The NCUA has been in contact with the affected financial institutions and helped them get their systems back online. The attack, which was caused by ransomware, affected credit unions using cloud services provided by Ongoing Operations.
The funding round was led by U.S. Venture Partners (USVP), and included strategic investor Dmitri Alperovitch, co-founder and former CTO of CrowdStrike, as well as existing investors Venrock, CyberArk, F2 Capital, and Pico Venture Partners.
The OLVX marketplace operates on the clear web and has gained popularity in recent months. It offers various products and services, including phish kits, remote desktop connections, cPanel credentials, webshells, and stolen data.
The effects of a November ransomware attack against Oceanside, California’s Tri-City Medical Center were contained more than two weeks ago, but now those behind the cyber incident are publishing stolen data on the dark web.
An independent review found that the breach was a result of multiple factors and highlighted the organization’s lack of a data protection strategy. It also noted that the PSNI had not fully implemented the 2018 Data Protection Act.
The engineer deployed malware, deleted code repositories, and emailed himself proprietary bank code in retaliation for being fired, impersonating a coworker in the process.
Microsoft has released its final set of Patch Tuesday updates for 2023, addressing 33 flaws in its software. This release is considered one of the lightest in recent years, with four critical vulnerabilities and 29 important ones.
The Russian APT28 threat actor, also known as ITG05, is using authentic documents related to the Israel-Hamas war as lures to deliver a custom backdoor called HeadLace against targeted entities in 13 countries, primarily in Europe.
Around 1,450 instances of pfSense, an open-source firewall and router software, are vulnerable to command injection and cross-site scripting flaws. These flaws, if exploited together, could allow attackers to execute remote code on the system.
The threat actor uses techniques such as sending URLs to fake resume websites or attachments containing instructions to visit the website, leading to the download of malicious files.