Backdoor Diplomacy. “Fancy Lazarus” described (they’re crooks, not spies). EA source code stolen. Slilpp taken down. McBreach. | #cybersecurity | #cyberattack

Attacks, Threats, and Vulnerabilities

APT group targets diplomatic organizations in Africa and the Middle East (The Record by Recorded Future) Security experts have discovered a new cyber-espionage (APT) group that has spent the past four years targeting diplomatic organizations across Africa and the Middle East.

BackdoorDiplomacy: Upgrading from Quarian to Turian | WeLiveSecurity (WeLiveSecurity) ESET Research uncovers BackdoorDiplomacy, a new APT group that mainly targets ministries in the Middle East and Africa and deploys a backdoor ESET calls Turian.

Ransom DDoS Extortion Actor “Fancy Lazarus” Returns (Proofpoint) The ransom distributed denial of service extortion threat actor known as “Fancy Lazarus” is back, taking aim at an increasing number of industries, including the energy, financial, insurance, manufacturing, public utilities, and retail sectors.

Iranian Hackers Compromise Websites of an African Bank and a US Federal Library (Softpedia) Iranian hackers targeted U.S. and African targets

Hackers Steal Wealth of Data from Game Giant EA (Vice) The data includes source code for FIFA 21 and the Frostbite engine.

Hackers breach Electronic Arts, stealing game source code and tools (CNN) Hackers have broken into the systems of Electronic Arts, one of the world’s biggest video game publishers, and stolen source code used in company games, a spokesperson confirmed to CNN Business on Thursday.

Electronic Arts breach: FIFA 2021 and Frostbite source codes, 9 million user records stolen from EA and sold online (CyberNews) Unknown attackers stole the source code from EA’s biggest game and proprietary engine, along with 9 million user records.

The Ruthless Hackers Behind Ransomware Attacks on U.S. Hospitals: ‘They Do Not Care’ (Wall Street Journal) An Eastern European group known as Ryuk has hit at least 235 facilities, raking in more than $100 million.

Emerging ‘Prometheus’ ransomware claims 30 victims in a dozen countries, Palo Alto Networks says – CyberScoop (CyberScoop) A new ransomware group claims to have breached 30 organizations in government, financial services, health care services, and energy firms in the United States, United Kingdom, and a dozen more countries, according to Palo Alto Networks research published Wednesday. The group, which Palo Alto researchers have dubbed “Prometheus,” most frequently targets the manufacturing industry.

Prometheus Ransomware Gang: A Group of REvil? (Unit42) Prometheus is a new player in the ransomware world that uses similar malware and tactics to ransomware veteran Thanos.

Ransomware is now going after billion-dollar targets (TechRadar) Report unravels the modus operandi of ransomware gangs

Ransomware Attack Roiled Meat Giant JBS, Then Spilled Over to Farmers and Restaurants (Wall Street Journal) The hack set off a domino effect that drove up wholesale meat prices, backed up animals in barns and forced food distributors to hurriedly search for new suppliers.

ALPACA: New TLS Attack Allows User Data Extraction, Code Execution (SecurityWeek) Researchers detail ALPACA, a new TLS attack method that can be exploited by an MitM attacker to extract session cookies and other user data or execute JavaScript code.

Breaking SSL Locks: App Developers Behaving Badly (Symantec) Symantec analyzed five years’ worth of Android and iOS apps to see how many are sending data securely.

WSJ News Exclusive | McDonald’s Hit by Data Breach (Wall Street Journal) The hack exposed some U.S. business information and customer data in South Korea and Taiwan, the company said.

Report: Biggest Baby Clothing Brand in the US Exposes 100,000s of Customers to Hacking and Fraud (vpnMentor) Led by Noam Rotem, vpnMentor’s research team discovered a data breach in an API used by baby clothing apparel giant Carter’s.

Cost of ransomware attack on Baltimore County public schools climbs to $7.7M (Baltimore Sun) Baltimore County school officials estimate the ransomware attack in November will cost the system at least $7.7 million, nearing what Baltimore City spent following a similar attack in 2019.

Lack of Trust: Pretending to be a Trusted Sender to Steal Credentials (Avanan) An attack that gets past Barracuda is made worse when the sender is incorrectly deemed as trustworthy.

Here’s how malware steals files (NordLocker) We analyzed how one malware stole 6 million files, 26 million online accounts, and 2 billion cookies.

Unidentified malware stole personal information from 3 million PCs (Mail Online) Researchers discovered an unidentified malware that created a 1.2TB database of personal records stolen from 3.25 million PCs between 2018 and 2020, including logins for major online sites.

Dispelling ROCKYOU2021 (BluLiv Labs) As you may already be aware, a user recently made available a compilation of passwords dubbed ROCKYOU2021 on an underground forum and has since then shared on multiple sites. At Blueliv, we have already seen a few misconceptions regarding this compilation, from news outlets and regular users alike. During this blogpost, we will try to clarify exactly what ROCKYOU2021 is.

Security Patches, Mitigations, and Software Updates

Flaws in Rockwell Software Impact Products From Schneider Electric, GE and Others (SecurityWeek) Several vulnerabilities discovered by Kaspersky researchers in Rockwell Automation software impact industrial products from Schneider Electric, GE and other vendors.

ZOLL Defibrillator Dashboard (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 9.9
ATTENTION: Exploitable remotely/low attack complexity
Vendor: ZOLL
Equipment: Defibrillator Dashboard
Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Use of Hard-coded Cryptographic Key, Cleartext Storage of Sensitive Information, Cross-site Scripting, Storing Passwords in a Recoverable Format, Improper Privilege Management

AGG Software Web Server Plugin (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 8.2
ATTENTION: Exploitable remotely/low attack complexity
Vendor: AGG Software
Equipment: Web Server
Vulnerabilities: Path Traversal, Cross-site Scripting

Successful exploitation of these vulnerabilities could allow remote code execution and exposure of arbitrary system files.

Rockwell Automation FactoryTalk Services Platform (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 8.5
ATTENTION: Exploitable remotely
Vendor: Rockwell Automation
Equipment: FactoryTalk Services Platform
Vulnerability: Protection Mechanism Failure

Successful exploitation of this vulnerability may allow remote, authenticated users to bypass FactoryTalk Security policies that are based on a computer name.

Chrome zero-day, hot on the heels of Microsoft’s IE zero-day. Patch now! (Naked Security) Patch early. Patch often. Patch now!

Digging into Apple’s iCloud Private Relay (The Mac Observer) At this week’s WWDC Keynote, Apple announced iCloud Private Relay, a privacy feature aimed towards further separating you and your browsing activity from people who want to track and collect data about you. iCloud Private Relay works for anyone with an iCloud+ subscription using iOS 15, iPadOS 15, and macOS Monterey, and when enabled it protects all your Safari browsing, all DNS queries, and any insecure web traffic from other apps.

TAG Cyber Roundtable interview- “Enough About Data Breaches. Let’s Talk About OT Security” (Control Global) David Hechler from Tag Cyber hosted a roundtable discussion with Mark Weatherford, who has held a variety of executive-level positions in the public and private sectors, and me on operational technology (OT) cyber security.

The Rising Cost Of Ransomware – 2021 Report (Randori) The risk of ransomware to businesses is growing faster than ever and leaders agree, ransomware is a “cost of doing business.” Learn why…

The Digital Banking Blindspot (Mobey Forum) A Report from Mobey Forum’s AI & Data Privacy Expert Group Co-chaired by: Amir Tabakovic, CEO and Founder, Ville Sointu, Head of Emerging Technologies, Nordea Core Team: Amir Tabakovic, CEO and Founder, Ville Sointu, Head of Emerging Technologies, Nordea Sebastian Reichmann, Head of Productization for Data & AI, TietoEvry Romana Sachova, Fraud Prevention Manager, CaixaBank In today’s…

Herjavec research says manufacturing firms were biggest ransomware targets in first half of 2021 (IT World Canada) Companies that produce manufactured goods were the biggest targets of ransomware attacks in the first half of the year, according to a new report.

Serious cyberattacks in Europe doubled in the past year (CNN) Significant cyberattacks against critical targets in Europe have doubled in the past year, according to new EU figures obtained by CNN, as the pandemic pushed lives indoors and online.

Have We Reached the Cyber Tipping Point? (Security Systems News) The numbers are getting kind of crazy people. And I am not just talking about the big national cyberattack stories that we are seeing, but also the personal stories that go on daily within our homes and

Gig workers are here to stay, but they might pose a hidden cybersecurity risk (TechRepublic) Whether intentional or not, gig workers can cause security breaches. Here’s how to set your company up for safety.


Aura Raises $150 Million Series E Led by Warburg Pincus (PR Newswire) Aura, a leading provider of comprehensive digital security for consumers, today announced a $150 million Series E funding round led by Warburg…

Recorded Future Announces The Intelligence Fund (PR Newswire) Recorded Future, an Insight Partners portfolio company and the world’s largest provider of intelligence for enterprise security, today…

RSA Security spins out its Fraud & Risk Intelligence business into standalone company called Outseer (ZDNet) Outseer said it will continue to build out RSA’s anti-fraud and payments security portfolio.

Accenture Federal Services Expands AI, Cybersecurity Skills With Novetta Buy (CRN) The two companies have complementary capabilities in artificial intelligence, cybersecurity, and cloud.

Socure Reports Explosive Growth of 113% Year-Over-Year and Emerges as the Industry Leader in Digital Identity Verification and Trust (BusinessWire) Socure, the leading platform for digital identity trust, today announced 113% year-over-year growth, further cementing Socure’s critical position as t

China’s Huawei to be excluded from influential JPMorgan bond indices (Reuters) U.S. bank JPMorgan said it will exclude Huawei’s dollar bonds from some its most influential investment indices from the end of next month, following the latest ratcheting up of U.S. sanctions on Chinese technology firms.

QuintessenceLabs Selected Global Top 4 in Enabling Tech Category of Extreme Tech Challenge 2021 (BusinessWire) Watch the QuintessenceLabs pitch at the XTC 2021 Global Finals, Enabling Technologies Category, on June 28th, 2021.

A small secret is threatening this Israeli cyber firm’s plans ( Two years ago, the American company CrowdStrike held its initial public offering, which valued it at almost $7 billion. Since then, its market value has increased sevenfold.

Columbia cyber firm IntelliGenesis plans 8,000 sq.ft. expansion following recent acquisition (Baltimore Business Journal) The company will stand up a new data and discovery center, where employees and clients can simulate certain cyber environments, test for potential vulnerabilities and train for how to address them.

AppSec Innovator Invicti Appoints Cybersec Veteran Sonali Shah as Chief Product Officer (PR Newswire) Invicti Security™, a global innovator in web application security, today announced cybersecurity leader Sonali Shah has joined its executive…

Former Cross Domain Solutions Chief at the U.S. Defense Intelligence Agency, David Wallick, Joins Garrison Technology (BusinessWire) Garrison Technology today announced that David Wallick, a renowned federal government Cross Domain Solutions (CDS) expert, has joined the company’s U.

OP’s Foresite hires CEO that helped build $2B cybersecurity business (Kansas City Business Journal) Overland Park-based cybersecurity solutions provider Foresite has a new chairman and CEO.

TrapX Security names Steve Preston as CEO (Help Net Security) TrapX Security announced that Steve Preston has been appointed CEO to take active defense forward as a critical strategy against ransomware.

CentralSquare Adds Teradata Chief Product Officer, Hillary Ashton, to Board of Directors ( CentralSquare, a leader in public sector technology, today announced that Hillary Ashton, Chief Product Officer for Teradata, the connected multi-cloud data

Baker McKenzie Nabs Ice Miller’s Data Security Co-Founder (Law360) Baker McKenzie has added a partner to its North America intellectual property and technology practice, the firm said Wednesday, further building out the unit as companies face growing cyber threats and an expansion of data privacy regulations.

Products, Services, and Solutions

MS-ISAC Members Can Now Access Deloitte’s Cyber Detect and Respond Portal to Proactively Prepare for, Identify and Respond to Cyber Threats (PR Newswire) Deloitte and the Multi-State Information Sharing and Analysis Center (MS-ISAC), a component of the Center for Internet Security, Inc. (CIS),…

Coalition has teamed up with QuickBooks to Offer Leading Cyber Insurance Coverage to Small Businesses (PR Newswire) Coalition, the leading cyber insurance and security company, today announced its relationship with Intuit (Nasdaq: INTU), enabling QuickBooks…

High-Security Data Center Standardizes On Invixium Biometrics For Modern Touchless Access Control (Invixium) Data centers require unique security solutions to ensure that their customers’ most critical assets are protected from theft. LightEdge, a premier provider of cloud and colocation services in the Midwestern United States, sought a biometric solution that matched the company’s high-level goals of security and futuristic design. Beginning in 2018, LightEdge sought to standardize on […]

NordPass password manager is making cybersecurity easy at Evergrowth (Yahoo Finance) NordPass, in collaboration with a third-party company specializing in data breach research, has recently taken a deeper look at the password habits of Fortune 500 companies. Unfortunately, the study revealed that password hygiene and the knowledge surrounding password security is still a challenge even for the largest and most successful companies out there. When it comes to the IT and technology industry, the analysis revealed a few alarming trends that

BeyondTrust Introduces Cloud Privilege Broker to Secure Entitlements and Permissions Across Multi-cloud Environments (GlobeNewswire) New solution centralizes visualization and management of entitlements, enabling IT and security teams to apply consistent policies across multi-cloud environments.

Redspin Announces it is the First Organization to Pass DoD’s Cybersecurity Maturity Model Certification Level 3 Assessment (Yahoo Finance) Redspin is the first organization to successfully pass the Cybersecurity Maturity Model Certification (CMMC) Level 3 certification as a C3PAO.

Cyber Reliant and Canopius offer warranty to protect data in commercial enterprises (Help Net Security) Cyber Reliant announces an warranty by Canopius to protect commercial and institutional purchasers of Cyber Reliant data protection products.

GroupSense and CipherTrace Partner to Reduce Cryptocurrency Cybercrime (Johnson City Press) GroupSense, a digital risk protection services company, and leading cryptocurrency intelligence company CipherTrace, today announced combining their threat intelligence offerings for enterprise clients

New release from Claroty looks to improve industrial network security (Security Brief) Claroty Edge equips customers to discover a complete OT, IoT, and IIoT global asset inventory, as well as identify and manage the vulnerabilities and risks affecting those assets.

Coinbase partners with 401 (k) providers to provide cryptography (Texas News Today) A small group of workers will find something new in their 401 (k) plan starting in July: the option to invest in cryptocurrencies. For Us All Inc., a 401 (k) provider, announced a deal with Coinbase Global’s institutional division earlier this month. Co., Ltd. coin 1.66% Major cryptocurrency exchanges. This allows workers in managed plans …

Palo Alto Networks Unveil New Updates To Prisma Cloud, The Company’s CSPM Solution, To Help Enterprises Accelerate Cloud Adoption (Security Informed) New updates to Prisma Cloud, Palo Alto Networks’ Cloud Security Posture Management (CSPM) solution, helps eliminate dangerous cloud blind spots and free security teams from the burden of alert fatigue. These critical features are available to the 2,000+ enterprises that trust Prisma Cloud, as well as future customers.

Check Point Software Announces Integration of CloudGuard Network Security with Equinix Network Edge (Check Point Software) By Jeff Engel, Cloud Alliance Architect, published June 11, 2021 Digital transformation has garnered massive momentum for cloud computing, and has

Technologies, Techniques, and Standards

NIST Releases Tips & Tactics for Control System Cybersecurity (NIST) The impact of cybersecurity breaches on infrastructure control system owners/operators is more visible than ever before.

WSJ News Exclusive | U.S. Launches Task Force to Open Government Data for AI Research (Wall Street Journal) The task force will draft a strategy for potentially giving researchers access to stores of data about Americans, from demographics to health and driving habits.

ACSC scanning is allowing Commonwealth entities to avoid being hacked (ZDNet) Scanning for vulnerable kit is allowing Australian government organisations to avoid being hacked, sometimes only hours before malicious actors take advantage.

Required MFA Is Not Sufficient for Strong Security: Report (Dark Reading) Attackers and red teams find multiple ways to bypass poorly deployed MFA in enterprise environments, underscoring how redundancy and good design are still required.

Hack the Army event yields 102 critical security gaps (FedScoop) The Army worked with Defense Digital Services and HackerOne on the latest bug bounty that found 238 vulnerabilities, 102 being critical gaps.

Can cyber insurance secure your organisation’s data (The Hindu) Several companies are considering taking cyber insurance to seek protection against huge financial losses, especially after the prevalence of large-scale cyberattacks including the recent ones on SolarWinds and the U.S. Colonial Pipeline

Design and Innovation

Homegrown Australian Technology Stars Back eSignatures Push (Gonitro) Nitro Software (ASX: NTO), a global document productivity company, has begun a campaign to make electronic signatures a permanent feature of the Australian business landscape, and tech leaders of Australian-born companies with a combined value of more than A$100 billion have added their voices to the campaign.  

Legislation, Policy, and Regulation

Biden, Putin set to meet in 18th-century Swiss villa for summit (Reuters) U.S. President Joe Biden and Russian President Vladimir Putin are set to hold their June 16 summit in an 18th-century Swiss villa overlooking Lake Geneva, a soothing setting for what promises to be heated talks.

When Biden Meets Putin (Foreign Affairs) There is a limit to how much the Putin-Biden summit can accomplish. Even so, there is real value to the optics of consultation and deliberation.

Gen. Alexander: Russia ‘Almost for Sure’ Involved in Pipeline Attack ( General Keith Alexander, who served as the director of the National Security Agency and was the first commander of the U.S. Cyber Command, discusses the cyberattack against Colonial Pipeline

U.S. Lifts Some Iran Sanctions Amid Stalled Nuclear Talks (Wall Street Journal) U.S. officials say the action, which comes amid stalled nuclear negotiations, signals Washington’s commitment to easing a broader pressure campaign if Tehran changes its behavior.

U.S. Senate to probe whether legislation needed to combat cyber attacks (Reuters) U.S. Senate Majority Leader Chuck Schumer on Thursday said he is initiating a review of recent high-profile cyber attacks on governments and businesses to find out whether a legislative response is needed.

The Cybersecurity 202: Our expert network says it’s time for more cybersecurity regulations (Washington Post) The time has come for government to mandate that companies vital to U.S. national and economic security meet basic cybersecurity standards, according to a vast majority of cybersecurity experts.

Wray Warns Companies Against Paying Ransom for Cyberattacks (Bloomberg) Biden cyber nominees say voluntary guidelines aren’t working. GOP lawmaker says Biden administration gave ‘wink and a nod.’

Biden moves closer to filling critical cyber roles as administration is tested by attacks (CNN) Two of the senior officials expected to round out President Joe Biden’s cyber team faced lawmakers on Thursday for their confirmation hearing as the administration grapples with how to deal with the growing number of foreign ransomware attacks against American companies and organizations.

Cyber Regulation Could Be Coming Following Spate of Hacks, Ransomware Attacks (Voice of America) The United States may soon look to regulate private companies, mandating higher standards for cybersecurity following a series of damaging hacks and ransomware attacks against key firms and critical infrastructure.


Easterly Tackles Surging Cyber Threats at CISA Confirmation Hearing (MeriTalk) Jen Easterly, President Biden’s nominee to become the next director of the Cybersecurity and Infrastructure Security Agency (CISA), delivered a sobering assessment of the rising threats faced by Federal and private sectors networks and pledged at her June 10 confirmation hearing to strengthen the agency’s capabilities to defend and secure networks.

‘Systematically Attack’ What Makes Cyber Attacks Possible: WH Cyber Director Nominee (Breaking Defense) “If the past year has taught us anything, it’s the obligation we have as leaders to anticipate the unimaginable,” CISA nominee Easterly said. “I believe as a nation we remain at great risk of a catastrophic cyberattack.”

Opinion: The U.S. should establish a federal agency to harden our cyber defenses (San Diego Union-Tribune) We need coordination between the public and private sector to communicate threat information.

House Democrats about to uncork 5-pronged assault on tech (POLITICO) Bills set to be announced in the coming days would make it easier to break up giant tech companies, block them from merging and prohibit them from hobbling their rivals.

WSJ News Exclusive | Amazon, Other Tech Giants Could Be Forced to Shed Assets Under House Bill (Wall Street Journal) The House bill could mandate structural separation of the e-commerce giant and other big tech companies that Congress spent 15 months investigating as part of an inquiry into their size and power.

Five steps to save the internet — and our democracy (TheHill) After 25 years, there are no rules of engagement for malicious activity, and no definitions of what digital behavior constitutes criminal behavior or an act of war.

US Cyber Command wants more money for network defense (Federal Times) U.S. Cyber Command is asking Congress for an additional $62.1 million in its unfunded priority list to harden networks from malicious cyberattacks.

U.S. Cyber Command Requests $93.4M From Congress in Additional Funding; Gen. Paul Nakasone Quoted (Executive Gov) U.S. Cyber Command has requested an additional $62 million in funding to reinforce the Department of

Litigation, Investigation, and Law Enforcement

Mandiant: Compromised Colonial Pipeline password was reused (SearchSecurity) The compromised VPN login used in the Colonial Pipeline ransomware attack involved a password that had been used on another website.

Authorities seize SlilPP, a marketplace for stolen login credentials (The Record by Recorded Future) The US Department of Justice announced today it seized the servers and domains of SlilPP, a well-known online marketplace where criminal groups assembled to trade stolen login credentials.

Server von größtem Zugangsdaten-Handelsplatz beschlagnahmt ( IT-News für Profis) FBI und BKA ist ein Schlag gegen den größten Handelsplatz mit Zugangsdaten gelungen. Zuletzt wurden 80 Millionen Passwörter angeboten.

Slilpp, the largest stolen logins market, seized by law enforcement (BleepingComputer) The US Justice Department has announced today that a multinational operation took down Slillpp, the largest online marketplace of stolen login credentials.

Slilpp Marketplace Disrupted in International Cyber Operation (US Justice Department) The Justice Department today announced its participation in a multinational operation involving actions in the United States, Germany, the Netherlands, and Romania to disrupt and take down the infrastructure of the online marketplace known as Slilpp.

Chinese Police Arrest 1.1K People on Crypto-Related Money Laundering Charges (CoinDesk) Chinese police have arrested over 1,000 people on money-laundering charges, alleging they used cryptocurrency to help them evade the law.

How the FBI Got Colonial Pipeline’s Ransom Money Back (Wall Street Journal) The seizure of more than half of the company’s payment cuts against cryptocurrency’s reputation as an untraceable financial medium for hackers.

Amazon faces huge fine for ‘data breach’ (Times) Amazon could be fined more than €350 million by a privacy regulator over its collection and use of data across the European Union.Luxembourg’s data protection commission has proposed a steep penalty

Vermonter sues a leading parking app after data breach (VTDigger) The lawsuit alleges that the breach revealed personal information for 21 million ParkMobile customers. Burlington, which uses the technology for its 1,200 street meters and 1,550 garage spaces, does not plan to take further action.

Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

2 + three =