home.social

#wiper — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #wiper, aggregated by home.social.

  1. ‘CanisterWorm’ Springs #Wiper Attack #Targeting #Iran

    A financially motivated data theft and #extortion group is attempting to inject itself into the #Iranwar , unleashing a #worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have #Farsi set as the default language.
    #security #CanisterWorm

    krebsonsecurity.com/2026/03/ca

  2. Parliamo del fonte cyber Iran-USA: Handala contro Stryker

    E' da un po' che non riuscivo a prendere del tempo per aggiornare questo blog e, visti gli avvenimenti che hanno determinato e stanno determinando la sicurezza nelle ultime settimane, riapro con un post sull'Iran. L’11 marzo 2026 Stryker, uno dei colossi mondiali della tecnologia medicale, ha scoperto cosa significa avere l’intero ambiente Microsoft trasformato in un kill‑switch remoto, azionato da un gruppo hacktivista filo‑iraniano che si firma Handala Hack e che l’intelligence […]

    insicurezzadigitale.com/parlia

  3. Breaking, new, by me: Iran-backed Hackers Claim Wiper Attack on Medtech Firm Stryker

    A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker's main U.S. headquarters says the company is currently experiencing a building emergency.

    From the story:

    "Wiper attacks usually involve malicious software designed to overwrite any existing data on infected devices. But a trusted source with knowledge of the attack who spoke on condition of anonymity told KrebsOnSecurity the perpetrators in this case appear to have used a Microsoft service called Microsoft Intune to issue a ‘remote wipe’ command against all connected devices."

    "Intune is a cloud-based solution built for IT teams to enforce security and data compliance policies, and it provides a single, web-based administrative console to monitor and control devices regardless of location. The Intune connection is supported by this Reddit discussion on the Stryker outage, where several users who claimed to be Stryker employees said they were told to uninstall Intune urgently."

    krebsonsecurity.com/2026/03/ir

    #stryker #handala #intune #wiper #cybersecurity

  4. Updated my post on the Anubis attack on Mid South Pulmonary Specialists after getting additional info from Anubis.

    It seems they used their wiper to delete all of MSPS's backups, and then encrypted all of their systems.

    That sounds pretty grim. MSPS has not posted anything (perhaps they can't) or issued any notice anywhere about whether patient care has been affected at all by any breach.

    databreaches.net/2025/12/07/th

    #HIPAA #healthsec #cybersecurity #databreach #ransomware #Anubis #wiper #backups #incidentresponse

    @campuscodi @amvinfe

  5. I commented on an attack on Trumbull County, Ohio, by Anubis that @amvinfe reported this week. I will continue to try to follow up, but in the meantime, I posted this:

    "Tell the truth, or someone will tell it for you — Trumbull County, Ohio edition."
    databreaches.net/2025/12/09/te

    #databreach #ransomware #wiper #govsec #incidentresponse #transparency #Anubis #Trumbull_County

  6. I commented on an attack on Trumbull County, Ohio, by Anubis that @amvinfe reported this week. I will continue to try to follow up, but in the meantime, I posted this:

    "Tell the truth, or someone will tell it for you — Trumbull County, Ohio edition."
    databreaches.net/2025/12/09/te

    #databreach #ransomware #wiper #govsec #incidentresponse #transparency #Anubis #Trumbull_County

  7. I commented on an attack on Trumbull County, Ohio, by Anubis that @amvinfe reported this week. I will continue to try to follow up, but in the meantime, I posted this:

    "Tell the truth, or someone will tell it for you — Trumbull County, Ohio edition."
    databreaches.net/2025/12/09/te

    #databreach #ransomware #wiper #govsec #incidentresponse #transparency #Anubis #Trumbull_County

  8. I commented on an attack on Trumbull County, Ohio, by Anubis that @amvinfe reported this week. I will continue to try to follow up, but in the meantime, I posted this:

    "Tell the truth, or someone will tell it for you — Trumbull County, Ohio edition."
    databreaches.net/2025/12/09/te

    #databreach #ransomware #wiper #govsec #incidentresponse #transparency #Anubis #Trumbull_County

  9. I commented on an attack on Trumbull County, Ohio, by Anubis that @amvinfe reported this week. I will continue to try to follow up, but in the meantime, I posted this:

    "Tell the truth, or someone will tell it for you — Trumbull County, Ohio edition."
    databreaches.net/2025/12/09/te

    #databreach #ransomware #wiper #govsec #incidentresponse #transparency #Anubis #Trumbull_County

  10. Anubis hasn't really had a lot of media coverage, but @amvinfe's post about the attack on Mid South Pulmonary & Sleep Specialists was a wake-up call for me. So I took a look at Anubis's dark web leak site and saw they added -- and leaked -- five U.S. healthcare entities in November.

    Given that they are not loath to encrypt and wipe victims' data... well... yikes.

    My post:
    databreaches.net/2025/12/07/th

    #databreach #ransomware #Anubis #HealthSec #cybersecurity #HIPAA #wiper

  11. HybridPetya – Ransomware omijający zabezpieczenie UEFI Secure Boot

    Badacze bezpieczeństwa z firmy ESET odkryli nowy wariant ransomware przypominający doskonale wszystkim znany Petya/NotPetya, rozszerzony o możliwość przejmowania systemów operacyjnych uruchamianych ze wsparciem UEFI. Malware wykorzystuje podatność CVE-2024-7344do ominięcia mechanizmu UEFI Secure Boot. W najnowszych systemach podatność ta została załatana, jednak schemat działania oprogramowania, tzn. wykorzystanie eksploitów na poziomie firmware...

    #WBiegu #Notpetya #Petya #Ransomware #Secureboot #Wiper

    sekurak.pl/hybridpetya-ransomw

  12. HybridPetya – Ransomware omijający zabezpieczenie UEFI Secure Boot

    Badacze bezpieczeństwa z firmy ESET odkryli nowy wariant ransomware przypominający doskonale wszystkim znany Petya/NotPetya, rozszerzony o możliwość przejmowania systemów operacyjnych uruchamianych ze wsparciem UEFI. Malware wykorzystuje podatność CVE-2024-7344do ominięcia mechanizmu UEFI Secure Boot. W najnowszych systemach podatność ta została załatana, jednak schemat działania oprogramowania, tzn. wykorzystanie eksploitów na poziomie firmware...

    #WBiegu #Notpetya #Petya #Ransomware #Secureboot #Wiper

    sekurak.pl/hybridpetya-ransomw

  13. HybridPetya – Ransomware omijający zabezpieczenie UEFI Secure Boot

    Badacze bezpieczeństwa z firmy ESET odkryli nowy wariant ransomware przypominający doskonale wszystkim znany Petya/NotPetya, rozszerzony o możliwość przejmowania systemów operacyjnych uruchamianych ze wsparciem UEFI. Malware wykorzystuje podatność CVE-2024-7344do ominięcia mechanizmu UEFI Secure Boot. W najnowszych systemach podatność ta została załatana, jednak schemat działania oprogramowania, tzn. wykorzystanie eksploitów na poziomie firmware...

    #WBiegu #Notpetya #Petya #Ransomware #Secureboot #Wiper

    sekurak.pl/hybridpetya-ransomw

  14. HybridPetya – Ransomware omijający zabezpieczenie UEFI Secure Boot

    Badacze bezpieczeństwa z firmy ESET odkryli nowy wariant ransomware przypominający doskonale wszystkim znany Petya/NotPetya, rozszerzony o możliwość przejmowania systemów operacyjnych uruchamianych ze wsparciem UEFI. Malware wykorzystuje podatność CVE-2024-7344do ominięcia mechanizmu UEFI Secure Boot. W najnowszych systemach podatność ta została załatana, jednak schemat działania oprogramowania, tzn. wykorzystanie eksploitów na poziomie firmware...

    #WBiegu #Notpetya #Petya #Ransomware #Secureboot #Wiper

    sekurak.pl/hybridpetya-ransomw

  15. HybridPetya – Ransomware omijający zabezpieczenie UEFI Secure Boot

    Badacze bezpieczeństwa z firmy ESET odkryli nowy wariant ransomware przypominający doskonale wszystkim znany Petya/NotPetya, rozszerzony o możliwość przejmowania systemów operacyjnych uruchamianych ze wsparciem UEFI. Malware wykorzystuje podatność CVE-2024-7344do ominięcia mechanizmu UEFI Secure Boot. W najnowszych systemach podatność ta została załatana, jednak schemat działania oprogramowania, tzn. wykorzystanie eksploitów na poziomie firmware...

    #WBiegu #Notpetya #Petya #Ransomware #Secureboot #Wiper

    sekurak.pl/hybridpetya-ransomw

  16. SentinelLabs discovered a new variant of AcidRain wiper targeting Ukraine, which they call AcidPour. Their analysis confirms the connection between AcidRain and AcidPour, connecting it to clusters previously publicly attributed to Russian military intelligence. The discovery coincides with the enduring disruption of multiple Ukrainian telecommunication networks since 13 March 2024. SentinelLabs provides a technical analysis, describes AcidPour features and lists IOC. 🔗 sentinelone.com/labs/acidpour-

    #AcidRain #AcidPour #wiper #malware #threatintel #IOC #Russia #Ukraine #RussiaUkraineWar

  17. SentinelLabs discovered a new variant of AcidRain wiper targeting Ukraine, which they call AcidPour. Their analysis confirms the connection between AcidRain and AcidPour, connecting it to clusters previously publicly attributed to Russian military intelligence. The discovery coincides with the enduring disruption of multiple Ukrainian telecommunication networks since 13 March 2024. SentinelLabs provides a technical analysis, describes AcidPour features and lists IOC. 🔗 sentinelone.com/labs/acidpour-

    #AcidRain #AcidPour #wiper #malware #threatintel #IOC #Russia #Ukraine #RussiaUkraineWar

  18. SentinelLabs discovered a new variant of AcidRain wiper targeting Ukraine, which they call AcidPour. Their analysis confirms the connection between AcidRain and AcidPour, connecting it to clusters previously publicly attributed to Russian military intelligence. The discovery coincides with the enduring disruption of multiple Ukrainian telecommunication networks since 13 March 2024. SentinelLabs provides a technical analysis, describes AcidPour features and lists IOC. 🔗 sentinelone.com/labs/acidpour-

    #AcidRain #AcidPour #wiper #malware #threatintel #IOC #Russia #Ukraine #RussiaUkraineWar

  19. SentinelLabs discovered a new variant of AcidRain wiper targeting Ukraine, which they call AcidPour. Their analysis confirms the connection between AcidRain and AcidPour, connecting it to clusters previously publicly attributed to Russian military intelligence. The discovery coincides with the enduring disruption of multiple Ukrainian telecommunication networks since 13 March 2024. SentinelLabs provides a technical analysis, describes AcidPour features and lists IOC. 🔗 sentinelone.com/labs/acidpour-

    #AcidRain #AcidPour #wiper #malware #threatintel #IOC #Russia #Ukraine #RussiaUkraineWar

  20. SentinelLabs discovered a new variant of AcidRain wiper targeting Ukraine, which they call AcidPour. Their analysis confirms the connection between AcidRain and AcidPour, connecting it to clusters previously publicly attributed to Russian military intelligence. The discovery coincides with the enduring disruption of multiple Ukrainian telecommunication networks since 13 March 2024. SentinelLabs provides a technical analysis, describes AcidPour features and lists IOC. 🔗 sentinelone.com/labs/acidpour-

    #AcidRain #AcidPour #wiper #malware #threatintel #IOC #Russia #Ukraine #RussiaUkraineWar

  21. Mayors' offices and courts in #Russia are under attack by #never-before-seen #malware that poses as #ransomware but is actually a #wiper that permanently destroys data on an #infected system...

    #Kaspersky #cybersecurity #CryWiper

    bit.ly/3ukF9fl