Security News > 2023 > February

The Clop ransomware gang claims to be behind recent attacks that exploited a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, saying they stole data from over 130 organizations. Huntress Threat Intelligence Manager Joe Slowik linked the GoAnywhere MFT attacks to TA505, a threat group known for deploying Clop ransomware in the past, while investigating an attack where the TrueBot malware downloader was deployed.

The Clop ransomware gang claims to be behind recent attacks that exploited a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, saying they stole data from over 130 organizations. The gang refused to share additional details regarding their claims when BleepingComputer asked them when the attacks began, if they'd already started extorting their victims, and what ransoms they were asking for.

Tuesday was the official publication date of A Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend them Back. It broke into the 2000s on the Amazon best-seller list.

Popular social media site Reddit - "Orange Usenet with ads", as we've somewhat ungraciously heard it described - is the latest well-known web property to suffer a data breach in which its own source code was stolen. Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack.

The How to Hack from Beginner to Ethical Hacking Certification helps you pick up that essential knowhow and earn the certificates to prove it. For any business owner, these statistics are pretty terrifying.

Cisco's 2023 Data Privacy Benchmark Study found that companies that invest in closing the gap are benefitting: The study found that the estimated dollar value of benefits from privacy rose more than 13% in 2022 to $3.4 million from $3.0 million the year before, with significant gains across the various organization sizes. A Cisco blog about its 2023 Data Privacy Benchmark Survey said its estimated $3.4 million value of benefits from privacy initiatives constituted 1.8 times spending on privacy, with 36% of organizations getting returns at least twice their spending.

Microsoft announced that it will retire Microsoft Support Diagnostic Tool troubleshooters in future versions of Windows, with MSDT ultimately being removed in 2025. Also known as legacy inbox troubleshooters, these Windows built-in tools are used to diagnose and fix issues affecting some Windows features automatically.

Multiple medical groups in the Heritage Provider Network in California have suffered a ransomware attack, exposing sensitive patient information to cybercriminals. The entities collectively issued a notice of data breach at the start of the month and shared a sample letter with the California Attorney General's office earlier this week.

Four different rogue packages in the Python Package Index have been found to carry out a number of malicious actions, including dropping malware, deleting the netstat utility, and manipulating the SSH authorized keys file. "Most of these packages had well thought out names, to purposely confuse people," Security researcher and journalist Ax Sharma said.

Microsoft says apps using DirectX are crashing on Windows systems after installing cumulative updates released in November 2022 because of an Intel graphics driver bug. Until an update addressing this issue is released, Microsoft says that affected customers can temporarily work around it by updating their Intel GPU driver to a newer version.