yaracroft @venom@nanao.cybtex.fr

Scripps Health confirmed Sunday their technology servers were hacked overnight, forcing the health care system to switch to offline chart systems and causing a disruption to their patient portals.

https://www.nbcsandiego.com/news/local/scripps-health-hit-by-cyberattack/2593431/

Deepfake attacks are about to surge

https://threatpost.com/deepfake-attacks-surge-experts-warn/165798/

Office 365 leaking BCC domain name

https://www.reddit.com/r/Office365/comments/n3qky1/office_365_leaking_bcc_domain_name/

New buer malware downloader rewritten in E-Z Rust language

https://threatpost.com/buer-malware-loader-rewritten-rust/165782/

How tech loses out over at companies, countries and continents

https://berthub.eu/articles/posts/how-tech-loses-out/

Intrusion et infection par #ransomware du SI de la commune de Houilles (Yvelines) au 30 janvier 2021 : les systèmes étaient obsolètes et les pare-feu dépassés

https://actu.fr/ile-de-france/houilles_78311/yvelines-houilles-la-cyberattaque-aurait-coute-350-000_41164553.html

Cerinnov Group, spécialiste de l'ingénierie robotique et des équipements industriels pour l'industrie de la céramique et du verre en France et à l'international, publie ses résultats annuels 2020. Cerinnov Group informe par ailleurs le marché, par souci de transparence, qu'il a détecté, en date du 27 mars 2021, une intrusion sur son réseau informatique et le déploiement d'un logiciel de type #ransomware

https://finance.orange.fr/bourse/article/cerinnov-retour-progressif-a-une-normalisation-en-2021-a-confirmer-CNT000001AxvkZ.html

Hotbit suffered a serious cyber attack starting around 08:00 PM UTC, Apr.29, which led to the paralyzation of a number of some basic services

https://hotbit.zendesk.com/hc/en-us/articles/1500008915521-

A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines for the naval arm of the Russian Armed Forces.

Rubin Design Bureau is a submarine design center located in Saint Petersburg, accounting for the design of over 85% of submarines in the Soviet and Russian Navy since its origins in 1901, including several generations of strategic missile cruiser submarines.

https://www.cybereason.com/blog/portdoor-new-chinese-apt-backdoor-attack-targets-russian-defense-sector

Elekta, le fournisseur suédois de systèmes d'oncologie et de radiologie se remet d'une attaque informatique qui l'a contraint à placer hors ligne la totalité de son système de stockage basé sur le cloud de première génération.

https://www.hipaajournal.com/healthcare-providers-postpone-radiation-treatments-cyberattack-elekta/

A team of computer science researchers has uncovered a line of attack that breaks all Spectre defenses, meaning that billions of computers and other devices across the globe are just as vulnerable today as they were when Spectre was first announced.

https://www.sciencedaily.com/releases/2021/04/210430165903.htm

Malicious actors have adopted Excel 4.0 documents as a way of distributing their malware. This method has been here for more than a year and the number of newly seen samples isn't dropping. The share of malicious samples in the total number of Excel 4.0 documents exceeds 90%, and, since a lot of well known malware families like Quakbot, ZLoader and Trickbot have been seen using them, we can expect these numbers to keep growing as more malware families pivot to this initial stage vector. The biggest risk for the targeted companies and individuals is the fact that security solutions still have a lot of problems with detecting malicious Excel 4.0 documents

https://blog.reversinglabs.com/blog/spotting-malicious-excel4-macros

Naikon (aka Override Panda, Lotus Panda, or Hellsing) has a track record of targeting government entities in the Asia-Pacific (APAC) region in search of geopolitical intelligence. While initially assumed to have gone off the radar since first exposed in 2015, evidence emerged to the contrary last May when the adversary was spotted using a new backdoor called « Aria-Body » to stealthily break into networks and leverage the compromised infrastructure as a command-and-control (C2) server to launch additional attacks against other organizations. The new wave of attacks employed RainyDay as the primary backdoor, with the actors using it to conduct reconnaissance, deliver additional payloads, perform lateral movement across the network, and exfiltrate sensitive information.

https://labs.bitdefender.com/2021/04/new-nebulae-backdoor-linked-with-the-naikon-group/

The malicious activity, collectively named « EmissarySoldier » has been attributed to a threat actor called LuckyMouse, and is said to have happened in 2020 with the goal of obtaining geopolitical insights in the region. The attacks involved deploying a toolkit dubbed SysUpdate (aka Soldier) in a number of breached organizations, including government and diplomatic agencies, telecom providers, a TV media company, and a commercial bank.

https://www.welivesecurity.com/2021/04/29/prime-targets-governments-shouldnt-go-it-alone-on-cybersecurity/

We observed UNC2447, an aggressive financially motivated group, exploit SonicWall SMA 100 series VPN zero-day vulnerability prior to patch availability, use SOMBRAT malware, and finally deploy FIVEHANDS ransomware (Mandiant)

Microsoft has acquired Kinvolk, the creator and distributor of Flatcar Container Linux technologies, as well as the Lokomotive and Inspektor Gadget projects