National Gallery of Canada
April 23, 2023
•[ ransomware, malware, government ]
The National Gallery of Canada says it's 'recovering' following a ransomware attack.
Naivas
April 23, 2023
•[ ransomware, malware, retail ]
Kenya's Naivas supermarket chain is the victim of a BlackCat ransomware incident.
Albany ENT & Allergy Services
April 23, 2023
•[ ransomware, malware, healthcare ]
Both BianLian and RansomHouse ransomware gangs list Albany ENT & Allergy Services in their leak site.
Allied Benefit
April 22, 2023
•[ ransomware, leak, malware ]
The Cl0p ransomware gang leaks some data from Allied Benefit allegedly exfiltrated exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.
CloudMed
April 22, 2023
•[ ransomware, malware, finance ]
The Cl0p ransomware gang leaks some data from CloudMed allegedly exfiltrated exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.
ITx
April 22, 2023
•[ ransomware, malware, finance ]
The Cl0p ransomware gang claims to have hacked ITx, a revenue management company, allegedly exfiltrated exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.
MedExHCO
April 22, 2023
•[ ransomware, malware, finance ]
The Cl0p ransomware gang claims to have hacked MedExHCO, allegedly exfiltrated exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.
Multiplan
April 22, 2023
•[ ransomware, malware, finance ]
The Cl0p ransomware gang claims to have hacked Multiplan, allegedly exfiltrated exploiting the CVE-2023-0669 Fortra GoAnywhere MFT Vulnerability.
Cementos Progreso
April 21, 2023
•[ ransomware, leak, malware ]
Cementos Progreso is added to BlackCat's ransomware leak site. As proof, they offer some samples with internal documents.
Logistica Integrada Sulamericana (LISA)
April 21, 2023
•[ ransomware, malware ]
Logistica Integrada Sulamericana (LISA) is listed in the BlackCat's ransomware leak site.
Robeson Health Care Corporation
April 21, 2023
•[ hack, malware, healthcare ]
Robeson Health Care Corporation files a notice of data breach after learning that confidential patient data was accessed by an unauthorized party following a malware attack.
Seguros la Occidental
April 21, 2023
•[ ransomware, malware, finance ]
Seguros la Occidental, a Venezuelan insurer that offers general and life insurance products, is added to BlackCat's ransomware leak site with samples containing 27 screenshots of images of various insurance company documents that included ID cards.
Saville Row
April 21, 2023
•[ ransomware, leak, malware ]
Saville Row, a Chilean clothing store, is added to BlackCat's ransomware leak site.
Undisclosed critical infrastructure organization in the United States
April 21, 2023
•[ hack, malware, energy ]
Researchers from Symantec/Broadcom reveal that the software supply chain attack that led to last month's 3CX breach has also impacted at least several critical infrastructure organizations in the United States and Europe.
Unknown Organization
April 20, 2023
•[ hack, malware, government ]
Even a Brazilian state government website (semed.capital.ms.gov.br) is observed serving Fortnite spam within the same campaign.
Peachtree Orthopedics
April 20, 2023
•[ ransomware, malware, healthcare ]
Peachtree Orthopedics posts a notice of data breach on the company's website after determining that an unauthorized party had gained access to its computer network. The Karakurt ransomware gang claims responsibility for the attack.
3CX
April 20, 2023
•[ espionage, malware, technology ]
Researchers from Mandiant reveal that the 3CX supply chain attack was caused by another supply chain compromise where suspected North Korean attackers breached the site of stock trading automation company Trading Technologies to push trojanized software builds.
Coldiretti
April 19, 2023
•[ ransomware, malware ]
Coldiretti, the Italian organization of agricultural entrepreneurs, suffers a Play ransomware attack.
PaperCut
April 19, 2023
•[ ransomware, malware, technology ]
Print management software developer PaperCut warns customers to update their software immediately, as hackers are actively exploiting two flaws, ZDI-CAN-18987 / PO-1216 and ZDI-CAN-19226 / PO-1219, to gain access to vulnerable servers. Later the attacks are attributed to the Cl0p ransomware gang.
Cisco
April 18, 2023
•[ espionage, malware, technology ]
The UK National Cyber Security Centre (NCSC), US Cybersecurity and Infrastructure Security Agency (CISA), NSA, FBI, and Cisco warn of Russian state-sponsored APT28 hackers deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers, exploiting CVE-2017-6742, allowing unauthenticated access to the device.
