Clop is back to wreak havoc via vulnerable file-transfer software

In what we can assure you is a new cybersecurity incident despite sounding incredibly similar to incidents of past notoriety: threat actors tied to a notorious ransomware and extortion group have exploited file-transfer software to carry out attacks.  Clop has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT […]

The post Clop is back to wreak havoc via vulnerable file-transfer software appeared first on CyberScoop.

Continue reading Clop is back to wreak havoc via vulnerable file-transfer software

Court indicts 14 North Korean IT workers tied to $88 million in illicit gains

It’s part of a broader effort to counter Pyongyang’s use of tech professionals to fool U.S. companies and nonprofits.

The post Court indicts 14 North Korean IT workers tied to $88 million in illicit gains appeared first on CyberScoop.

Continue reading Court indicts 14 North Korean IT workers tied to $88 million in illicit gains

Canadian Man Arrested in Snowflake Data Extortions

A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake.

On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States. Bloomberg first reported Moucka’s alleged ties to the Snowflake hacks on Monday.

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories used by some of the world’s largest corporations. Continue reading Canadian Man Arrested in Snowflake Data Extortions

Suspected Russian hacking, influence operations take aim at Ukrainian military recruiting

Google’s Threat Analysis Group and Mandiant said one group is behind the hybrid campaign that takes aim at both recruits and broader recruiting efforts.

The post Suspected Russian hacking, influence operations take aim at Ukrainian military recruiting appeared first on CyberScoop.

Continue reading Suspected Russian hacking, influence operations take aim at Ukrainian military recruiting

Fortinet warns of active campaign exploiting bug in FortiManager products

At least 50 organizations have been hit by the campaign, Fortinet and Mandiant say, and federal agencies are on the hook to patch.

The post Fortinet warns of active campaign exploiting bug in FortiManager products appeared first on CyberScoop.

Continue reading Fortinet warns of active campaign exploiting bug in FortiManager products

Fortinet warns of active campaign exploiting bug in FortiManager products

At least 50 organizations have been hit by the campaign, Fortinet and Mandiant say, and federal agencies are on the hook to patch.

The post Fortinet warns of active campaign exploiting bug in FortiManager products appeared first on CyberScoop.

Continue reading Fortinet warns of active campaign exploiting bug in FortiManager products

Defenders must adapt to shrinking exploitation timelines

A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 days in 2021 in 2022. One reason for this is the fact that, in 2023, exploitatio… Continue reading Defenders must adapt to shrinking exploitation timelines

Private US companies targeted by Stonefly APT

Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat analysts warned. About Stonefly Also known as Andariel and OnyxFleet, Stonefly … Continue reading Private US companies targeted by Stonefly APT

Exclusive: Kevin Mandia joins SpecterOps as chair of the board

The Mandiant founder and Google Cloud adviser tells CyberScoop that he sees a lot of similarities between SpecterOps and the early days of his cybersecurity powerhouse company.

The post Exclusive: Kevin Mandia joins SpecterOps as chair of the board appeared first on CyberScoop.

Continue reading Exclusive: Kevin Mandia joins SpecterOps as chair of the board