Lifeboat Foundation

A Chinese hacking group believed to operate on behalf of the Beijing government has learned how to bypass two-factor authentication (2FA) in attacks on government and industry targets, ZDNet reported on Monday.

The group, known as APT20, has reportedly sought to compromise VPN credentials that would grant them heightened levels of access across their victims’ networks, according to ZDNet, citing a new report from Dutch cyber-security firm Fox-IT.

Based on files uploaded to the VirusTotal scanning service, the ransomware attack on the City of New Orleans was likely done by the Ryuk Ransomware threat actors.

On December 14th, 2019, one day after the City of New Orleans ransomware attack, what appear to be memory dumps of suspicious executables were uploaded from an IP address from the USA to the VirusTotal scanning service.

One of these memory dumps, which contained numerous references to New Orleans and Ryuk, was later found by Colin Cowie of Red Flare Security and shared with BleepingComputer.com.

The City of New Orleans has suffered a cybersecurity attack serious enough for Mayor LaToya Cantrell to declare a state of emergency.

The attack started at 5 a.m. CST on Friday, December 13, according to the City of New Orleans’ emergency preparedness campaign, NOLA Ready, managed by the Office of Homeland Security and Emergency Preparedness. NOLA Ready tweeted that “suspicious activity was detected on the City’s network,” and as investigations progressed, “activity indicating a cybersecurity incident was detected around 11 am.” As a precautionary measure, the NOLA tweet confirmed, the City’s IT department gave the order for all employees to power down computers and disconnect from Wi-Fi. All City servers were also powered down, and employees told to unplug any of their devices.

One of New Jersey’s largest hospital systems said it was hit this month by a ransomware attack that disrupted care across its clinics and 17 hospitals.

Hackensack Meridian Health said Friday the attack began Dec. 2 and forced it to cancel some surgical and other procedures, though no patients were harmed and its emergency rooms kept seeing patients.

The Times

Maze Ransomware operators claim responsibility for another cyber attack, this time against leading wire and cable manufacturer Southwire Company, LLC (Southwire) from Carrollton, Georgia.

Southwire is one of North America’s leading wire and cable makers, “building wire and cable, utility products, metal-clad cable, portable and electronic cord products, OEM wire products and engineered products” per a press release published in January 2019.

Maze Ransomware, a variant of Chacha Ransomware, was discovered by Malwarebytes security researcher Jérôme Segura in May. The malware strain has become increasingly more active starting with May 2019.

A ransomware attack on IT service vendor Virtual Care Provider has disrupted care at about 110 nursing homes and acute care facilities, locking the providers out of their patient records.

The numbers are in, and Woodstock’s September cyber attack is set to cost the city more than $667,000, even though the city didn’t pay, and never reached out, to the hackers behind the ransomware.

It seems like a big number – roughly nine times what nearby Stratford paid as a ransom after a spring cyber attack – but experts say it’s a short-term hit for a long-term gain in cyber security.

While difficult to compare the Woodstock and Stratford attacks – no two cities conduct cyber security the same way – Woodstock’s costs are in line with what residents should expect, one cyber-sector expert said.

A new FBI warning provides advice on protecting home WiFi networks from attack.

Leaving a vulnerable system unpatched can invite troubles for an organization. The issue can turn worse when the organization suffers a cyberattack that can result in, but not limited to, compromise of confidential data, DDoS attacks or stealing of customers’ details.

According to a report released by Recorded Future, it has been found that the same vulnerabilities kept showing up year-after-year. An interesting aspect of the report was that most of these vulnerabilities were found to be exploited via phishing attacks and exploit kits that specifically target flaws in Microsoft products.