BACKGROUND: The News broke over the weekend that The Federal Bureau of Investigation (FBI) email servers were hacked to distribute spam email impersonating FBI warnings that the recipients’ network was breached and data was stolen. The emails pretended to warn about a “sophisticated chain attack” from an advanced threat actor known, who they identify as Vinny Troia. Troia is the head of security research of the dark web intelligence companies NightLion and Shadowbyte.
ISBuzz Team
BACKGROUND: Today the NCSC released its annual Cyber Threat Report which highlights an increase in denial of service incidents against New Zealand’s nationally significant organisations. The report says: · In the 2020/21 year, 33% of malicious incidents fell into the post-compromise category. A large proportion of these were denial of service or ransomware incidents. · These actors aim to apply pressure and extort payments from high-value, high-reward victims by deliberately disrupting critical services. The findings of the report reflects the trends cybersecurity company Imperva has witnessed in NZ. Reinhart Hansen, Asia Pacific and Japan CTO for Imperva provides further context…
BACKGROUND: The Australian Government has released the Critical Technology Supply Chain Principles this week and below is the reactive commentary from information security experts.
BACKGROUND: AT&T Alien Labs™ researchers discover new malware “targeting millions of routers and IoT devices with more than 30 exploits.” The malware, dubbed BotenaGo, contains 30+ exploits designed to infect millions of routers and IOT devices. BotenaGo was written in Golang (aka Go), an open-source language designed by Google in 2007. As of publication, BotenaGo currently has low antivirus (AV) detection rate with only 6/62 known AVs seen in VirusTotal flagging the malware as malicious. Targeted devices include a wide variety of routers, modems, and NAS devices from multiple vender lines, including: DrayTek, D-Link, NetGear, GPON, Linksys, XiongMai, Comtrend, Guangzhou,…
BACKGROUND: This may be a good comment opp as the holiday shopping season kicks off. Although Regulation E* (part of the federal Electronic Fund Transfer Act) requires banks to refund consumers for fraudulent transactions on their accounts, banks are stating that Zelle, as a peer-to-peer app, does not have the same protection. The Consumer Financial Protection Bureau put out a directive in June, saying that Regulation E only applies “if a third party fraudulently induces a consumer into sharing account access information.” So the working assumption is that if a consumer willingly sends money to a faked/spoofed account, they’re out…
BACKGROUND: The Supreme Court handed down a judgment in what has been described as one of the most significant cases in recent legal history: Lloyd v Google. Richard Lloyd sued Google for collecting web browsing data from iPhone users between 2011 and 2012, despite the American technology giant claiming at the time that it was prevented from doing so by the Safari browser’s default privacy settings. He brought the claim not just as an individual affected by Google’s actions, but as someone who is representing over four million people in a ground-breaking representative action. Mr Lloyd winning the case means…
BACKGROUND: According to Mimecast’s report on ransomware readiness, 80% of businesses around the world have been attacked by ransomware, and executives in this research reported experiencing an average of about 3,000 ransomware attacks over the last two years – or an average of four attacks per day. Of that 80%, 39% paid a ransom, with US victims paying an average of $6,312,190. Victims in Canada paid an average of $5,347,508 while those in the UK paid nearly $850,000.
BACKGROUND: Europol has announced the arrest of several suspected REvil ransomware group suspects, while almost simultaneously the US Justice Department announced the indictment and seizure of millions of dollars from the individual suspected of launching the Kaseya ransomware attack earlier this year.
BACKGROUND: Researchers at Forescout have today disclosed a new set of critical Nucleus Net vulnerabilities, dubbed NUCLEUS:13. The vulnerabilities, which may be present in millions of devices that deploy the code owned by Siemens, could cause remote code execution, denial of service attacks and data leak. The Nucleus TCP / IP stack, originally released in 1993, is still widely used in critical safety devices operated by hospitals and the healthcare industry, including anaesthesia machines, patient monitors, building automation systems, lighting controls and ventilation. If exploited, bad actors can use them to take target devices offline or assume control of healthcare operations.