The city’s authorities informed the public it had been targeted by a ransomware attack on February 10, 2023. It impacted all network systems except 911 dispatch, fire emergency services, and the city’s financial systems.

The Vice Society ransomware gang has published on the dark web files that it stole from Vesuvius, one month after the company announced that it had suffered a “cyber incident.”

Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers from the company’s Fortra GoAnywhere MFT secure file-sharing platform.

The malware, besides performing defense evasion checks to determine if it’s being executed in a sandbox, establishes persistence by means of a Visual Basic script and uses transfer[.]sh for data exfiltration.

This backdoor is part of an ongoing campaign that researchers can trace back to early January 2023. Unlike most of the group’s malware, MQsTTang doesn’t seem to be based on existing families or publicly available projects.

A new federal strategy to make manufacturers liable for insecure software requires an attainable safe harbor policy and could be a disincentive for them in sharing important vulnerability info with the government, according to industry observers.

Cado Labs researchers recently discovered a new cryptojacking campaign targeting insecure deployments of Redis database servers. Threat actors behind this campaign used the free and open source command line file transfer service transfer.sh.

A leader of an international crime network that attempted to launder more than $25 million in fraudulently obtained funds, including through business email compromise, received a sentence of more than a decade in prison.

An analysis conducted by researcher Anurag Sen at CloudDefense.AI showed that the exposed Falkensteiner customer data was associated with Gustaffo, a company offering IT solutions for the hospitality industry.