Arkwood Pond Social
  • FAQ
  • Login
Show Navigation
  • Public

    • Public
    • Groups
    • Recent tags
    • Popular
    • People

Conversation

Notices

  1. GeniusMusing (geniusmusing)'s status on Monday, 20-Dec-2021 13:09:16 UTC GeniusMusing GeniusMusing
    Remote profile options...
    Widely-Used Kronos Payroll Provider Down for "Weeks" Due to Ransomware Attack; Was Log4Shell Involved CPO Magazine
    https://nu.federati.net/url/284043

    >A major payroll provider used by thousands of businesses in the United States, including government agencies, is reporting that it expects to be down for “weeks” due to a devastating ransomware attack.
    >
    >Kronos, known to be used by several thousand companies ranging from Tesla to National Public Radio (NPR), had its Private Cloud service go offline on Monday. This element is central to its UKG Workforce Central, UKG TeleStaff, and Banking Scheduling Solutions services used to track employee hours and process paychecks. The company confirmed that it had discovered an ongoing ransomware attack on December 11 and had taken the services hosted in Kronos Private Cloud offline as part of its mitigation measures. Kronos did not give a timetable for recovery but said that it expects it to be at least several days, if not weeks, before the services are fully online again.
    >
    >Though it has not been confirmed, there is speculation that the notorious Log4Shell vulnerability was involved given that the Kronos cloud services are known to be built on Java to a great degree.
    >...
    Monday, 20-Dec-2021 13:09:16 UTC from nu.federati.net permalink
    • LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} repeated this.
    • LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Monday, 20-Dec-2021 13:23:21 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
      Remote profile options...
      in reply to
      Whoa, Nelly!

      I've heard of Kronos for years. There are lots of companies (and probably government agencies also) that have to be pooping their Pampers right now.
      Monday, 20-Dec-2021 13:23:21 UTC permalink
    • LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Monday, 20-Dec-2021 13:34:47 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
      Remote profile options...
      in reply to
      • LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
      > The company confirmed that it had discovered an ongoing ransomware attack on December 11 and had taken the services hosted in Kronos Private Cloud offline as part of its mitigation measures.

      They probably won't clarify (legal liability, etc), but it would be nice to know whether the ransomware attack came from one of their customers' accounts (that is, whether they've got insufficient isolation between customers' data) or a company internal source (that is, whether the entire organization's security posture needs reassessment).
      Monday, 20-Dec-2021 13:34:47 UTC permalink
    • LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1)'s status on Monday, 20-Dec-2021 13:41:35 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
      Remote profile options...
      in reply to
      • LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
      Also, was the ransomware already at the "hold your data hostage" stage, or did they discover it during distribution / spreading stage?
      Monday, 20-Dec-2021 13:41:35 UTC permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Arkwood Pond Social is a social network, courtesy of McCullaugh.com Network. It runs on GNU social, version 1.2.0-beta4, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Arkwood Pond Social content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.