Cybersecurity News

Weekly Summary of the Top Stories in Cybersecurity

Cybersecurity News: July 26, 2021

Cybersecurity News: July 26, 2021

Cybercriminals leak medical data of Humana customers online

Techradar, Anthony Spadafora
“Additionally, the database may also contain API calls to various functions that include private API keys that cybercriminals could utilize to access other online services used by Humana or even its partners.” Read More

Patch now: Linux file system security hole, dubbed Sequoia, can take over systems

ZDNet, Steven J. Vaughan-Nichols
“‘If an unprivileged local attacker creates, mounts, and deletes a deep directory structure whose total path length exceeds 1GB…then’ through a series of other maneuvers you can write to out of bounds memory. And, with that, you can corrupt data, crash the system, or, worst of all, execute unauthorized code.” Read More

Study finds 97% of cloud apps used in the enterprise are shadow IT

SC Magazine, Steve Zurier
“[Enterprises] should favor a security architecture that provides context for apps, cloud services, and web-user activity, and that applies zero-trust controls to protect data wherever and however it’s accessed.” Read More

Amazon kicks NSO Group off its cloud service after spying reports

Cnet, Laura Hautala
“If you don’t do anything to stop the sale of this technology, it’s not just going to be 50,000 targets. It’s going to be 50 million targets, and it’s going to happen much more quickly than any of us expect.” Read More

Revealed: leak uncovers global abuse of cyber-surveillance weapon

The Guardian, Stephanie Kirchgaessner, et al.
“the broad array of [phone] numbers in the list belonging to people who seemingly have no connection to criminality suggests some NSO clients are breaching their contracts with the company, spying on pro-democracy activists and journalists investigating corruption, as well as political opponents and government critics.” Read More

Cybersecurity News: July 19, 2021

Cybersecurity News: July 19, 2021

US State Department offering $10 million reward for state-backed hackers

ZDNet, Jonathan Greig
“The measure is aimed squarely at those participating in malicious cyber activities against US critical infrastructure…. In addition to ransomware, the notice mentions a number of other cyber violations and notes that it applies to government computers as well as those used in or affecting interstate or foreign commerce or communication.” Read More

Google: Russian Hackers Used LinkedIn to Deliver iPhone-Based Attack

PC Magazine UK, Michael Kan
“In this campaign, attackers used LinkedIn Messaging to target government officials from western European countries by sending them malicious links. If the target visited the link from an iOS device, they would be redirected to an attacker-controlled domain that served the next stage payloads.” Read More

These Iranian hackers posed as academics in a bid to steal email passwords

ZDNet, Danny Palmer
“…the campaign also compromised a university-affiliated website in an effort to deliver personalised credential harvesting pages to targets, under the guise of inviting them to speak in a webinar on Middle Eastern issues.” Read More

Fashion retailer Guess discloses data breach after ransomware attack

Bleeping Computer, Sergiu Gatlan
“The investigation determined that Social Security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired.” Read More

Kaseya was warned about security flaws years ahead of ransomware attack

Engadget, Jon Fingas
“Employees reportedly complained that Kaseya was using old code, implemented poor encryption and even failed to routinely patch software.” Read More

Cybersecurity News: July 12, 2021

Cybersecurity News: July 12, 2021

New Trojan malware steals millions of login credentials

TechRadar, Mayank Sharma
“In all, the unnamed malware managed to siphon away 1.2 terabytes of personal data including over a million unique email addresses, over two billion cookies, and more than six million other files.” Read More

Report shines light on REvil’s depressingly simple tactics: Phishing, credential-stuffing RDP servers… the usual

The Register, Gareth Halfacree
“The methods chosen by the group to gain access to the target systems are depressingly simple, Martineau’s report claimed, with the most common methods being as simple as sending a phishing message or attempting to log in to Remote Desktop Protocol (RDP) servers using previously-compromised credentials.” Read More

Phishing attack targets DocuSign and SharePoint users

SC Magazine, Steve Zurier
“…the researchers said most of the emails use COVID-19 as a way to dupe users into clicking on a bogus document. For example, the email will ask the user to review a ‘Covid 19 relief fund as approved by the board of directors.'” Read More

Dominion National reaches $2M settlement over nine-year data breach

SC Magazine, Jessica Davis
“The compromised information was highly sensitive and varied by individual, including Social Security numbers, bank account and routing numbers, member identification numbers, taxpayer identification, contact details, and other data.” Read More

Kaseya hack floods hundreds of companies with ransomware

TechCrunch, Zack Whittaker
“Make no mistake, the timing and target of this attack are no coincidence. It illustrates what we define as a Big Game Hunting attack, launched against a target to maximize impact and profit through a supply chain during a holiday weekend when business defenses are down.” Read More

Cybersecurity News: July 5, 2021

Cybersecurity News: July 5, 2021

Russian Hackers Are Trying to Brute-Force Hundreds of Networks

Wired, Andy Greenberg
“This lengthy brute force campaign to collect and exfiltrate data, access credentials and more, is likely ongoing, on a global scale.” Read More

Salvation Army Hit by Ransomware Attack

Infosecurity Magazine, James Coker
“The Christian charity is thought to be negotiating with the attackers over the siphoned data. Thankfully, the charity said that none of its services for vulnerable people had been affected.” Read More

Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground

Threat Post, Tara Seals
“It is not uncommon to see such data sets being used to send personalized phishing emails, extort ransom or earn money on the Dark Web – especially now that many hackers target job seekers on LinkedIn with bogus job offers, infecting them with a backdoor trojan.” Read More

Hackers are investing in each other’s operations—just like VCs invest in startups

Fast Company, Steven Melendez
“Everybody’s trying to innovate, even the criminals.” Read More

Mercedes-Benz data breach exposes SSNs, credit card numbers

Bleeping Computer, Ax Sharma
“The vendor who notified Mercedez-Benz of the data breach states that the exposed information included: self-reported customer credit scores, driver license numbers, Social Security numbers (SSNs), credit card numbers, and dates of birth.” Read More

Cyber Trends and Predictions for 2021