Weekly News Wrap-up
Cybersecurity News: July 26, 2021
Cybercriminals leak medical data of Humana customers online
Techradar, Anthony Spadafora
“Additionally, the database may also contain API calls to various functions that include private API keys that cybercriminals could utilize to access other online services used by Humana or even its partners.” Read More
Patch now: Linux file system security hole, dubbed Sequoia, can take over systems
ZDNet, Steven J. Vaughan-Nichols
“‘If an unprivileged local attacker creates, mounts, and deletes a deep directory structure whose total path length exceeds 1GB…then’ through a series of other maneuvers you can write to out of bounds memory. And, with that, you can corrupt data, crash the system, or, worst of all, execute unauthorized code.” Read More
Study finds 97% of cloud apps used in the enterprise are shadow IT
SC Magazine, Steve Zurier
“[Enterprises] should favor a security architecture that provides context for apps, cloud services, and web-user activity, and that applies zero-trust controls to protect data wherever and however it’s accessed.” Read More
Amazon kicks NSO Group off its cloud service after spying reports
Cnet, Laura Hautala
“If you don’t do anything to stop the sale of this technology, it’s not just going to be 50,000 targets. It’s going to be 50 million targets, and it’s going to happen much more quickly than any of us expect.” Read More
Revealed: leak uncovers global abuse of cyber-surveillance weapon
The Guardian, Stephanie Kirchgaessner, et al.
“the broad array of [phone] numbers in the list belonging to people who seemingly have no connection to criminality suggests some NSO clients are breaching their contracts with the company, spying on pro-democracy activists and journalists investigating corruption, as well as political opponents and government critics.” Read More
Cybersecurity News: July 19, 2021
US State Department offering $10 million reward for state-backed hackers
ZDNet, Jonathan Greig
“The measure is aimed squarely at those participating in malicious cyber activities against US critical infrastructure…. In addition to ransomware, the notice mentions a number of other cyber violations and notes that it applies to government computers as well as those used in or affecting interstate or foreign commerce or communication.” Read More
Google: Russian Hackers Used LinkedIn to Deliver iPhone-Based Attack
PC Magazine UK, Michael Kan
“In this campaign, attackers used LinkedIn Messaging to target government officials from western European countries by sending them malicious links. If the target visited the link from an iOS device, they would be redirected to an attacker-controlled domain that served the next stage payloads.” Read More
These Iranian hackers posed as academics in a bid to steal email passwords
ZDNet, Danny Palmer
“…the campaign also compromised a university-affiliated website in an effort to deliver personalised credential harvesting pages to targets, under the guise of inviting them to speak in a webinar on Middle Eastern issues.” Read More
Fashion retailer Guess discloses data breach after ransomware attack
Bleeping Computer, Sergiu Gatlan
“The investigation determined that Social Security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired.” Read More
Kaseya was warned about security flaws years ahead of ransomware attack
Engadget, Jon Fingas
“Employees reportedly complained that Kaseya was using old code, implemented poor encryption and even failed to routinely patch software.” Read More
Cybersecurity News: July 12, 2021
New Trojan malware steals millions of login credentials
TechRadar, Mayank Sharma
“In all, the unnamed malware managed to siphon away 1.2 terabytes of personal data including over a million unique email addresses, over two billion cookies, and more than six million other files.” Read More
Report shines light on REvil’s depressingly simple tactics: Phishing, credential-stuffing RDP servers… the usual
The Register, Gareth Halfacree
“The methods chosen by the group to gain access to the target systems are depressingly simple, Martineau’s report claimed, with the most common methods being as simple as sending a phishing message or attempting to log in to Remote Desktop Protocol (RDP) servers using previously-compromised credentials.” Read More
Phishing attack targets DocuSign and SharePoint users
SC Magazine, Steve Zurier
“…the researchers said most of the emails use COVID-19 as a way to dupe users into clicking on a bogus document. For example, the email will ask the user to review a ‘Covid 19 relief fund as approved by the board of directors.'” Read More
Dominion National reaches $2M settlement over nine-year data breach
SC Magazine, Jessica Davis
“The compromised information was highly sensitive and varied by individual, including Social Security numbers, bank account and routing numbers, member identification numbers, taxpayer identification, contact details, and other data.” Read More
Kaseya hack floods hundreds of companies with ransomware
TechCrunch, Zack Whittaker
“Make no mistake, the timing and target of this attack are no coincidence. It illustrates what we define as a Big Game Hunting attack, launched against a target to maximize impact and profit through a supply chain during a holiday weekend when business defenses are down.” Read More
Cybersecurity News: July 5, 2021
Russian Hackers Are Trying to Brute-Force Hundreds of Networks
Wired, Andy Greenberg
“This lengthy brute force campaign to collect and exfiltrate data, access credentials and more, is likely ongoing, on a global scale.” Read More
Salvation Army Hit by Ransomware Attack
Infosecurity Magazine, James Coker
“The Christian charity is thought to be negotiating with the attackers over the siphoned data. Thankfully, the charity said that none of its services for vulnerable people had been affected.” Read More
Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground
Threat Post, Tara Seals
“It is not uncommon to see such data sets being used to send personalized phishing emails, extort ransom or earn money on the Dark Web – especially now that many hackers target job seekers on LinkedIn with bogus job offers, infecting them with a backdoor trojan.” Read More
Hackers are investing in each other’s operations—just like VCs invest in startups
Fast Company, Steven Melendez
“Everybody’s trying to innovate, even the criminals.” Read More
Mercedes-Benz data breach exposes SSNs, credit card numbers
Bleeping Computer, Ax Sharma
“The vendor who notified Mercedez-Benz of the data breach states that the exposed information included: self-reported customer credit scores, driver license numbers, Social Security numbers (SSNs), credit card numbers, and dates of birth.” Read More
Cybersecurity News: June 28, 2021
An internal code repo used by New York State’s IT office was exposed online
TechCrunch, Zack Whittaker
“…the GitLab server contained secret keys and passwords associated with servers and databases belonging to New York State’s Office of Information Technology Services.” Read More
Cyber-attack Exposes Eye Clinic Patient Data
Infosecurity, Sarah Coble
“According to the clinic, the perpetrators behind the cyber-attack may have compromised the records of roughly half a million past and present patients. …patient data exposed in the attack may have included patient names, mailing addresses, dates of birth, Social Security numbers, and protected medical/health information.” Read More
SonicWall sees 226.3 million ransomware attack attempts in May
Computer Weekly, Alex Scroxton
“The bombardment of ransomware attacks is forcing organisations into a constant state of defence rather than an offensive stance.” Read More
Ohio Medicaid Provider Suffers Data Breach
Infosecurity, Sarah Coble
“Information exposed in the incident included names, dates of birth and Social Security numbers belonging to the state’s Medicaid providers. Maximus said the breached data could have been stolen.” Read More
Wegmans reports misconfigurations on two cloud databases
SC Magazine, Steve Zurier
“You must know what security functions are provided by the cloud vendor versus what cloud users are responsible for.” Read More
Cybersecurity News: June 21, 2021
Carnival Cruise hit by data breach, warns of data misuse risk
BleepingComputer, Sergiu Gatlan
“The impacted information includes data routinely collected during the guest experience and travel booking process or through the course of employment or providing services to the Company, including COVID or other safety testing.” Read More
Biden tells Putin certain cyberattacks should be ‘off-limits’
Reuters, Vladimir Soldatkin & Humeyra Pamuk
“We agreed to task experts in both our countries to work on specific understandings about what is off-limits. We’ll find out whether we have a cybersecurity arrangement that begins to bring some order.” Read More
NATO: Series of cyberattacks could be seen as the same threat as an armed attack
ZDNet, Liam Tung
“Allies recognise that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack.” Read More
Intuit notifies customers of compromised TurboTax accounts
BleepingComputer, Sergiu Gatlan
“By accessing your account, the unauthorized party may have obtained information contained in a prior year’s tax return or your current tax return in progress, such as your name, Social Security number, address(es), date of birth, driver’s license number and financial information (e.g., salary and deductions)….” Read More
How Hackers Used Slack to Break into EA Games
Vice, Joseph Cox
“A representative for the hackers told Motherboard in an online chat that the process started by purchasing stolen cookies being sold online for $10 and using those to gain access to a Slack channel used by EA. The hackers then requested a multifactor authentication token from EA IT support to gain access to EA’s corporate network.” Read More
Cybersecurity News: June 14, 2021
Hackers Stole a Ton of EA Data—Including Valuable Source Code
Wired, Cecilia D’Anastasio
“…video game source code is a big-money commodity, especially for cheat-makers. Popular cheats are often designed by injecting bits of the original game source code into another piece of software. ‘When they have access to the source code, they could easily see what makes the game function and how they could adapt their cheats to the game.’” Read More
This unreported trojan managed to steal 1.2 TB of personal data
TechRadar, Anthony Spadafora
“The malware also stole over 6.6m files stored on the desktops and Downloads folders of victims including text files, image files and other documents.” Read More
RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries
CyberNews, Edvardas Mikalauskas
“Considering the fact that only about 4.7 billion people are online, numbers-wise the RockYou2021 compilation potentially includes the passwords of the entire global online population almost two times over.” Read More
Ransomware Struck Another Pipeline Firm—and 70GB of Data Leaked
Wired, Andy Greenberg
“The data…includes 73,500 emails, accounting files, contracts, and other business documents, around 19 GB of software code and data, and 10 GB of human resources files that includes scans of employee driver’s licenses and Social Security cards.” Read More
US to Treat Ransomware Like Terrorism
Infosecurity Magazine, Sarah Coble
“We really want to make sure prosecutors and criminal investigators report and are tracking … cryptocurrency exchanges, illicit online forums or marketplaces where people are selling hacking tools, network access credentials – going after the botnets that serve multiple purposes.” Read More
Cybersecurity News: June 7, 2021
Fujifilm Shuts Down Servers to Investigate Possible Ransomware Attack
Infosecurity Magazine, Benjamin David
“For some entities, this affects all forms of communications, including emails and incoming calls, which come through the company’s network systems.” Read More
Scripps Notifying 147K People of Data Breach
Infosecurity Magazine, Sarah Coble
“Data exposed includes health information, Social Security numbers, driver’s license numbers, and financial information.” Read More
JBS: World’s largest meat supplier hit by cyber-attack
BBC News, Staff
“The company’s five biggest beef plants are in the US, and the shutdowns have halted a fifth of meat production there. According to the trade group Beef Central, ‘supermarkets and other large end-users like the McDonald’s burger pattie supply network will be some of the most immediately impacted customers, due to their need for consistent supply'” Read More
Hackers are targeting employees returning to the post-COVID office
TechCrunch, Carly Page
“The email looks legitimate enough, sporting the company’s official logo in the header, as well as being signed spoofing the CIO. The bulk of the message outlines the new precautions and changes to business operations the company is taking relative to the pandemic.” Read More
SolarWinds attackers leveraged trust in Constant Contact email marketing, USAID, to launch campaign
SC Media, Bradley Barth
“About 25% of these targets were international development, humanitarian and human rights organizations – employees of which might not flinch at the sight of an email from USAID, especially one sent from a credible and legitimate marketing service such as Constant Contact.” Read More
Cybersecurity News: May 31, 2021
Number of Breached Records Soars 224% Annually
Infosecurity, Phil Muncaster
“Information security adoption is slower than the adoption of digital services that make profit from the addiction to and consumption of the same online services. The increasing number of breaches every year is a result of this gap.” target=”_blank” rel=”noreferrer noopener”>Read More
Enterprises under-resource cloud security despite increased risks
BetaNews, Ian Barker
“This is the result of several issues, not least of which is the fact that many organizations are under-resourced, poorly trained and budget-constrained, which results in the inability to address all of their vulnerabilities and risks.” Read More
Audio maker Bose discloses data breach after ransomware attack
Bleeping Computer, Sergiu Gatlan
“Employe personal information exposed in the ransomware attack includes names, Social Security Numbers, compensation information, and other HR-related information.” Read More
Data in Danger Amid New IT Challenges
DarkReading, Staff
“…a high percentage of organizations struggle to minimize the unexpected risks around widespread remote work, even as they seek to minimize the existing risks related to cloud, mobile, and endpoint systems and applications.” Read More
India’s national carrier says hack leaked passengers’ data
ABC News, The Associated Press
“The hackers were able to access 10 years’ worth of data including names, passport and credit card details from the Atlanta-based SITA Passenger Service System.” Read More
Cybersecurity News: May 24, 2021
One of the US’s largest insurance companies reportedly paid $40 million to ransomware hackers
The Verge, Mitchell Clark
“If the $40 million figure is accurate, CNA’s payout would rank as one of the highest ransomware payouts….” Read More
This is how long hackers will hide in your network before deploying ransomware or being spotted
ZDNet, Liam Tung
“To put this in context, 11 days potentially provide attackers with approximately 264 hours for malicious activity, such as lateral movement, reconnaissance, credential dumping, data exfiltration, and more. Considering that some of these activities can take just minutes or a few hours to implement, 11 days provide attackers with plenty of time to do damage.” Read More
Colonial Pipeline hackers received $90 million in bitcoin before shutting down
CNBC, Ryan Browne
“The average payment from organizations was likely $1.9 million. ‘To our knowledge, this analysis includes all payments made to DarkSide, however further transactions may yet be uncovered, and the figures here should be considered a lower bound.’” Read More
Ransomware’s Dangerous New Trick Is Double-Encrypting Your Data
Wired, Lily Hay Newman
“But the rise of double encryption as a strategy raises the additional risk that a victim could pay, decrypt their files once, and then discover that they need to pay again for the second key. As a result, the threat of double encryption makes the ability to restore from backups more crucial than ever.” Read More
Ransomware attacks are only getting worse, DarkSide group “quits,” but that may just be a strategy
TechSpot, Adrian Potoroaca
“The main issue with ransomware attacks is the difficulty of catching the people responsible for them, as some of them reside in countries that can be described as cybercrime safe havens. A notable example is North Korea, which is said to have used cryptocurrency experts and hackers to steal billions of dollars, aiding its military ambitions and allowing it to evade US sanctions.” Read More
