Weekly News Wrap-up
Cybersecurity News: October 4, 2021
Cyber Second Only to Climate Change as Biggest Global Risk
Infosecurity Magazine, Phil Muncaster
“The percentage of experts ranking it among their top five risks increased significantly from 51% last year to 61% in 2021, with only a quarter (26%) believing that governments are prepared for cybersecurity risks — a figure unchanged since 2019.” Read More
Trucking giant Forward Air reports ransomware data breach
Bleeping Computer, Lawrence Abrams
“An SEC filing by Forward Air states that the company lost $7.5 million of less than load (LTL) freight revenue ‘primarily because of the Company’s need to temporarily suspend its electronic data interfaces with its customers.” Read More
CISA: Wide Exploitation of New VMware vCenter Server Flaw Likely
Dark Reading, Jai Vijayan
“Nearly every business operates virtual machines and if I have root access, I could ransom every machine in that environment or steal the data on those virtual machines with relative ease.” Read More
UCSD Health sued by breach victims after undetected email hack
SC Magazine, Jessica Davis
“…victims claim the incident was caused by employees responding to malicious emails. In doing so, the attackers gained access to the network and proliferated, undetected across connected devices for months ‘as the organization had inadequate security controls in place to monitor for unusual and irregular activity.'” Read More
Complex New SMS Malware Discovered
Infosecurity Magazine, Sarah Coble
“The malware has been given the moniker TangleBot because of its many levels of obfuscation and control over a myriad of entangled device functions, including contacts, SMS and phone capabilities, call logs, internet access, and camera and microphone.” Read More
Cybersecurity News: September 27, 2021
US Eye-Care Providers Report Data Breaches
Infosecurity Magazine, Sarah Coble
“Information impacted by the incident may have included names, medical histories, treatment or diagnosis information, and health insurance information.” Read More
CISA, FBI, NSA Warn of Increase in Conti Ransomware Attacks
Dark Reading
“CISA and FBI have observed Conti actors using Router Scan, a penetration testing tool, to maliciously scan for and brute force routers, cameras, and network-attached storage devices with web interfaces.” Read More
US sanctions cryptocurrency exchange used by ransomware gangs
Bleeping Computer, Sergiu Gatlan
“This move is designed to disrupt the main channel used by ransomware operations to collect ransom payments from their victims, which…amounted to over $400 million last year, more than four times when compared to 2019.” Read More
New Cooperative’s Ransomware Attack Underscores Threat to Food & Agriculture
Dark Reading, Kelly Sheridan
“When we couple the complexity of the food and agriculture industry with the real-world impact these organizations have on the public on a daily basis, it makes them a valuable potential target for cyberattacks, and more specifically ransomware.” Read More
TTEC hit with ransomware attack, hampering work for major clients
ZD Net, Jonathan Greig
“Ransomware groups typically target organizations with large customer bases that rely on services or a product, knowing it hinders business and creates a trickle-down impact on all customers….” Read More
Cybersecurity News: September 20, 2021
Ransomware encrypts South Africa’s entire Dept of Justice network
Bleeping Computer, Ionut Ilascu
“[The attack] has led to all information systems being encrypted and unavailable to both internal employees as well as members of the public. As a result, all electronic services provided by the department are affected, including the issuing of letters of authority, bail services, e-mail and the departmental website.” Read More
Phishers impersonate US DOT to target contractors after Senate passed $1 trillion infrastructure bill
ZDNet, Jonathan Greig
“The phishers made their website look legitimate by copying the HTML and CSS from the real USDOT website. They even included a real warning on the government site about making sure users check that sites are legitimate US government websites.” Read More
Unsecured fitness app database leaks 61M records, highlights health app privacy risks
SC Magazine, Jessica Davis
“Overall, the researchers found at least 23 million Health users have been exposed…. And all 30 of the assessed apps were vulnerable to broken object level authorization (BOLA) attacks, posing tangible risks to the health data collected and stored within the platforms.” Read More
Israeli spyware firm targeted Apple devices via iMessage, researchers say
The Guardian, Stephanie Kirchgaessner
“Researchers said the speed with which Apple was seeking to fix the vulnerability to its operating system, which in effect has allowed the latest iPhones and operating systems to be vulnerable to attack by NSO Group’s government clients, underscored the “absolute seriousness” of their findings.” Read More
MyRepublic discloses data breach exposing government ID cards
Bleeping Computer, Lawrence Abrams
“Using stolen utility bills and National Registration Identity Cards (NRICs), it may be possible for threat actors to open accounts or receive credit under an exposed customer’s name.” Read More
Cybersecurity News: September 13, 2021
Hackers leak passwords for 500,000 Fortinet VPN accounts
Bleeping Computer, Lawrence Abrams
“This leak is a serious incident as the VPN credentials could allow threat actors to access a network to perform data exfiltration, install malware, and perform ransomware attacks.” Read More
Hackers Steal Data from United Nations
Infosecurity Magazine, Sarah Coble
“It has been theorized that the username and password used in the cyber-attack were purchased from a website on the dark web. ‘The actor conducted the intrusion with the goal of compromising large numbers of users within the UN network for further long-term intelligence gathering.” Read More
Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)
Helpnet Security, Zeljka Zorz
“An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document.” Read More
Personal data of 8,700 French visa applicants exposed in cyberattack
Silicon Republic, Blathnaid O’Dea
“Personal details including passport numbers, birth dates and addresses of 8,700 people were exposed and some details may have been stolen.” Read More
US Cyber Command Warns of Ongoing ‘Mass Exploitation’ of Critical Confluence Vulnerabilities
Dark Reading
“Atlassian on Aug. 25 issued an update for the remote code execution flaw, but attackers appear to be winning the race with organizations that have not yet applied the patch.” Read More
Cybersecurity News: September 6, 2021
‘ProxyToken’ Flaw Heightens Concerns Over Security of Microsoft Exchange Server
Dark Reading, Jai Vijayan
“System administrators should carefully monitor their Exchange servers for unusual activity or network traffic.” Read More
Fired NY credit union employee nukes 21GB of data in revenge
Bleeping Computer, Sergiu Gatlan
“”The wiped [data] included files related to customers’ mortgage loan applications and the financial institution’s anti-ransomware protection software.” Read More
Afghanistan’s reported data breach has life-and-death consequences
Fast Company, Margaret Hu
“Many Afghans fear that the identity documents and databases storing personally identifiable data could be transformed into death warrants in the hands of the Taliban.” Read More
This nasty new email scam tricks victims into calling the fraudsters
Tech Radar, Sead Fadilpašić
“Once the victim takes the bait and rings the number, the attackers will try to extract any valuable or personal information over the phone, or try to have the victim install malware.” Read More
Microsoft Azure Cloud Vulnerability Exposed Thousands of Databases
Dark Reading, Robert Lemos
“This flaw allowed its researchers to access the primary database keys of other organizations using Jupyter Notebooks in Azure. Coca-Cola, Kohler, Rolls-Royce, Siemens, and Symantec all had database keys exposed, researchers found.” Read More
Cybersecurity News: August 30, 2021
Hackers Release Data Trove From Belarus in Bid to Overthrow Lukashenko Regime
Bloomberg, Ryan Gallagher
“They hacked most of the main police database, and they downloaded all information, including information from the security service wiretapping department, the most secret department of our police.” Read More
A new NSO zero-click attack evades Apple’s iPhone security protections, says Citizen Lab
Tech Crunch, Zack Whittaker
“But the hacks also circumvent a new software security feature built into all versions of iOS 14, dubbed BlastDoor, which is supposed to prevent these kinds of device hacks by filtering malicious data sent over iMessage.” Read More
FBI Issues Advisory on ‘OnePercent’ Ransomware Group
Dark Reading, Jai Vijayan
“A continued failure to respond or to make the ransom payment within the stipulated time frame results in the attacker releasing a portion of the stolen data — a ‘one percent leak’ — as proof of intent and capability.” Read More
38M Records Exposed via Microsoft Power Apps Misconfiguration
Dark Reading
“If the correct configurations are not set and the OData feed is enabled, then list data can be freely accessed by anonymous users.” Read More
AT&T denies data breach after hacker auctions 70 million user database
Bleeping Computer, Lawrence Abrams
“The threat actor…began selling this database yesterday on a hacking forum with a starting price of $200,000 and incremental offers of $30,000. The hacker states that they are willing to sell it immediately for $1 million.” Read More
Cybersecurity News: August 23, 2021
Ransomware Attacker Offers Employees a Cut if They Install DemonWare on Their Organization’s Systems
Dark Reading, Kelly Jackson Higgins
“I don’t know how successful it will be at the end of the day, but they are not looking at a high success rate…They want to make enough money to make the ROI.” Read More
Hackers who breached T-Mobile stole personal data for ~49 million accounts
ARS Technica, Dan Goodin
“The haul includes customers’ first and last names, date of birth, SSN, and driver’s license/ID information …. The unknown hackers obtained the same data from more than 40 million records belonging to former or prospective customers who had previously applied for credit with T-Mobile.” Read More
Small companies make good targets for cybercriminals
Beta News, Clive Madders
“Their defences are very likely vulnerable, offering a soft target to cybercriminals…with 61 percent of SMBs reporting being victim to at least one cyber attack in the past year.” Read More
Secret terrorist watchlist with 2 million records exposed online
Bleeping Computer, Ax Sharma
“Such databases are regarded as highly sensitive in nature, considering the vital role they play in aiding national security and law enforcement tasks.” Read More
US Agencies Ordered to Pinpoint Critical Software
Infosecurity Magazine, Sarah Coble
“The federal government must improve its efforts to detect, identify, deter, protect against, and respond to these campaigns and their perpetrators.” Read More
Cybersecurity News: August 16, 2021
Microsoft confirms another Windows print spooler zero-day bug
Bleeping Computer, Lawrence Abrams
“An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” Read More
Data Breach at Georgia Health System
Infosecurity Magazine, Sarah Coble
“SJ/C employees had to revert to downtimes procedures such as using pens and paper to complete documentation. While the incident led to EHR downtime, imaging, primary care, surgery, and special physician appointments were unaffected.” Read More
Hackers netting average of nearly $10,000 for stolen network access
ZD Net, Jonathan Greig
“The most common features of these sales are RDP credentials and VPN credentials, both of which are being used considerably more due to the pandemic.” Read More
One million stolen credit cards leaked to promote carding market
Bleeping Computer, Lawrence Abrams
“At present, the feedback returned to our analysis team is still limited, but they are showing an incidence close to 50% of cards still operational, not yet identified as compromised.” Read More
Millions of Senior Citizens’ Personal Data Exposed by Misconfiguration
Infosecurity Magazine, James Coker
“[The misconfigured bucket] contained more than one million files and 182GB of data, none of which was encrypted and did not require a password or login credentials to access.” Read More
Cybersecurity News: August 9, 2021
New phishing campaign lures victims with compromised SharePoint website
IT Pro, Rene Millman
“The lure email pretends to be a “file share” request to access some so-called ‘Staff Reports,’ ‘Bonuses,’ ‘Pricebooks,’ and other content hosted in a supposed Excel spreadsheet.” Read More
Average Cost to Buy Access to a Compromised Company: $1,000
Dark Reading, Robert Lemos
“We think it means that the initial access brokers, the most successful ones, they found more ready buyers and so they are trading in private conversations, which is harder to be tracked by researchers.” Read More
Chinese Hackers Compromised Telecom Companies, Researchers Say
Bloomberg, Ryan Gallagher
“”…the hackers had obtained ‘the holy grail of espionage,’ by gaining total control of the telecommunication networks they penetrated.” Read More
This Android malware steals your data in the most devious way
BGR, Andy Meek
“For the first time…we are seeing an Android banking Trojan that has screen recording and keylogging as (the) main strategy to harvest login credentials in an automated and scalable way.” Read More
Chipotle email marketing hacked to send phishing emails
TechRadar, Anthony Spadafora
“Many of the emails sent out from the hacked Mailgun account led users to a fake Microsoft login page with the aim of harvesting their credentials.” Read More
Cybersecurity News: August 2, 2021
US Government Unlikely to Ban Ransomware Payments
Dark Reading, Robert Lemos
“[I]f you ban ransom payments, now you are putting US companies in a position of another extortion, which is being blackmailed for paying the ransom and not sharing that [information] with authorities. It is a really complicated conversation…” Read More
Average organization targeted by over 700 social engineering attacks each year: report
ZDNet, Jonathan Greig
“Targeting lower level employees offers [attackers] a way to get in the door and then work their way up to higher value targets. That’s why it’s important to make sure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked.” Read More
UC San Diego Health discloses data breach after phishing attack
Bleeping Computer, Sergiu Gatlan
“The attackers may have accessed or acquired the personal information of patients, employees, and students between December 2, 2020, and April 8, 2021, after breaching the email accounts in a phishing attack.” Read More
Cloud mishaps will worsen in the year ahead, say majority of security pros
SC Magazine, Steve Zurier
“The cloud adds much more resiliency to organizations’ infrastructure, but the drawback is the loss of visibility and control. From a detection standpoint, there’s no view into what happens inside a data center.” Read More
Officials who are US allies among targets of NSO malware, says WhatsApp chief
The Guardian, Stephanie Kirchgaessner
“This should be a wake up call for security on the internet … mobile phones are either safe for everyone or they are not safe for everyone.” Read More