JavaScript is not available.

A Tallahassee hospital has been forced to divert patients to other facilities and cancel all non-emergency surgical procedures after being hit by a cyberattack that began on Thursday night

They wouldn't say but its likely #ransomware

Tallahassee hospital diverting patients, canceling non-emergency surgeries after cyberattack

A Tallahassee hospital has been forced to divert patients and cancel all non-emergency surgical procedures after a Thursday night cyberattack.

Federal civilian agencies are being required to patch two vulnerabilities by Feb 23 after

@CISAgov

said they are actively being exploited (

)

CISA adds Oracle, SugarCRM bugs to exploited vulnerabilities list

CISA said two vulnerabilities from Oracle and SugarCRM are being exploited and ordered federal agencies to patch them before February 23.

Pascale Solages

@PascaleSolages

Much strength and love for Turkey🇹🇷 Every Haitian who lived on January 12, watching the images of Turkey, is not ok this morning. We are not ok.💔

A long-patched vulnerability in VMware's ESXi server application is allowing attackers to install ransomware on systems that haven't been updated.

‘Massive’ new ESXiArgs ransomware campaign has compromised thousands of victims

Thousands of servers running an unpatched version of VMware's ESXi product are vulnerable to ESXiArgs ransomware, researchers say.

Engineering firm Vesuvius Plc confirmed Monday that an incident “involved unauthorized access to our systems,” but the company did not provide further details.

British steel industry supplier Vesuvius ‘currently managing cyber incident’

Vesuvius Plc confirmed that the incident “involved unauthorized access to our systems,” but it did not provide further details.

🌐 A new #ransomware attack is spreading like crazy 🚨 Many VMware ESXi servers got encrypted in the last hours with this ransom note 🧐 What's interesting is that the bitcoin wallet is different in every ransom note. No website for the group, only TOX id 👀

203

423

Linux version of Royal Ransomware targets VMware ESXi servers -

@serghei

bleepingcomputer.com

Linux version of Royal Ransomware targets VMware ESXi servers

Royal Ransomware is the latest ransomware operation to add support for encrypting Linux devices to its most recent malware variants, specifically targeting VMware ESXi virtual machines.

⚠️ Confirmed: #Italy is in the midst of a major internet outage with high impact to leading operator Telecom Italia; real-time network data show national connectivity at 26% of ordinary levels; incident ongoing 📉 #TIMDown

937

1,422

ESXI encrypted global view from

@shodanhq

so far 644 sites...

143

why are you sprinting??????? 💨💨💨

🍔🍟 Looks like

was attacked by ALPHV/BlackCat

Quote Tweet

Ransomware News

@RansomwareNews

Feb 4

Group: alphv Approx. Time: 2023-02-04 23:07:59.162336 Title: Five Guys Enterprises, LLC

🌐Last Week #Ransomware Statistics 🧮 ➡️ Top Targeted Countries: 🇺🇸 USA: 22 🇬🇧 UK: 5 🇨🇦 Canada: 4 🇦🇺 Australia: 3 🇲🇽 Mexico: 3 ➡️ Top Active Groups: - Lockbit: 42 💥 (New record in one week) - Vice: 8 - BlackCat: 5 - Royal: 4 - Play: 2 Total Victims in 7 Days: 59 Hits Map:

With regard to the Nevada ransomware operation, the vulnerabilities they are exploiting are years old. VMware has also recommended disabling SLP for about a decade as part of the Security Configuration Guides. There should be nobody vulnerable to this!

core.vmware.com

Cloud Infrastructure Security Configuration Guides | VMware

Security Configuration Guides are the baseline for security hardening and the core of VMware Cloud Infrastructure security best practices, from vSphere on up.

New: Lockbit tells

that a ransom has been paid in the case of stricken financial data firm ION — ION itself has declined to comment. Story on wire.

The Week in Ransomware - February 3rd 2023 - Ending with a mess -

@LawrenceAbrams

bleepingcomputer.com

The Week in Ransomware - February 3rd 2023 - Ending with a mess

While the week started slowly, it turned into a big ransomware mess, with attacks striking a big blow at businesses running VMware ESXi servers.

Show this thread

Federal civilian agencies are being required to patch two vulnerabilities by Feb 23 after

@CISAgov

said they are actively being exploited (

)

CISA adds Oracle, SugarCRM bugs to exploited vulnerabilities list

CISA said two vulnerabilities from Oracle and SugarCRM are being exploited and ordered federal agencies to patch them before February 23.

If you're a GoAnywhere MFT customer, heads up — exploited zero-day vuln, no CVE, no patch (that we can tell). Mitigation available, has to be applied to every node.

rapid7.com

Exploitation of GoAnywhere MFT zero-day vulnerability | Rapid7 Blog

A warning has been issued about an actively exploited zero-day vulnerability affecting on-premise instances of Fortra’s GoAnywhere MFT.

A zero-day vulnerability affecting Fortra’s #GoAnywhere MFT managed file-transfer solution is currently being exploited, according to cybersecurity giant

@rapid7

#Zeroday

Zero day affecting Fortra’s GoAnywhere file transfer tool is actively being exploited

Fortra issued a private advisory about the zero-day. Cyber researchers then highlighted the information. There's no mention of a patch.

jon greig

A zero-day vulnerability affecting Fortra’s #GoAnywhere MFT managed file-transfer solution is currently being exploited, according to cybersecurity giant

@rapid7

#Zeroday

Zero day affecting Fortra’s GoAnywhere file transfer tool is actively being exploited

Fortra issued a private advisory about the zero-day. Cyber researchers then highlighted the information. There's no mention of a patch.

Researchers at

confirmed what

said in a private advisory: The company's GoAnywhere MFT solution contains a zero-day vulnerability that's being actively exploited (

)

Zero day affecting Fortra’s GoAnywhere file transfer tool is actively being exploited

Fortra issued a private advisory about the zero-day. Cyber researchers then highlighted the information. There's no mention of a patch.

Fast-evolving Prilex POS malware can block contactless payments

theregister.com

Fast-evolving POS malware can block contactless payments

... forcing users to insert their cards into less-secure PIN systems

🚨 On récapitule : un #ransomware semble distribué, depuis ce ~midi, automatiquement à grande échelle sur les serveurs #VMware #ESXi encore aujourd'hui affectés par une vuln de 2021. Ça fait mal, notamment en 🇫🇷

lemagit.fr

Ransomware : vaste campagne contre les serveurs VMware ESXi

🚨 Right now, at least 115 VMware ESXi servers (and counting) are compromised with this aggressive #Ransomware campaign. Beware!!! 👇 beta.shodan.io/search?query=h /cc

Quote Tweet

A tous : Si vous utilisez ESXi 6.x, mettez à jour IMMÉDIATEMENT, un cryptolock est en train de se propager à toute vitesse ! If you're using ESXi 6.x, update IMMEDIATELY, a cryptolock is rolling out fast!

Show this thread

217

448

Replying to

LockBit just removed ION Group.

Quote Tweet

Dominic Alvieri

@AlvieriD

Feb 2

ION Group derivatives unit has been breached by LockBit. Bloomberg reported the cyber incident today. ION software is used by financial institutions and central banks including the European Central Bank. /iongroup.com @nytimes @CNBC #cybersecurity #infosec @business

🚨 This is a massive attack, and as it appears to be automated, all admins are advised to confirm their ESXi servers are firewalled, with no ports exposed to the Internet, until they are patched. 🚨

Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide -

@serghei

bleepingcomputer.com

Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution...

297

421

⁦

⁩ has just released MitreMap notebook, which lets you input a threat report and it infers the most likely MITRE ATT&CK technique(s). This will help identify the motivations and TTPs of TA. You can also add IoCs to the reports. #DFIR

techcommunity.microsoft.com

[What's New] Extract Actionable Intelligence from Text-based Threat Intel using Sentinel Notebook

With special thanks to , , and . In this blog, we introduce the MitreMap Notebook, which lets you input a threat report and infers the most likely MITRE ATT&CK technique(s) that map to the report....

247

735

A Tallahassee hospital with 772 patient beds said it is diverting patients to other facilities and cancelling all non-emergency surgeries after being hit by a cyberattack (

)

Tallahassee hospital diverting patients, canceling non-emergency surgeries after cyberattack

A Tallahassee hospital has been forced to divert patients and cancel all non-emergency surgical procedures after a Thursday night cyberattack.

Researchers at Microsoft say a data leak operation against French satire publication Charlie Hebdo indeed has all the signature tactics of the Iranian group known as Emennet Pasargad or Neptunium. (

)

Microsoft accuses Iran's government of cyber operation against Charlie Hebdo

Microsoft says the data breach of Charlie Hebdo was retaliation for the satire publication's call for drawings of Iran's leader, Ali Khamenei.

accused Iran's military of being behind a hack on

@Charlie_Hebdo_

that involved the leak of personal information from 200,000 subscribers #CharlieHebdo #AliKhamenei #Iran

Microsoft accuses Iran's government of cyber operation against Charlie Hebdo

Microsoft says the data breach of Charlie Hebdo was retaliation for the satire publication's call for drawings of Iran's leader, Ali Khamenei.

#LockBit has listed Redford Township Police Department and the City of Allen Park, claiming to have "hacked into a network where there were two companies." This could imply that the attack was actually on a service provider shared by both the PD and the City. 1/2 #ransomware

Show this thread

French authorities arrested Julius Kivimäki in the high-profile hacking case against Vastaamo, a Finnish psychotherapy center. Kivimäki was prosecuted as a teenager for computer crimes. (

@AlexMartin

)

Julius 'zeekill' Kivimäki, former Lizard Squad hacker, arrested in France

Julius Kivimäki was being sought in the investigation into a cyberattack targeting Vastaamo, a Helsinki-based private psychotherapy center.

The chairmen of two U.S. House committees —

@RepJamesComer

and

@RepFrankLucas

— want more information from the

@ENERGY

Department about reported Russian hacking activity against three national laboratories last year (

@jwarminsky

)

Russia-linked hacking against national labs spurs inquiry from two House chairmen

The Russian group, known as Cold River, reportedly targeted the Brookhaven, Argonne and Lawrence Livermore labs in mid-2022.

NEW: The University of Zurich, Switzerland’s largest university, announced on Friday it was the target of a “serious cyberattack,” which comes amid a wave of hacks targeting German-speaking institutions.

Switzerland’s largest university confirms ‘serious cyberattack’

The University of Zurich, Switzerland’s largest university, announced on Friday it was the target of a “serious cyberattack."

Hardware vendor QNAP said a serious vulnerability discovered by a third-party researcher is "not actively exploited now." But researchers are warning it could be an opportunity for one cybercrime group in particular. (

)

QNAP warns of new bug prompting worries of potential Deadbolt ransomware exploitation

QNAP is warning customers to update their devices after a vulnerability was discovered making thousands of devices susceptible to attack.

Two apps tied to "pig butchering" schemes — where scammers develop a relationship with victims and get them to deposit money on fraudulent apps — made it onto Apple and Google's app stores. (

)

Scammers managed to slip crypto apps onto Apple, Google app stores

Scammers were able to get two fraudulent apps onto the app stores run by both Google and Apple, according to Sophos.

Another day, another #OneNote maldoc! 📄 We're seeing growing OneNote #maldoc usage lately: crooks leverage different lures, such as #Office365 and blurred documents. Check a fresh "Legal Notice" maldoc with #Redline as the payload 👇 app.any.run/tasks/b5396b9e

Muhammad Ali knocks out Cleveland Williams, 1966

106

2,775

38.2K