Major airline technology provider Accelya which counts American Airlines, Delta, and British Airways as some of its clients had some of its servers compromised by the ALPHV ransomware gang, also known as BlackCat, reports The Record, a news site by cybersecurity firm Recorded Future.
Some of the data allegedly stolen from Accelya, including emails and worker contracts, have already been leaked by ALPHV ransomware last week, with the transport technology service provider still verifying the exposed data. However, Accelya has already enlisted third-party experts to prevent the ransomware from compromising other systems.
"Our forensic investigators confirmed it was limited to a contained portion of our overall environment. We have no evidence to indicate that the malware could have moved laterally from our systems to our customers environments," said an Accelya spokesperson.
Prior to the Accelya attack, ALPHV ransomware has most recently compromised two Luxembourg energy firms, as well as Bandai Namco.
Operations of California's Solano Partner Libraries and St. Helena, or SPLASH, continue to be interrupted weeks after the county's library network was targeted by a ransomware attack earlier this month, StateScoop reports.
Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.
Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.