Cyber resilience news from last week

Here is a summary of some of the major events:

• Colt Technology Services: The UK-based telecommunications company, Colt, experienced a ransomware attack that resulted in a multi-day outage of some of its services, including hosting and its online platforms. The Warlock ransomware gang claimed responsibility, asserting they stole over a million documents. Security researchers suggest the attack may have exploited a Microsoft SharePoint vulnerability.
• Workday Data Breach: Workday, a provider of human resources software, confirmed that some customer information was compromised in a social engineering attack. This incident is part of a broader campaign by the ShinyHunters threat group targeting companies' Salesforce instances by impersonating IT support staff via voice phishing. Other companies affected by this campaign include Air France and KLM.
• Manpower Data Breach: Staffing giant Manpower disclosed a data breach that affected nearly 145,000 individuals. The incident, which occurred in late 2024 but was disclosed this past week, was caused by a ransomware attack.
• US Justice Department Takedown: In a significant law enforcement action, the U.S. Department of Justice announced coordinated actions against the BlackSuit (Royal) ransomware group. This operation included the seizure of servers, domains, and over $1 million in cryptocurrency, dealing a critical blow to the group's infrastructure.
• N-able Vulnerabilities: Security researchers identified hundreds of internet-exposed N-able N-central instances that are unpatched and vulnerable to two recently disclosed exploits. These vulnerabilities, which N-able has since patched, have been added to CISA's catalog of known exploited vulnerabilities, making them a high-priority threat for ransomware actors.