#Verpasstodon

Basler Schulnetz gehackt, Schülerdaten im Darknet

1,2 Terabyte an Daten von und über Schülern kursieren im Darknet. Sie stammen vom Basler Bildungsserver eduBS.​

https://www.heise.de/news/Gescheiterte-Erpresser-posten-Daten-Basler-Schueler-9056730.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Basel #BianLian #Bildung #Bildungsserver #ConradinCramer #Darknet #Datenschutz #Datensicherheit #Erpressung #Hacking #Kinder #Lehrer #Ransomware #Schule #Schweiz #Schüler #Security #Verbrechem #eduBS

Take action now to avoid BianLian ransomware attacks, US Government warns organisations https://www.tripwire.com/state-of-security/take-action-now-avoid-bianlian-ransomware-attacks-us-government-warns #Ransomware #databreach #ransomware #Guestblog #Law&order #Dataloss #BianLian #Malware

Take action now to avoid BianLian ransomware attacks, US Government warns organisations - A joint alert has been issued by US government agencies, advising organisations of the st... https://www.tripwire.com/state-of-security/take-action-now-avoid-bianlian-ransomware-attacks-us-government-warns #ransomware #databreach #guestblog #lawℴ #dataloss #bianlian #malware

#CISA, il gruppo #BianLian #ransomware cambia tattica - The Computer Security News (BLOG)
#cybersecurity #hacking https://www.computersecuritynews.it/cisa-il-gruppo-bianlian-ransomware-cambia-tattica/

If you use #RDP, make sure it's strictly internal, and limited only to specific #admin accounts, and that you *DO NOT* have any #3389 open publicly. That IP will be found (quickly), and your #endpoint will be attacked, if not #breached. #BianLian has shifted their attack model. @cisacyber dropped an advisory this week, here's a decent summary of what's up: https://www.darkreading.com/threat-intelligence/bianlian-cybercrime-group-changes-attack-methods-cisa-advisory-notes?_mc=NL_DR_EDT_DR_weekly_20230518&cid=NL_DR_EDT_DR_weekly_20230518&sp_aid=116563&elq_cid=38046155&sp_eh=144c4ccfdc4bcabeefa4110f1ea26cecf2a866a1c04b99a946a3df0524ced34c&sp_eh=144c4ccfdc4bcabeefa4110f1ea26cecf2a866a1c04b99a946a3df0524ced34c&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_05.18.23&sp_cid=48613&utm_content=DR_NL_Dark%20Reading%20Weekly_05.18.23

#Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #DataExfiltration #Exfil #AttackSurfaceReduction #Ransomware

Northeast Surgical Group notifies 15,298 patients of a HIPAA breach, but doesn't tell them their information has been dumped.

https://www.databreaches.net/northeast-surgical-group-notifies-15298-patients-of-a-hipaa-breach-but-doesnt-tell-them-their-information-has-been-dumped/

@brett @allan @jgreig @BleepingCompute

#BianLian #HIPAA #ransomware #databreach #dataprotection #incidentresponse #transparency #infosec #cybersecurity #NESG

BianLian's account on BreachForums lists a law firm they claim to have attacked and snagged 423 GB of data from.

Of course, they don't name them at this point, but their victim appears to be Adami, Shuffield, Scheihing & Burns in San Antonio, TX.

#databreach #ransomware #dataprotection #infosec #cybersecurity #BianLian

BianLian doesn't seem to get a lot of media coverage, but they've hit a number of entities in the healthcare sector already, including one hospital.

BianLian recently posted samples from some unnamed victims on Breached -- but it was easy to determine the victims from the samples: Northeast Surgical Group, Zerbe Retirement Community, and Arizona Reproductive Medicine Specialists. None of the three have any notice on their websites at this time.

Today, BianLian dumped data from Northeast Surgical Group on their leak site. They also dumped data from Suburban Laboratories in Illinois.

There is nothing on Suburban's website about any incident, and none of these victims have yet to appear on HHS's public breach tool.

Perhaps HHS should provide a threat brief or analyst note on BianLian, including the availability of any free decryptor.

#BianLian #databreach #ransomware #infosec #HealthSec #cybersecurity

More data leaked from St. Rose Hospital ransomware incident: https://www.databreaches.net/more-data-leaked-from-st-rose-hospital-ransomware-incident/

It turns out the hospital, which has steadfastly ignored all inquiries from my site, allegedly did negotiate with the threat actors and then refused to pay ransom.

And it seems like they haven't informed patients and employees that their #PII or #PHI has been leaked on the dark web and clear net.

The incident hasn't shown up on #HHS's breach tool yet so we don't have total number affected yet.

#ransomware #databreach #infosec #cybersecurity #dataprotection #BianLian #transparency

Well done #Avast for releasing a free #decryptor for the #BianLian #ransomware strain to help victims of the malware recover locked files without paying the hackers 👏

#cybersecurity #infosec #malware

https://www.bleepingcomputer.com/news/security/avast-releases-free-bianlian-ransomware-decryptor/

Avast rilascia il decryptor per BianLian ransomware

La società di #software di sicurezza #Avast ha rilasciato un #decryptor gratuito per il #ransomware #BianLian. Il decryptor aiuta le vittime del #ransomware a recuperare i file bloccati senza trasferire denaro agli aggressori.

Il decryptor è #apparso circa sei mesi dopo l’aumento dell’attività del #ransomware BianLian. Nell’estate del 2022 il #ransomware è stato utilizzato in modo massiccio, infatti, diverse organizzazioni ben note sono state violate.

#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity

https://lnkd.in/d_k4CrMJ

#Avast researchers released a free #BianLian #ransomware decryptor for some variants of the #malware
https://securityaffairs.com/140892/malware/free-bianlian-ransomware-decryptor.html
#securityaffairs #hacking

St. Rose Hospital in Hayward, California posted by BianLian.

#cybersecurity #infosec #bianlian

The big names of hacker groups.

Check out the list of the most notorious hack groups of 2020.

https://cybernews.com/editorial/most-dangerous-ransomware-groups-of-2022/

#hackers #hackgroup #apt #bianlian #hive #lockbit #blackbasta #alphv #blackcat

The big names of hacker groups.

Check out the list of the most notorious hack groups of 2020.

cybernews.com/editorial/most…

#hackers #hackgroup #apt #bianlian #hive #lockbit #blackbasta #alphv #blackcat

#Bianlian has posted the #Australian real estate group as a victim to their leaksite.

#cybersecurity #infosec #auspol #Australia #ransomware #databreach #databreaches

I have been seeing A LOT of verified compromises circulating hacker forums because of #BlackCat, #LockBit, #HiveRansomware, #Mallox, #BlackBasta #RoyalRansomware, #BianLian, #CubaRansomware, #BloodyRansomwareGang, #RansomEXX - I'm talking multiple terabytes of data, hundreds of millions of account details, across pretty much every single sector. Most common method of infection? #BusinessEmailCompromise! Be super mindful of the links you click on, the attachments you download, and the sites you visit

Some of this week's work product. Turns out the #BianLian ransomware group uses a non-stripped version of the SHARPDEKE cryptor, so detection isn't so tricky. https://otx.alienvault.com/pulse/6388e4db68be767c63d84145

#BlueTeam #ThreatIntel #InfoSec #CyberSecurity

I'm doing some research into the #BianLian ransomware group, and I'd just like to thank the authors of the #Sharpdeke cryptor for not stripping the Go debug symbols. 🙏

#malware #InfoSec #CyberSecurity

Good article highlighting ongoing #ransomware threats involving U.S. #education entities over a holiday, when security teams are likely especially under-staffed or at least less focused: https://therecord.media/cincinnati-state-college-one-of-several-schools-added-to-ransomware-leak-sites-on-thanksgiving/

In total, ransomware operators publicly threatened five schools and colleges on extortion sites over the past week, the latest in a rising number of such threats involving higher & lower education over the past year. On top of the cases mentioned in the article, the #Hive & #BianLian ransomware groups each also threatened public K-12 school systems in the last week.

The news comes 10 days after the latest U.S. federal government #StopRansomware alert focused specifically on Hive, which has threatened a wide range of #criticalinfrastructure entities, including #healthcare orgs. The alert offered a great summary of the techniques & procedures associated with Hive. Here is a fantastic new blog highlighting detection engineering ideas around recent Hive behaviors: https://micahbabinski.medium.com/catching-a-wev-tutil-threat-detection-for-the-rest-of-us-f692f01efcd4

A fair amount of #TTP intelligence now exists around the other ransomware threatening education orgs last week and over the past year. I look forward to maintaining & expanding this dashboard which shows a combined visual currently covering the nine ransomware threatening schools since last year: https://app.tidalcyber.com/share/8d9f212a-0312-4c2f-bba5-85ab7c7224c6

Direct links to specific ransomware heatmaps:

#ViceSociety https://app.tidalcyber.com/share/5f23ef9e-52e1-4281-ba79-9e16fc0e5032
Hive https://app.tidalcyber.com/share/7d9960ec-8177-4c68-94b3-b2302ff26cbf
BianLian https://app.tidalcyber.com/share/b5e2dad3-ae63-4fc6-b601-f185e3fe1742
And some quick metrics and resources around the trend of ransomware extortion threats involving education orgs https://infosec.exchange/@IntelScott/109353926668530705