Security News
The UK's Greater Manchester Police has admitted that crooks have got their mitts on some of its data after a third-party supplier responsible for ID badges was attacked. Assistant Chief Constable Colin McFarlane of Greater Manchester Police said: "We are aware of a ransomware attack affecting a third-party supplier of various UK organizations, including GMP, which holds some information on those employed by GMP.".
Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal. The tech giant, which is tracking the activity under the name Peach Sandstorm, said the adversary pursued organizations in the satellite, defense, and pharmaceutical sectors to likely facilitate intelligence collection in support of Iranian state interests.
An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems. In a statement today, the BlackCat ransomware group claims that they had infiltrated MGM's infrastructure since Friday and encrypted more than 100 ESXi hypervisors after the company took down the internal infrastructure.
An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems. In a statement today, the BlackCat ransomware group claims that they had infiltrated MGM's infrastructure since Friday and encrypted more than 100 ESXi hypervisors after the company took down the internal infrastructure.
The Auckland Transport transportation authority in New Zealand is dealing with a widespread outage caused by a cyber incident, impacting a wide range of customer services. In a statement given to local media outlet NZ Herald, a spokesperson for AT stated that they have indications they were targeted by ransomware but noted that investigations are still ongoing.
Microsoft says an Iranian-backed threat group has targeted thousands of organizations in the U.S. and worldwide in password spray attacks since February 2023. "Between February and July 2023, Peach Sandstorm carried out a wave of password spray attacks attempting to authenticate to thousands of environments," the Microsoft Threat Intelligence team said.
United Kingdom's Greater Manchester Police said earlier today that some of its employees' personal information was impacted by a ransomware attack that hit a third-party supplier. The impacted organization, not named in a statement published today, is a service supplier for GMP and other organizations across the UK. GMP does not believe the data on the hacked systems contains financial information belonging to the police department's employees.
Microsoft added a new security feature to Windows 11 that lets admins block NTLM over SMB to prevent pass-the-hash, NTLM relay, or password-cracking attacks. This will modify the legacy approach where Kerberos and NTLM authentication negotiations with destination servers would be powered by Windows SPNEGO. When connecting to a remote SMB share, Windows will try to negotiate authentication with the remote computer by performing an NTLM challenge response.
Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes.
A new ransomware strain called 3AM has been uncovered after a threat actor used it in an attack that failed to deploy LockBit ransomware on a target network. Researchers say in a report today that the new malware "Has only been used in a limited fashion" and it was a ransomware affiliate's fallback when defense mechanisms blocked LockBit.