Select Page

Weekly News Wrap-up

Cybersecurity News: December 13, 2021

Cybersecurity News: December 13, 2021

DOJ Announces New Initiative to Use False Claims Act to Enforce Compliance with Data Privacy and Security Laws and Contract Requirements

JD Supra
“This new initiative significantly expands the potential liability of federal contractors and healthcare provider that participate in federal healthcare programs related to data privacy and cybersecurity issues.” Read More

Cybersecurity Takes the Wheel as Auto Industry’s Top Priority

Dark Reading, Yash Prakash
“The auto industry’s reliance on software and connectivity will only become more pronounced in the years to come. Building effective cybersecurity into all aspects of new vehicles and systems is essential to ensuring the future success of the automotive industry.” Read More

27 flaws in USB-over-network SDK affect millions of cloud users

Bleeping Computer, Bill Toulas
“These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded.” Read More

SolarWinds hackers have been quietly targeting governments, cloud providers

SC Magazine, Derek B. Johnson
“The SolarWinds campaign was about who were the vendors you trust and all the different software in your environment, and this threat actor leveraged that one-to-many relationship pretty well. When we fast forward to now and talking about the cloud service providers, that’s them again saying why spend a lot of effort targeting a dozen individual companies when I can instead target one company that can then get me into those dozen ones.” Read More

GraphQL API authorization flaw found in major B2B financial platform

ZD Net, Jonathan Greig
“It is tempting to believe that mobile apps create an obscurity layer that is hard for attackers to crack, but decades of experience show that security through obscurity just doesn’t get the job done. Organizations need to make sure every transaction requires authorization and every step of a transaction is checked to make sure the permissions are appropriate for what is being attempted.” Read More

Cybersecurity News: December 6, 2021

Cybersecurity News: December 6, 2021

Phishing actors start exploiting the Omicron COVID-19 variant

Bleeping Computer, Bill Toulas
“Threat actors are quick to adjust to the latest trends and hot topics, and increasing people’s fears is an excellent way to cause people to rush to open an email without first thinking it through.” Read More

APT Groups Adopt New Phishing Method. Will Cybercriminals Follow?

Dark Reading, Kelly Sheridan
“By altering document formatting properties of [a rich text format] file, the attacker can weaponize it to access remote content by specifying a URL resource instead of an accessible file destination.” Read More

Yanluowang Ransomware Now Targeting US Companies

PC Magazine, Nathaniel Mott
“Symantec says that Yanluowang attacks typically involve an initial reconnaissance phase followed by credential harvesting, data exfiltration, and finally the encryption of the victim’s files.” Read More

HHS: APT targeting biomanufacturing with stealthy Tardigrade malware

SC Magazine, Jessica Davis
“The main role of this malware is still to download, manipulate files, send main.dll library if possible, deploy other modules and remain hidden [and for] espionage, tunnel creation, and for a bigger payload.” Read More

Credentials exposed for majority of US financial firm employees

SC Magazine, Karen Hoffman
“Employees and humans are the weakest points in terms of an organization’s cybersecurity posture and our findings related to the vast number of exposures in circulation are a serious cause for concern. These exposed credentials are the keys for threat actors to access companies’ sensitive data and critical systems.” Read More

Cybersecurity News: November 29, 2021

Cybersecurity News: November 29, 2021

FBI warns of phishing targeting high-profile brands’ customers

Bleeping Computer, Sergiu Gatlan
“When cyber criminals gain access to a consumer’s online and email accounts, cyber criminals may be able to intercept emails with 2FA codes that are used to make significant changes to online accounts, update passwords, verify user access, or change security rules and setup before the account owner is notified and aware.” Read More

Holiday Scams Drive SMS Phishing Attacks

Dark Reading, Robert Lemos
“As the holidays approach, the volume of short message service (SMS) phishing has almost doubled from the same period in the prior year, continuing a trend of SMS-text phishing growing as a vector to attack mobile users and their devices.” Read More

GoDaddy security breach impacts more than 1 million WordPress users

Tech Republic, Lance Whitney
“The hosting company discovered unauthorizing access by a third party to its Managed WordPress hosting environment. [It] found that the third party used a compromised password to access the provisioning system in its legacy code base for Managed WordPress.” Read More

Hackers Exploit ProxyLogon and ProxyShell Bugs in Phishing Blitz

Infosecurity Magazine, Phil Muncaster
“Delivering the malicious spam using this technique to reach all the internal domain users will decrease the possibility of detecting or stopping the attack, as the mail getaways will not be able to filter or quarantine any of these internal emails.” Read More

Verizon’s Visible cell customers hacked, leading to unauthorized purchases

ARS Technica, Ax Sharma
“We have learned of an incident wherein information on some member accounts was changed without their authorization. … Our investigation indicates that threat actors were able to access username/passwords from outside sources and exploit that information to log in to Visible accounts.” Read More

Cybersecurity News: November 22, 2021

Cybersecurity News: November 22, 2021

California Pizza Kitchen spills over 100,000 employee Social Security numbers

Tech Crunch, Carly Page
“The company said it learned of a ‘disruption’ to its systems on September 15 and moved to ‘immediately secure’ its environment. By October 4, the company said it had determined cybercriminals had infiltrated its systems and gained access to certain files, including employee names and SSNs.” Read More

US, UK warn of Iranian hackers exploiting Microsoft Exchange, Fortinet

Bleeping Computer, Sergiu Gatlan
“FBI and CISA have observed this Iranian government-sponsored APT group exploit Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.” Read More

New banking Trojan SharkBot makes waves across Europe, US

ZD Net, Charlie Osborne
“With the discovery of SharkBot we have shown new evidence about how mobile malware [is] quickly finding new ways to perform fraud, trying to bypass behavioral detection countermeasures put in place by multiple banks and financial services during the last years.” Read More

10,000+ websites and apps are vulnerable to Magecart

Helpnet Security
“Victims are often the last to know as it’s only later that organizations find that their data was sold or exploited, with the problem extending beyond any single vendor or client relationship. For enterprises in particular, Magecart attacks pose a significant challenge because it is problematic to set up a solution at scale.” Read More

Ohio hospital diverting ambulances, canceling appointments amid cyberattack

SC Magazine, Jessica Davis
“The latest advisory shows the health system is still working to safely restore systems and operations and warns province residents that it appears protected health information was stolen in the attack.” Read More

Cybersecurity News: November 15, 2021

Cybersecurity News: November 15, 2021

Senators add CISA cyberattack/ransomware reporting amendment to defense bill

ZD Net, Jonathan Greig
“The amendment would update current federal government cybersecurity laws to improve coordination between federal agencies, force the government to take a risk-based approach to security, as well as require all civilian agencies to report all cyber-attacks to CISA, and major cyber incidents to Congress.” Read More

Mobile banking boom presents new risk, security concerns

SC Magazine, Karen Hoffman
“This is a massive target opportunity, to make scams so appealing to fraudsters. No longer are you looking for unauthorized access from an unusual device and location. Now you have to spot the anomaly within a legitimate user transaction that the victims themselves are orchestrating.” Read More

A stalker’s wishlist: PhoneSpy malware destroys Android privacy

ZD Net, Charlie Osborne
“Even though thousands of South Korean victims have fallen prey to the spyware campaign, it is unclear whether they have any connections with each other. But with the ability to download contact lists and send SMS messages on behalf of the victim, there is a high chance that the malicious actors are targeting connections of current victims with phishing links.” Read More

Robinhood discloses data breach impacting 7 million customers

Bleeping Computer, Lawrence Abrams
“At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people.” Read More

Mobile phishing exposure in the energy industry surged 161% in 2021

Helpnet Security
“As the energy industry modernizes and relies more heavily on mobile devices and cloud solutions, these insights into mobile phishing and app threats can help organizations strengthen their security program.” Read More

Cybersecurity News: November 8, 2021

Cybersecurity News: November 8, 2021

Amazon Spoofed in New Attack

Infosecurity Magazine, Sarah Coble
“To incite the victims to make the call to Amazon, the attackers include high-price items on the fictitious emailed invoice.” Read More

Medical school exposes personal data of thousands of students

ZD Net, Charlie Osborne
“The server, which did not have authentication controls in place and was, therefore, accessible by anyone to view, contained 157GB of data, or just under an estimated 200,000 files.” Read More

FBI: Ransomware targets companies during mergers and acquisitions

Bleeping Computer, Sergiu Gatlan
“Impending events that could affect a victim’s stock value, such as announcements, mergers, and acquisitions, encourage ransomware actors to target a network or adjust their timeline for extortion where access is established.” Read More

Manufacturers forced to improve cyber security of wireless devices under new EU rule

IT Pro, Connor Jones
“To demonstrate compliance, manufacturers will have a choice of either submitting a self-assessment, or they can rely on a third-party assessment performed by an independent inspection body.” Read More

UMass Memorial notifies 209K patients 8 months after data breach discovery

SC Magazine, Jessica Davis
“The review determined the accounts contained a range of information from patient and health plan participants that included names, medical record numbers, health insurance details, clinical data, treatments, dates of birth, diagnoses, subscriber IDs, benefits election information, and procedures, among other data.” Read More

Cybersecurity News: November 1, 2021

Cybersecurity News: November 1, 2021

Ransomware Soars 148% to Record-Breaking Levels in 2021

Infosecurity Magazine, Phil Muncaster
“As we see it, ransomware is on a nearly unimaginable upward trend, which poses a major risk to businesses, service providers, governments and everyday citizens.” Read More

Microsoft warns of new supply chain attacks by Russian-backed Nobelium group

Tech Republic, Lance Whitney
“The group’s likely goal is to obtain direct access that resellers have to the IT systems of their customers. If successful, Nobelium would then have a way to impersonate a technology provider and attack its downstream customers.” Read More

As fewer victims pay ransoms, Conti gang looks to sell victim data

SC Magazine, Joe Uchill
“In general, we’re just seeing fewer people pay. And so whenever that happens, the ransomware actors sort of try and launch new ventures as far as ‘how else can we coerce money out of people or monetize the data that was stolen.'” Read More

SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat

Dark Reading, Jai Vijayan
“We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.” Read More

Gigabyte struck by ransomware for the second time in three months

Silicon Angle, Duncan Riley
“In most double extortion schemes, the data theft focuses on quantity rather than quality. The file tree from this dump suggests that in this case, the threat actor focused on quality.” Read More

Cybersecurity News: October 25, 2021

Cybersecurity News: October 25, 2021

Threat Actors Abusing Discord to Spread Malware

Infosecurity Magazine, Phil Muncaster
“As of now, any type of file, malicious or not, whose size is less than 8MB can be uploaded and sent via Discord. Because the file content isn’t analyzed, malware can be easily spread via Discord.” Read More

Sticky business: Ransomware hits U.S. candymaker ahead of Halloween

NBC News, Kevin Collier
“Ferrara…has been able to resume production only “in select manufacturing facilities. The spokesperson declined to say what percentage of orders it expected to fill before Halloween.” Read More

Telecommunications Providers Worldwide Are Targeted in Sophisticated Cyber-Espionage Campaign

Dark Reading, Jai Vijayan
“[LightBasin] is a pretty advanced actor. They have very bespoke tools that are meant to target the global telephony infrastructure and they are very good at what they do.” Read More

Acer hit with second cyberattack in less than a week, Taiwanese authorities notified

ZD Net, Jonathan Greig
“…Acer is way behind in its cybersecurity effects on protecting its data and is a global network of vulnerable servers.” Read More

US links $5.2 billion worth of Bitcoin transactions to ransomware

Bleeping Computer, Sergiu Gatlan
“The total value of ransomware-related [Suspicious Activity Reports] from the first six months of 2021, $590 million, already exceeds the $416 million reported for the entire year of 2020.” Read More

Cybersecurity News: October 18, 2021

Cybersecurity News: October 18, 2021

DocuSign phishing campaign targets low-ranking employees

Bleeping Computer, Bill Toulas
“While these emails are crafted to look like legitimate DocuSign messages, they are not being sent from the platform. On real DocuSign emails, users are never asked to enter passwords, but rather an authentication code is emailed to the recipient.” Read More

Customers On Alert as E-Commerce Player Leaks 1.7+ Billion Records

Infosecurity Group, Phil Muncaster
“The server was left unencrypted with no password protection in place. It contained 610GB of data, including customers’ full names, home and delivery addresses, phone numbers and billing details.” Read More

North American Orgs Hit With an Average of 497 Cyberattacks per Week

Dark Reading, Jai Vijayan
“Ransomware attacks overall so far in 2021 have increased by 93% compared with the same period last year. The attacks have touched one in 61 organizations globally, a 9% increase over last year.” Read More

Pacific City Bank discloses ransomware attack claimed by AvosLocker

Bleeping Computer, Bill Toulas
“…ransomware actors had unfortunately obtained the following information from its systems: loan application forms, tax return documents, W-2 information of client firms, payroll records of client firms, full names, addresses, Social Security Numbers, and wage and tax details.” Read More

NCSC CEO: Ransomware the “Most Immediate Threat” Facing UK Businesses

Infosecurity Group, James Coker
“…we expect ransomware will continue to be an attractive route for criminals as long as organizations remain vulnerable and continue to pay.” Read More

Cybersecurity News: October 11, 2021

Cybersecurity News: October 11, 2021

Twitch confirms hack after source code and creator payout data leaks online

TechCrunch, Zack Whittaker
“…a leaker claims to have taken the video game streaming giant’s source code, as well as proprietary SDKs, or software development kits, which let developers integrate Twitch into their apps and services.” Read More

U.S. govt to sue contractors who hide breach incidents

Bleeping Computer, Ionut Ilascu
“The initiative will hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.” Read More

Large ransom demands and password-guessing attacks escalate

Helpnet Security
“Ransomware gangs may have overdone it this time: the involvement of law enforcement in these high-impact incidents forced several gangs to leave the field. The same can’t be said for TrickBot, which appears to have bounced back from last year’s disruption efforts, doubling in our detections and boasting new features.” Read More

Largest mobile SMS routing firm discloses five-year-long breach

Bleeping Computer, Ionut Ilascu
“…it is easy to infer the type of data the hackers could access by breaching Syniverse: at least details about the source, destination, timestamps, general location, and possibly the content of the text messages.” Read More

Coinbase warns users of ‘large-scale’ phishing threat

Cnet, Julian Dossett
“To gain control of user accounts, scammers sent phishing emails that claimed to be from Coinbase. When users clicked on a link in the email and entered their account credentials, the perpetrators were able to see the credentials and take control of the accounts.” Read More

Mitre Disrupting Advanced Persistent Threats
Share This