attackers have migrated their offensive infrastructure to hosts running on legitimate public hosting services. Unit 42 provides an analysis of XorDDoS Trojan's attacking behaviors, the botnet's network infrastructure, and advanced signatures derived from the key attacking hotspots, including hostnames, URLs and IP addresses. Link:https://unit42.paloaltonetworks.com/new-linux-xorddos-trojan-campaign-delivers-malware/
Listing for Mulkay Cardiology Consultants reappears on NoEscape leak site, this time with some proof of claims. Still no disclosure or anything from Mulkay that I can find.
How bad was it? According to Google, in two minutes, the Google Cloud was slammed by more requests per second than Wikipedia saw in all of September 2023.
Barry Greene is spearheading an effort to bring attention to a #BGP-based (TCP port 179) #DDoS attack seen in the wild. There are over 300,000 BGP listeners publicly reachable on the internet. While some are surely random one-armed routers or of little consequence many serious routers/networks are included in this count and potentially at risk.
#Razzia in Privat- und Geschäftsräumen. Vorwurf: Radio Dreyeckland habe einen Indymedia Artikel verlinkt.
What?
"In Freiburg werden seit dem Morgen des heutigen 17.01.2023 mehrere Durchsuchungsbeschlüsse vollstreckt. Neben Privatwohnungen sind hiervon auch die Geschäftsräumlichkeiten des Rundfunksenders "Radio Dreyeckland" betroffen.
Den Beschuldigten liegt zur Last, auf der Homepage des genannten Rundfunksenders einen Artikel veröffentlicht zu haben, der eine Verlinkung eines Archivs der verbotenen Vereinigung "linksunten.indymedia" enthält."
Angriffe auf de.inymedia.org - mal wieder...
"Wie sicherlich einige mitbekommen haben, war die Seite in den letzten Wochen quasi nicht mehr erreichbar. Der Grund war ein #DDOS (Distributed Denial of Service) Angriff über diese Zeit.
(...)
Dabei wurden sowohl Zehntausende von gleichzeitigen Anfragen an die Server gesendet und also auch die Antworten gar nicht mehr abgewartet. Dadurch werden die Server beschäftigt, d.h. hohe Last erzeugt, während die Angreifenden nur die kurzen Anfragen stellen mussten. Normale Anfragen kommen dann nicht mehr durch.
(...)
Wir sind wütend und geben nicht auf: Wir haben aus dem ganzen gelernt und werden Änderungen vorantreiben - lasst Euch überraschen!" https://emrawi.org/?Angriffe-auf-de-inymedia-org-mal-wieder-2847 #Indymedia#Antireport