Ransomware gang posts data stolen from a Canadian POS provider, and more.
Welcome to Cyber Security Today. It’s Monday, November 27th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
The Medusa ransomware gang has publicly posted what is says is data stolen from Canada’s Moneris Solutions. Moneris operates a network that supports credit card processing terminals used by retailers across the country. When news of the data theft first emerged earlier this month Moneris said the attackers didn’t get access to critical data. But Medusa says it has copies of “accounts and email addresses of the Moneris employees and clients, ID numbers, contracts, presentations, reports of financial transactions” and more. Asked for comment, the company pointed to a statement on its website that the gang did access and release data from a corporate shared drive which included merchant IDs, issues logs and names and addresses related to legacy gift cards.
The NoEscape ransomware gang says it copied 35GB of sensitive information before encrypting the data of Utah’s Granger Medical Clinic. The gang claims it has confidential agreements and contracts, documents on employees and personal information of patients. According to the news site DataBreaches.net, the gang demanded US$700,000 before publicly releasing the data on its site.
The Rhysida ransomware gang says it hacked one of China’s biggest energy infrastructure builders. The gang is demanding 50 bitcoin — about US$1.9 million — or it will publish the data it stole from government-owned China Energy Engineering Group.
Administrators of the open-source ownCloud content collaboration platform have been warned to address a critical vulnerability. If leveraged, configuration details of PHP environments including admin passwords and mail server credentials could be revealed. For the time being a specific application file has to be deleted. In addition, the ownCloud admin password, mail server and database credentials should be changed. Coming soon are core releases to mitigate similar vulnerabilities.
An IT managed services provider to a number of law firms in the United Kingdom is partly offline after a cyber attack. The company, called CTS, said Friday it is confident it can restore full service, but can’t say when. According to one news site, around 80 law firms are directly affected. But indirectly others — like home movers — are said to be affected as well because some legal work can’t be finished.
General Electric is investigating claims a hacker is selling network access and stolen data. According to the BleepingComputer news site, the IntelBroker gang says it has military information and other documents taken from GE, which has aerospace, energy and digital divisions.
Finally, a criminal gang that scams people selling or shopping for used goods on online marketplaces is looking for recruits. Be prepared, though, to fill out a criminal work experience application form. That’s according to researchers at ESET and Flare. The just published an analysis of the threat group they call Neanderthals. This gang has a tool called Telekopye that helps create phony websites, phishing emails and text messages. Those whose applications are approved and can join in on the scams can use the tool. One scam tricks people into buying an advertised but non-existent item. The victim is sent a link to a phishing website that looks like the payment page of a legitimate online marketplace, where their payment card information is captured. Another type of scam has the gang member pretending they paid for an article being advertised by a victim. Gang members are also involved in apartment rental scams, creating a fake website ad that copies a real apartment for rent. Victims a tricked into paying a so-called reservation fee. The gang even has instruction manuals with suggested persuasive conversations for its members to help make convincing pitches.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
The post Cyber Security Today, Nov. 27, 2023 – Ransomware gang posts data stolen from a Canadian POS provider, and more first appeared on IT World Canada.