CDW possibly attacked, AvosLocker advisory, EPA rescinds water regs | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

LockBit claims attack on CDW

The tech giant CDW is investigating claims from LockBit regarding leaks of data along with an $80 million ransom. CDW is describing the incident as “an isolated IT security matter associated with data on a few servers dedicated solely to the internal support of Sirius Federal, a small U.S. subsidiary of CDW-G.” The announcement describes the servers as “non-customer-facing and isolated from the CDW network and other CDW-G systems.”

(Security Affairs)

The FBI and CISA publish joint advisory regarding AvosLocker ransomware

Updating a similar advisory published in March 2022, the announcement provides “known IOCs, TTPs, and detection methods associated with the AvosLocker ransomware variant employed in recent attacks.” AvosLocker is a ransomware-as-a-service operation which has expanded out to include Linux systems, specifically VMware ESXi servers, using “legitimate software and open-source remote system administration tools to compromise the victims’ networks.”

(Security Affairs)

EPA rescinds cyber regulations for water sector

The US Environmental Protection Agency has sent a letter to state drinking water authorities that it will be withdrawing its requirements to conduct cybersecurity audits of water utilities that had been announced in a memorandum issued in March. According to Cyberscoop, the EPA stated on Thursday that “litigation from Republican states and trade associations…raised questions about the long-term legal viability of the initiative to regulate the cybersecurity of water utilities.” Despite this withdrawal the EPA emphasized its commitment to encouraging cybersecurity in the water system, and organizations such as the American Water Works Association and the National Rural Water Association which were involved in the lawsuit, have “renewed their call for a collaborative approach to cybersecurity measures in the water sector.”


Kwik Trip suffers disruptions

The convenience store chain that operates in Michigan, Minnesota, and Wisconsin, as well as under the name Kwik Star in Illinois, Iowa, and South Dakota, says it is dealing with a “network incident” that has left employees “unable to receive new orders, accept payments using the Kwik Reward system, and access the company’s support systems,” as well as adversely impacting corporate offices’ email and phone systems. Although corporate communications from Kwik Trip are currently avoiding clarification of the incident, experts at Bleeping Computer see the timeline and type of IT outages as a likely ransomware attack.

(Bleeping Computer)

Huge thanks to this week’s episode sponsor, Vanta

Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta’s market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to to claim this discount

Microsoft phases out NTLM

The Windows NT LAN Manager, NTLM will be eliminated from Windows 11 in the near future in favor of bolstering its primary mechanism, Kerberos authentication protocol, which has been the default method for over two decades. NTLM was introduced in the 1990s, and Microsoft says it will focus instead on new features for Windows 11 such as Initial and Pass-Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center (KDC) for Kerberos.

(The Hacker News)

UK fines Equifax for 2017 data breach

Britain’s Financial Conduct Authority watchdog agency fined the UK arm of Equifax just over £11 million, about $13.6 million for “allowing hackers to access personal information of millions of people in 2017.” This case is separate from litigation and settlements that Equifax agreed to in the US in 2019. Instead, it focused on the fact that “Equifax Ltd, the firm’s U.K. business, exposed data because it outsourced processing to servers run by its U.S. parent, Equifax Inc.” Equifax Ltd was not aware that U.K. consumer data had been accessed “until 6 weeks after Equifax Inc had discovered the hack.” This case is also separate from one brought by Britain’s Information Commissioner’s Office in 2018 that fined Equifax Ltd £500,000 for violating data protection rules related to the 2017 incident.

(The Record)

Microsoft’s October Windows 10 security updates fail to install

In announcement released Friday, the company said it had “received reports of an issue where Windows updates released October 10, 2023 fail to install. Devices might initially display progress, but then fail to complete installation.” The impacted systems are Windows 10 21H2 and Windows 10 22H2, and the error code appears as 0x8007000d. Microsoft has provided a support page to help resolve the problem.

(Bleeping Computer and Microsoft)

Last week in ransomware

Last week saw an attack on Canadian flagship airline Air Canada with BianLian claiming responsibility. ALPHV announced it had attacked state courts across Northwest Florida. Simpson Manufacturing had to shut down its IT systems but has not confirmed the cause as being a ransomware attack. We also heard from the threat actor known as kapuchin0 releasing the source code for the first version of Hello Kitty ransomware, claiming to be developing a new one that will rival LockBit.

(Bleeping Computer and Cyber Security Headlines)


Click Here For The Original Source.

National Cyber Security