Security News
Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal. "Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an organization's files, and then threatening to publish the stolen data on a leak site as leverage to convince victims to pay the ransom fee," security researchers Lior Rochberger and Shimi Cohen said in a new report shared with The Hacker News.
US-based enterprise software company JumpCloud was breached by North Korean Lazarus Group hackers, according to security researchers at SentinelOne and CrowdStrike. In a report published on Thursday, SentinelOne Senior Threat Researcher Tom Hegel linked the North Korean threat group to the JumpCloud hack based on multiple indicators of compromise shared by the company in a recent incident report.
Every time a breach occurs, the impacted organization's response differs from the last. In this Help Net Security video, Rodman Ramezanian, Global Cloud Threat Lead at Skyhigh Security, discusses what we should do - and not do - in the wake of a data breach.
A little over a week after JumpCloud reset API keys of customers impacted by a security incident, the company said the intrusion was the work of a sophisticated nation-state actor. The adversary "Gained unauthorized access to our systems to target a small and specific set of our customers," Bob Phan, chief information security officer at JumpCloud, said in a post-mortem report.
US-based enterprise software firm JumpCloud says a state-backed hacking group breached its systems almost one month ago as part of a highly targeted attack focused on a limited set of customers.On July 5, JumpCloud discovered "Unusual activity in the commands framework for a small set of customers" while investigating the attack and analyzing logs for signs of malicious activity in collaboration with IR partners and law enforcement.
Ukraine's Computer Emergency Response Team (CERT-UA) is warning that the Gamaredon hacking operates in rapid attacks, stealing data from breached systems in under an hour. [...]
Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account consumer signing key to breach two dozen organizations. "Storm-0558 acquired an inactive MSA consumer signing key and used it to forge authentication tokens for Azure AD enterprise and MSA consumer to access OWA and Outlook.com," the tech giant said in a deeper analysis of the campaign.
Colorado State University has confirmed that the Clop ransomware operation stole sensitive personal information of current and former students and employees during the recent MOVEit Transfer data-theft attacks. Colorado State University is a public research university with nearly 28,000 students and 6,000 academic and administrative staff members, operating on an endowment of $558,000,000.
Sophisticated hackers have accessed email accounts of organizations and government agencies via authentication tokens they forged by using an acquired Microsoft account consumer signing key, the company has revealed on Tuesday. "The threat actor Microsoft links to this incident is an adversary based in China that Microsoft calls Storm-0558. We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection."
Deutsche Bank AG has confirmed to BleepingComputer that a data breach on one of its service providers has exposed its customers' data in a likely MOVEit Transfer data-theft attack. The bank said that only a limited amount of personal data was exposed due to the security incident.