from the complaints-department-5000-miles-> dept.
What do Boeing, an Australian shipping company, the world's largest bank, and one of the world's biggest law firms have in common? All four have suffered cybersecurity breaches, most likely at the hands of teenage hackers, after failing to patch a critical vulnerability that security experts have warned of for more than a month, according to a post published Monday.
[...] All four companies have confirmed succumbing to security incidents in recent days, and China's ICBC has reportedly paid an undisclosed ransom in exchange for encryption keys to data that has been unavailable ever since.
[...] After the CitrixBleed exploit grants initial remote access through software known as Virtual Desktop Infrastructure, LockBit escalates its access to other parts of the compromised network using tools such as Atera, which provides interactive PowerShell interfaces that don't trigger antivirus or endpoint detection alerts. This access remains even after CitrixBleed is patched unless administrators take special actions.
« Chatgpt's New Code Interpreter Has Giant Security Hole, Allows Hackers To Steal Your Data | Developers Can’t Seem to Stop Exposing Credentials in Publicly Accessible Code »
The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack:
Earlier today, the threat actor listed the software company MeridianLink on their data leak with a threat that they would leak allegedly stolen data unless a ransom is paid in 24 hours.
MeridianLink is a publicly traded company that provides digital solutions for financial organizations such as banks, credit unions, and mortgage lenders.
According to DataBreaches.net, the ALPHV ransomware gang said they breached MeridianLink's network on November 7 and stole company data without encrypting systems.
The ransomware actor said that "it appears MeridianLink reached out, but we are yet to receive a message on their end" to negotiate a payment in exchange for not leaking the supposedly stolen data.
The alleged lack of response from the company likely prompted the hackers to exert more pressure by sending a complaint to the U.S. Securities and Exchange Commission (SEC) about MeridianLink not disclosing a cybersecurity incident that impacted "customer data and operational information."
[...] In their own words, the attacker told the SEC that MeridianLink suffered a "significant breach" and did not disclose it as required in Form 8-K, under Item 1.05.
The SEC's new cybersecurity rules are set to take effect on December 15, 2023.
Originally spotted on Schneier on Security.