Jonkman Microblog
  • Login
Show Navigation

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. GeniusMusing (geniusmusing@nu.federati.net)'s status on Monday, 20-Dec-2021 08:09:16 EST GeniusMusing GeniusMusing
    Widely-Used Kronos Payroll Provider Down for "Weeks" Due to Ransomware Attack; Was Log4Shell Involved CPO Magazine
    https://nu.federati.net/url/284043

    >A major payroll provider used by thousands of businesses in the United States, including government agencies, is reporting that it expects to be down for “weeks” due to a devastating ransomware attack.
    >
    >Kronos, known to be used by several thousand companies ranging from Tesla to National Public Radio (NPR), had its Private Cloud service go offline on Monday. This element is central to its UKG Workforce Central, UKG TeleStaff, and Banking Scheduling Solutions services used to track employee hours and process paychecks. The company confirmed that it had discovered an ongoing ransomware attack on December 11 and had taken the services hosted in Kronos Private Cloud offline as part of its mitigation measures. Kronos did not give a timetable for recovery but said that it expects it to be at least several days, if not weeks, before the services are fully online again.
    >
    >Though it has not been confirmed, there is speculation that the notorious Log4Shell vulnerability was involved given that the Kronos cloud services are known to be built on Java to a great degree.
    >...
    In conversation Monday, 20-Dec-2021 08:09:16 EST from nu.federati.net permalink

    Attachments

    1. Invalid filename.
      Widely-Used Kronos Payroll Provider Down for "Weeks" Due to Ransomware Attack; Was Log4Shell Involved? - CPO Magazine
      from CPO Magazine
      Kronos, a payroll provider known to be used by several thousand companies ranging from Tesla to National Public Radio (NPR), had its Private Cloud service go offline due to a ransomware attack. There is speculation that the Log4Shell vulnerability was involved.
    1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Monday, 20-Dec-2021 08:23:21 EST lnxw48a1 lnxw48a1
      in reply to
      Whoa, Nelly!

      I've heard of Kronos for years. There are lots of companies (and probably government agencies also) that have to be pooping their Pampers right now.
      In conversation Monday, 20-Dec-2021 08:23:21 EST from nu.federati.net permalink
      1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Monday, 20-Dec-2021 08:34:47 EST lnxw48a1 lnxw48a1
        in reply to
        > The company confirmed that it had discovered an ongoing ransomware attack on December 11 and had taken the services hosted in Kronos Private Cloud offline as part of its mitigation measures.

        They probably won't clarify (legal liability, etc), but it would be nice to know whether the ransomware attack came from one of their customers' accounts (that is, whether they've got insufficient isolation between customers' data) or a company internal source (that is, whether the entire organization's security posture needs reassessment).
        In conversation Monday, 20-Dec-2021 08:34:47 EST from nu.federati.net permalink
        1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Monday, 20-Dec-2021 08:41:35 EST lnxw48a1 lnxw48a1
          in reply to
          Also, was the ransomware already at the "hold your data hostage" stage, or did they discover it during distribution / spreading stage?
          In conversation Monday, 20-Dec-2021 08:41:35 EST from nu.federati.net permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.