jon greig
LightNews LightNews
jgreig.bsky.social
jon greig
@jgreig.bsky.social
890 followers 280 following 610 posts
cybersecurity reporter for The Record.

formerly: zdnet, techrepublic, blavity, haitian times, cambodia daily
— send tips to jonathangreig11@protonmail.com or signal: jgreig.51
Posts Replies Media Videos
jgreig.bsky.social
Seems bad!

"The Mandiant investigation is now complete. Their findings confirm that the malicious activity – carried out by a state-sponsored threat actor. The incident is unrelated to ongoing global Akira ransomware attacks on firewalls and other edge devices."

www.sonicwall.com/blog/cloud-b...
www.sonicwall.com
November 5, 2025 at 6:57 PM
jgreig.bsky.social
Patch CVE-2025-59287 ASAP

therecord.media/wsus-vulnera...
CISA releases warning about Windows Server Update Service bug, orders agencies to patch
A “prior update did not fully mitigate" a flaw in Windows Server Update Service, CISA said in an alert to federal agencies and businesses
therecord.media
October 27, 2025 at 1:36 PM
jgreig.bsky.social
The countries that signed the controversial cybercrime treaty today in Hanoi include:

Vietnam, Maldives, Algeria, Australia, Azerbaijan, Belarus, Belgium, Brazil, Burkina Faso, Cambodia, Chile, China, Costa Rica, Cuba, Czech Republic, South Korea…

therecord.media/cybercrime-t...
US to attend UN cybercrime treaty signing in Hanoi despite industry concerns
After years of negotiations, officials from around the world will convene in Hanoi this weekend for the signing of the landmark UN cybercrime convention.
therecord.media
October 25, 2025 at 2:26 PM
Reposted by jon greig
jgreig.bsky.social
American Airlines subsidiary Envoy Air confirmed it was impacted by a recent Clop campaign targeting customers of Oracle's EBS application

Envoy Air said a “limited amount of business information and commercial contact details may have been compromised.”

therecord.media/regional-air...
Regional airline Envoy Air confirms Oracle E-Business Suite compromise
The regional American airline Envoy Air confirmed that its IT system was impacted by a recent hacking campaign targeting Oracle E-Business Suite.
therecord.media
October 17, 2025 at 3:08 PM
jgreig.bsky.social
American Airlines subsidiary Envoy Air confirmed it was impacted by a recent Clop campaign targeting customers of Oracle's EBS application

Envoy Air said a “limited amount of business information and commercial contact details may have been compromised.”

therecord.media/regional-air...
Regional airline Envoy Air confirms Oracle E-Business Suite compromise
The regional American airline Envoy Air confirmed that its IT system was impacted by a recent hacking campaign targeting Oracle E-Business Suite.
therecord.media
October 17, 2025 at 3:08 PM
Reposted by jon greig
ransomwaresommelier.com
Ransomware attack on Ohio county impacts over 45,000 residents, employees

via @jgreig.bsky.social & @therecordmedia.bsky.social
Ransomware attack on Ohio county impacts over 45,000 residents, employees
The hackers stole documents that had names, Social Security numbers, driver’s license numbers, financial account information, fingerprint data, medical information, passport numbers and more.
therecord.media
September 29, 2025 at 5:32 AM
Reposted by jon greig
ransomwaresommelier.com
No, not the old GoAnywhere exploitation, this is a new one!

Medusa ransomware used during exploitation of GoAnywhere file transfer bug, Microsoft says

via @jgreig.bsky.social & @therecordmedia.bsky.social
Medusa ransomware used during exploitation of GoAnywhere file transfer bug, Microsoft says
Cybercriminals are using the Medusa ransomware strain during exploitation of a vulnerability in Fortra's GoAnywhere file transfer tool.
therecord.media
October 7, 2025 at 12:42 PM
Reposted by jon greig
ransomwaresommelier.com
To quote Sonny & Cher, “And the beat goes on…”

Houston suburb says some online services taken down by cyberattack

via @jgreig.bsky.social & @therecordmedia.bsky.social
Houston suburb says some online services taken down by cyberattack
Officials in Sugar Land, Texas, said a cyberattack has impacted some online services.
therecord.media
October 13, 2025 at 1:07 PM
Reposted by jon greig
jgreig.bsky.social
CISA told reporters today that there are thousands of potentially vulnerable F5 devices across the federal government

F5 and CISA won't say what nation is behind the attack on the company. Source code and unreported bugs were among the things stolen

therecord.media/cisa-directi...
CISA warns of ‘significant’ threat to federal networks after nation-state hackers stole F5 source code, undisclosed bug info
The emergency directive orders all agencies to apply the latest updates for all at-risk F5 virtual and physical devices and downloaded software by October 22.
therecord.media
October 15, 2025 at 6:35 PM
Reposted by jon greig
ransomwaresommelier.com
CISA warns of ‘significant’ threat to federal networks after nation-state hackers stole F5 source code, undisclosed bug info

via @jgreig.bsky.social & @therecordmedia.bsky.social
CISA warns of ‘significant’ threat to federal networks after nation-state hackers stole F5 source code, undisclosed bug info
The emergency directive orders all agencies to apply the latest updates for all at-risk F5 virtual and physical devices and downloaded software by October 22.
therecord.media
October 16, 2025 at 2:34 PM
jgreig.bsky.social
CISA told reporters today that there are thousands of potentially vulnerable F5 devices across the federal government

F5 and CISA won't say what nation is behind the attack on the company. Source code and unreported bugs were among the things stolen

therecord.media/cisa-directi...
CISA warns of ‘significant’ threat to federal networks after nation-state hackers stole F5 source code, undisclosed bug info
The emergency directive orders all agencies to apply the latest updates for all at-risk F5 virtual and physical devices and downloaded software by October 22.
therecord.media
October 15, 2025 at 6:35 PM
jgreig.bsky.social
Harvard University confirmed that it was impacted by a recent campaign that exploited a vulnerability involving Oracle’s E-Business Suite (EBS) system

The incident “impacts a limited number of parties associated with a small administrative unit.”

therecord.media/harvard-says...
Harvard says ‘limited number of parties’ impacted by breach linked to Oracle zero-day
Harvard University said a recent incident that is impacting Oracle E-Business Suite customers impacted a "limited number of parties associated with a small administrative unit."
therecord.media
October 14, 2025 at 3:04 PM
jgreig.bsky.social
Federal agencies have about 24 hours to patch two critical bugs in a line of Cisco firewalls

patch CVE-2025-30333 and CVE-2025-20362 asap

therecord.media/cisco-asa-fi...
Federal agencies given one day to patch exploited Cisco firewall bugs
Vulnerabilities in some models of Cisco's Adaptive Security Appliances (ASA) have been exploited by "an advanced threat actor," according to a warning from CISA.
therecord.media
September 25, 2025 at 6:51 PM
Reposted by jon greig
ransomwaresommelier.com
Future of CVE Program in limbo as CISA, board members debate path forward

via @jgreig.bsky.social & @therecordmedia.bsky.social
Future of CVE Program in limbo as CISA, board members debate path forward
Last week, CISA released two documents explaining their plans for the CVE Program — a critical cybersecurity resource used globally to catalog thousands of software and hardware bugs.
therecord.media
September 22, 2025 at 12:08 PM
jgreig.bsky.social
We are ruled by some of the dumbest people

"Senate aides echoed concerns that cybersecurity industry stakeholders have also shared with Axios: That Paul is conflating CISA the agency with the information-sharing program, which shares the same acronym."

www.axios.com/2025/09/19/c...
Rand Paul's last-minute demands push key cybersecurity law to the brink
Congressional aides say Paul hasn't been open to negotiations.
www.axios.com
September 23, 2025 at 8:39 PM
jgreig.bsky.social
The DOJ said Jubair and other Scattered Spider members extorted more than $115 million in ransoms from dozens of victims since 2022

He's also allegedly behind a breach of the U.S. federal court network

therecord.media/scattered-sp...
DOJ: Scattered Spider took $115 million in ransoms, breached a US court system
The Scattered Spider cybercriminal operation was able to extort at least $115 million in a three-year spree that also included the breach of a federal court network, U.S. authorities said in unsealing...
therecord.media
September 19, 2025 at 8:15 PM
jgreig.bsky.social
Debate is raging over the CVE Program as current board members and CISA vie for control following the April 2025 funding fiasco at DHS

therecord.media/cve-program-...
Future of CVE Program in limbo as CISA, board members debate path forward
Last week, CISA released two documents explaining their plans for the CVE Program — a critical cybersecurity resource used globally to catalog thousands of software and hardware bugs.
therecord.media
September 19, 2025 at 8:12 PM
jgreig.bsky.social
BreachForums founder and lead administrator Conor Fitzpatrick was given a new three-year prison sentence on Tuesday after a three-judge panel in January vacated a controversial district court decision that set him free after just 17 days in prison

therecord.media/conor-fitzpa...
BreachForums administrator given three-year prison stint after resentencing
Conor Fitzpatrick, aka BreachForums founder "pompompurin," will spend three years in prison after a court vacated an earlier decision to set him free on supervised release.
therecord.media
September 16, 2025 at 7:36 PM
Reposted by jon greig
ransomwaresommelier.com
Ransomware gang takedowns causing explosion of new, smaller groups

via @jgreig.bsky.social & @therecordmedia.bsky.social
Ransomware gang takedowns causing explosion of new, smaller groups
The ransomware ecosystem continues to splinter, with new gangs proliferating in the wake of law enforcement takedowns that have scattered affiliates and prompted criminal rebrands.
therecord.media
August 29, 2025 at 5:40 PM
Reposted by jon greig
jwarminsky.bsky.social
Here's @jgreig.bsky.social explaining why a problem with one cloud platform is drawing the attention of other, more famous cloud platforms. If your thought is, "everyone appears to be a customer of everyone else," you might be right.

therecord.media/salesloft-dr...
Cloudflare, Zscaler among companies impacted by Salesloft Drift incident
Multiple tech firms have publicly detailed how incidents involving the third-party Salesloft Drift tool have exposed customer data.
therecord.media
September 3, 2025 at 1:52 PM
Reposted by jon greig
ransomwaresommelier.com
Cloudflare, Zscaler among companies impacted by Salesloft Drift incident

via @jgreig.bsky.social & @therecordmedia.bsky.social
Cloudflare, Zscaler among companies impacted by Salesloft Drift incident
Multiple tech firms have publicly detailed how incidents involving the third-party Salesloft Drift tool have exposed customer data.
therecord.media
September 4, 2025 at 4:49 PM
Reposted by jon greig
ransomwaresommelier.com
😔 - thousands of people having data leaked almost isn’t a story any more.

Major blood center says thousands had data leaked in January ransomware attack

via @jgreig.bsky.social & @therecordmedia.bsky.social
Major blood center says thousands had data leaked in January ransomware attack
New York Blood Center submitted documents to regulators in Maine, Texas, New Hampshire and California that confirmed the cyberattack, which they said was first discovered on January 26.
therecord.media
September 10, 2025 at 7:09 AM
Reposted by jon greig
alexmartin.bsky.social
The SwissBorg platform said about $41 million worth of cryptocurrency was stolen during a cyber incident affecting a partner company this week. In an update on Tuesday, the company pledged to make all affected customers whole and said it is still investigating the incident.

✍️ @jgreig.bsky.social
European crypto platform SwissBorg to reimburse users after $41 million theft
Nearly 200,000 Solana coins were stolen from SwissBorg, or about 2% of its assets, according to the platform's CEO. The company pledged to pay users back.
therecord.media
September 10, 2025 at 12:42 PM
Reposted by jon greig
ransomwaresommelier.com
Confession: I can’t hear LockerGogo without hearing Lady Gaga, I guess I don’t have a poker face about it.

Ukrainian national charged with helping run LockerGoga, MegaCortex and Nefilim ransomware

Via @jgreig.bsky.social & @therecordmedia.bsky.social
Ukrainian national charged with helping run LockerGoga, MegaCortex and Nefilim ransomware
Volodymyr Tymoshchuk, currently a fugitive, was an administrator for multiple ransomware strains, including LockerGoga, said U.S. prosecutors in unsealing an indictment against the Ukrainian national.
therecord.media
September 10, 2025 at 4:48 PM
Reposted by jon greig
ransomwaresommelier.com
Vietnam, Panama governments suffer incidents leaking citizen data

via @jgreig.bsky.social & @therecordmedia.bsky.social
Vietnam, Panama governments suffer incidents leaking citizen data
Vietnam's credit information bureau and Panama's finance ministry are each responding to apparent data breaches claimed by high-profile cybercrime groups.
therecord.media
September 13, 2025 at 4:04 PM