Plus: India-based ICICI bank leaks millions of private user data records
| Part of  Network | |
 Presented by  |
 March 2023 has broken the record for most ransomware attacks with 459. The number represents a 62% increase compared to the same period in 2022. More: - According to the report, the increase in ransomware attacks happened because hackers abused a security flaw tracked as CVE-2023-0669.
- CVE-2023-0669 is a vulnerability in Fortra's GoAnywhere MFT secure file transfer tool.
- The infamous Clop ransomware gang used this flaw to hack 130 companies within 10 days.
- The record in ransomware attacks is a continuation of the upward trend in the number of ransomware attacks deployed. The threat vector has been popular among hackers in the last three years.
- Clop performed 129 recorded attacks last month, topping NCC Group's graph with the most active ransomware gangs for the first time in its operational history.
Zoom Out: - Other ransomware groups that also deployed cyberattacks during March 2023 are:
- Royal ransomware,
- BlackCat Bianlian,
- Play,
- Blackbasta,
- Stormous,
- Medusa,
- and Ransomhouse.
- The most targeted sector in March 2023 was Industry, receiving 147 ransomware attacks, or 32% of all cases.
| |
The American Bar Association has been hacked by unknown threat actors. 1.4 million members may have had their data stolen due to the breach. More: - The ABA is the largest association of lawyers and legal professionals globally, with 166,000 members.
- Yesterday ABA began notifying members it had spotted illegal activity in its network on March 17, 2023, and that the threat actor may have gained access to members' login credentials.
- The breach is believed to have occurred on March 6.
- ABA stated the hacker has likely stolen usernames and hashed passwords that users may have had in previous versions of the ABA website.
| |
 A message from QA WOLF Automated QA as a Service: QA Wolf finds your bugs before they reach production Get human-verified bug reports in your ticketing system within minutes of running your test suite. Here’s how: QA Wolf gets you to 80% test coverage in 4 months. We build your automated end-to-end test suite and provide unlimited, parallel test runs on our infrastructure. Flaky test? We maintain it. Actual bug? It goes right into your ticketing system with a comprehensive bug report. Sounds too good to be true? We hear that a lot. That's why we offer a 90-day pilot and you can keep everything we create if you decide to part ways. Start a 90-day pilot
| |
GitHub has announced a slew of new security updates, including private vulnerability reporting. The company received 1,000 reports from security researchers since late 2022 as part of the testing process. More: - To use the private reporting feature, repository maintainers need to enable it in the Security section of their repository’s settings.
- Once the future is enabled, users can send bug reports to the maintainers and contact them privately.
- GitHub claims that the feature will help users who want to tell repository managers about different security flaws without risking making information public.
- In the announcement, the company mentions the administrators who manage JSON, which has 60 million downloads, as an example where a user tracked security flaws and had a difficult time communicating with them.
- Once that user utilized the new private reporting feature, it resulted in 11 million alerts that were then addressed.
| |
India-based ICICI bank has leaked millions of private user data records. The company operates in 15 countries globally. More: - The kind of information that has leaked includes:
- bank account details,
- bank statements,
- credit card numbers,
- full names,
- dates of birth,
- home addresses,
- phone numbers,
- emails,
- personal identification documents,
- and resumes that belong to employees and job candidates.
- In 2022, the ICICI Bank's resources were named critical information infrastructure by the Indian government, meaning that a cyberattack against the company would be classified as a national security risk.
- The leaked data is believed to have included other valuable data such as:
- clients' passports,
- IDs,
- bank statements, and Indian taxpayer identification numbers.
- The company, which was reportedly informed about this breach by security researchers, has yet to give details about the occurrence.
| |
Halcyon has raised a $50M Series A funding round to help companies prevent ransomware attacks. Dell Technologies was one of the lead investors. More: - Halcyon’s platform uses AI-backed pre-execution ransomware prevention to detect and block ransomware campaigns.
- The platform passes unknown but suspicious executables to the additional protection layers for further analysis.
- The company claims that its solution blocks most off-the-shelf, generic ransomware.
- Even if a ransomware campaign passes the second infection chain stage and infects the company, the Halycon platform tricks the ransomware into revealing the attack and prevents the campaign from dropping the payload.
- In addition to Dell Technologies, SYN Ventures and Corner Ventures were also investors.
| |
California-based Fletch has raised a $12.5M Series A funding round. The company claims it will double its number of customers this year. More: - Fletch offers a threat monitoring platform that provides companies with advice on how to approach incoming threats.
- The company aims to use this funding to invest in product development by adding AI features to the platform's core natural language processing engine, making the app easier to use, and growing its staff.
- This funding round was led by True Ventures, Alpha Edison, and angel investors who have experience at companies such as Twitter and Okta.
- The company is based in San Francisco.
| |
Quick Hits - Miro provides a collection of 300+ ready-made templates that give every team the ability to communicate, create, and collaborate in seconds.*
- Researchers have tracked what they claim is the first-ever using Kubernetes RBAC to create backdoors. The campaign is being used for crypto-jacking.
- A report from an Israeli security company says that the newly tracked GhostToken allows hackers to gain permanent and unremovable access to a victim's Google account.
- Business outsourcing company Capita has been hacked by the Black Basta ransomware group. The latter has placed the company on its list of breached victims.
- Focus your reps on the right deal at the right time. Read the report to see how revenue intelligence helps you find success now.*
*This is sponsored content.
| |
Upcoming events at Inside: - April 26 - The world's largest gathering that brings together all sides of the cryptocurrency, blockchain and Web3 community (Register Here) *
- April 27 - Inside.com Book Club - REWORK by 37signals (Register Here)
- May 02 - Inside Startups Coffee Break (Register Here)
*This is a sponsored listing.
| |
 |  | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. |   | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
QA Wolf gets web apps to 80% automated end-to-end test coverage in weeks, not years. | |
| 767 Bryant St. #203, San Francisco, CA 94107
Copyright © 2023 Inside.com | |
| |
