The government-sponsored dental and oral healthcare provider warned its customers that a March attack exposed sensitive data, some of which was leaked online by the ransomware group. Read More
Related Posts
TeamViewer Hacked: Attackers Accessed Internal Corporate IT Environment
TeamViewer Hacked: Attackers Accessed Internal Corporate IT Environment
On Wednesday, June 26, 2024, TeamViewer, a leading provider of remote access software, announced that attackers had compromised its internal corporate IT environment.
The company’s security team detected an “irregularity” in their internal systems, prompting an immediate response. TeamViewer activated its incident response procedures and brought in external cybersecurity experts to investigate and implement remediation measures.
In a statement, TeamViewer emphasized that its corporate IT environment is “completely independent” from its product environment. The company stated there is no evidence that the breach affected customer data or the TeamViewer product itself. However, investigations are still ongoing.
Scan Your Business Email Inbox to Find Advanced Email Threats – Try AI-Powered Free Threat Scan
“Security is of utmost importance to us; it is deeply rooted in our DNA,” TeamViewer said. Therefore, we value transparent communication and will continuously update the status of our investigations as new information becomes available.”
While TeamViewer has not provided details on the nature of the attack, according to a security researcher, NCC Group, a cybersecurity firm, issued an alert to its customers about a “significant compromise of the TeamViewer remote access and support platform by an APT group.”
APT stands for Advanced Persistent Threat, typically referring to sophisticated, state-sponsored hacking groups.
NCC Group circulated the alert citing the “widespread usage” of TeamViewer, though the firm did not disclose its sources and said it is still investigating the incident.
Millions of users worldwide use TeamViewer for remote access and support. The company says its primary focus remains ensuring the integrity of its systems as it continues to investigate the full scope of the breach.
This incident highlights the ongoing cybersecurity challenges faced by major technology providers. Users of TeamViewer are advised to monitor for any updates from the company regarding potential impacts or required actions.
The post TeamViewer Hacked: Attackers Accessed Internal Corporate IT Environment appeared first on Cyber Security News.
Mallox Ransomware Attacking Linux Servers In Wild – Decryptor Uncovered
Mallox Ransomware Attacking Linux Servers In Wild – Decryptor Uncovered
Linux servers often provide hosting for critical applications, websites, and databases, which makes them a lucrative target for intruders to get unauthorized access to steal data and manipulate services.
Exploiting security holes in Linux servers can enable attackers to take control over large-scale infrastructures. Due to its popularity and wide usage in enterprise environments, Linux is very appealing to malicious actors.
Cybersecurity researchers at Uptycs recently discovered that Mallox ransomware has been actively attacking Linux servers in the wild.
Mallox Ransomware Attacking Linux Servers
The Mallox ransomware has been around since 2021, and now, it has moved to Linux systems using custom Python scripts.
The discovery of a new Flask-based web panel makes it easy for its users to develop and maintain Linux ransomware builds.
“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo
When you register on this page, this site’s host will facilitate your authentication and malware development.
This indicates that the creators of Mallox may have changed their tactics and can now offer RaaS services in different regions.
The Mallox ransomware encryptor uses base64 encoding and AES-256-CBC encryption for its configuration. The decrypted config reveals the following things:-
Ransom details
Target information
Encryption parameters
The ransomware employs the same AES-256-CBC method to encrypt victim files, appending a .lmallox extension and dropping a ransom note named “READ_THIS_NOW.txt.”
Mallox ransomware provides decryptors for each encryptor built on their server. Uptycs has collected seven such decryptors corresponding to specific build IDs.
The researchers also offered detection capabilities using YARA rules to identify Mallox campaign activity. Researchers can hunt for Mallox servers using specific queries on FOFA or Censys search engines.
Yara Detection
Are you from SOC/DFIR Teams? – Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files
The post Mallox Ransomware Attacking Linux Servers In Wild – Decryptor Uncovered appeared first on Cyber Security News.
CrowdStrike to Acquire Flow Security
CrowdStrike to Acquire Flow Security
[[{“value”:”
CrowdStrike says the acquisition of Flow Security will expand its cloud security capabilities with Data Security Posture Management.
The post CrowdStrike to Acquire Flow Security appeared first on SecurityWeek.
“}]] Read More
SecurityWeek RSS Feed