1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Christmas bonuses could be delayed after HR and payroll giant Kro

    From TechnologyDaily@1337:1/100 to All on Tue Dec 14 12:30:04 2021
    Christmas bonuses could be delayed after HR and payroll giant Kronos hit by ransomware attack

    Date:
    Tue, 14 Dec 2021 12:14:13 +0000

    Description:
    Kronos warns it could take weeks to fully restore services.

    FULL STORY ======================================================================

    Top American payroll service provider Kronos has suffered a major ransomware attack possibly caused by the increasingly notorious Log4Shell flaw.

    The company revealed an attack had taken down services using the Kronos Private Cloud - namely Kronos' UKG Workforce Central, UKG TeleStaff, and Banking Scheduling Solutions services.

    As we previously communicated, late on Saturday, December 11, 2021,we became aware of unusual activity impacting UKG solutions using Kronos Private Cloud. We took immediate action to investigate and mitigate the issue, and have determined that this is a ransomware incident, wrote Kronos representative
    Leo Daley. Weeks of delay

    At this time, we are not aware of an impact to UKG Pro, UKG Ready, UKG Dimensions, or any other UKG products or solutions, which are housed in separate environments and not in the Kronos Private Cloud, Daley added, further saying that it may take up to several weeks to restore system availability.

    We strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions, Daley concluded.

    Even though the companys representatives did not confirm that the ransomware came as a result of Log4Shell, they didnt decline, either, further fueling speculation. Log4Shell

    Log4Shell is the name of the recently discovered Log4j vulnerability, which
    is already being dubbed as the most serious threat ever seen. It is a
    zero-day endpoint vulnerability in the popular Java logging framework, with enormous potential. It allows malicious actors to run virtually any code, and with the skillset needed to use it very low, experts are urging companies to patch up immediately.

    The flaw is being compared to the 2017 Equifax hack, where the personal data of almost 150 million people was exposed.

    Organizations using Log4j in their software should upgrade it to the latest 2.15 version immediately which is available from Maven Central .

    Kronos cloud services rely heavily on Java, the software framework that Log4J is based on, Arstechnica reported. You might want to check out our list of
    the best firewalls right now

    Via: Arstechnica



    ======================================================================
    Link to news story: https://www.techradar.com/news/christmas-bonuses-could-be-delayed-after-hr-and -payroll-giant-kronos-hit-by-ransomware-attack/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)