yaracroft @venom@nanao.cybtex.fr

CISA is aware of a recent successful cyberattack against an organization using a new #ransomware variant, which CISA refers to as FiveHands. Threat actors used publicly available penetration testing and exploitation tools, FiveHands ransomware, and SombRAT remote access trojan (RAT), to steal information, obfuscate files, and demand a ransom from the victim organization.

https://us-cert.cisa.gov/ncas/analysis-reports/ar21-126a

ColonialPipeline was the subject of a #malware that triggered a shutdown of their operations.
U.S. pipeline operator that transports 45% of East Coast fuel shuts entire network after #cyber attack

Colonial's network supplies fuel from U.S refiners on the Gulf Coast to the populous eastern and southern United States. The company transports 2.5 million barrels per day of gasoline, diesel, jet fuel and other refined products through 5,500 miles (8,850 km) of pipelines. Colonial Pipeline says it transports 45% of East Coast fuel #supply. The company learned of the attack on Friday and took systems offline to contain the #threat

https://www.cnbc.com/2021/05/08/colonial-pipeline-shuts-pipeline-operations-after-cyberattack.html

Colonial Pipeline System Disruption

https://www.colpipe.com/news/press-releases/media-statement-colonial-pipeline-system-disruption

U.S. defense contractor BlueForce (blueforceinc.com) has apparently been hit in a #ransomware attack, according to a Conti ransomware chat and Hatching Triage sample.

https://searchsecurity.techtarget.com/news/252500356/US-defense-contractor-BlueForce-apparently-hit-by-ransomware

Moriya is used to deploy passive backdoors on public-facing servers. The passive backdoor allows attackers to monitor all traffic, incoming and outgoing, that passes through an infected machine and filter out packets sent for the malware. The packet inspection occurs in kernel mode with the help of a Microsoft Windows driver.

https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/

A Hacker Began Posting Patients' Deepest Secrets Online. A mental health startup Vastaamo built its business on easy-to-use technology. Patients joined in droves. Then came a catastrophic. A family-run psychotherapy startup grew into a health care giant. It was a huge success-until the #databreach and the anonymous ransom notes sent to clients.

https://www.wired.com/story/vastaamo-psychotherapy-patients-hack-data-breach/

The U.S. Agency for Global Media (USAGM) has disclosed a #databreach that exposed the personal information of current and former employees and their beneficiaries.

https://www.bleepingcomputer.com/news/security/us-agency-for-global-media-data-breach-caused-by-a-phishing-attack/

Faxton St. Luke's Healthcare: US Healthcare Provider's Third-Party #Databreach Compromises 17,655 Patients' Personal Data

https://www.wktv.com/content/news/Faxton-St-Lukes-Healthcare-faces-data-breach-potentially-exposing-information-on-thousands-of-patients-574354251.html

Telstra : Australian Telecommunications Company's Third-Party Avaddon Ransomware Attack Results In Stolen SIM Card Data. Hackers have claimed they have gained access to tens of thousands of SIM cards after a cyber attack against an Australian telecom firm.

https://www.theaustralian.com.au/breaking-news/telstra-service-provider-hit-by-cyber-attack-as-hackers-claim-sim-card-information-stolen/news-story/2ff32b2e3634506882102e9c9d012994

The Alaska Court System has taken nearly all its IT systems offline following a cybersecurity incident last week. The deactivated systems include the state's electronic filing system, court calendars, online payments of bail and court fees, virtual hearings and external emails for court employees. A statement on the Alaska courts' main website attributes explains the outages were necessary to remove malware from it servers.

https://statescoop.com/cyberattack-knocks-alaska-courts-offline/

CVE-2020-11292 - Researchers found a high-severity security bug in the Qualcomm chip modem communication protocol QMI, but fixing it now is complicated. This flaw could affects 30% of all smartphones.

https://www.technadu.com/flaw-qualcomms-modem-component-affects-30-percent-all-smartphones/272642/

Many Uxbridge residents learned Monday that their personal information may have been compromised during a cyber attack at the Region of Durham at the end of last month.

https://www.thestar.com/news/canada/2021/04/29/residents-learn-of-cyber-attack-one-month-after-breach.html

Cloud communications company Twilio has now disclosed that the recent Codecov supply-chain attack exposed a small number of Twilio's customer email addresses.

https://www.bleepingcomputer.com/news/security/twilio-discloses-impact-from-codecov-supply-chain-attack/

ShinyHunters strikes again and the company that's called to carry the burden is yet another Indian entity, WedMeGood. Hackers are sharing the entire WedMeGood database for free

https://www.technadu.com/shinyhunters-sharing-entire-wedmegood-stolen-database-free/271928/