BACKGROUND: The US Dept. of Justice issued a news release: Ukrainian Arrested and Charged with Ransomware Attack on Kaseya – Justice Department Seizes $6.1 million Related to Alleged Ransomware Extortionists. Release excerpts: The Justice Department announced today recent actions taken against two foreign nationals charged with deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States. An indictment unsealed today charges Yaroslav Vasinskyi, 22, a Ukrainian national, with conducting ransomware attacks against multiple victims, including the July 2021 attack against Kaseya, a multi-national information technology software company. The department also announced today the seizure of $6.1…
ISBuzz Team
BACKGROUND: More bosses are using software to monitor remote workers and this morning, the BBC reported that electronic monitoring of home workers by companies is rising sharply, a survey suggests. The government is being urged to toughen the rules – and ban most webcam use.
BACKGROUND: Palo Alto Networks reported Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer. The report details malicious actors using previously patched techniques discussed in a Sept. 16th CISA Alert and tracks attacks beginning one day after the Alert was released and continuing into October. The attacks targeted critical sectors, including defense, healthcare, energy, technology, and education. Several of the tools used were of known Chinese origins.
BACKGROUND: Cybersecurity experts commented below on news that stock trading platform Robinhood has disclosed a data breach after their systems were hacked exposing personal information of approximately 7 million customers.
BACKGROUND: Today, the Ukrainian special service (SSU) revealed the identities of hackers behind the notorious ‘Armagedon’ group, which is responsible for more than 5,000 cyber attacks on state bodies and critical infrastructure in the Ukraine. More information is included in the SSU blog post here.
BACKGROUND: Following the news this morning that the US House is passing acts to help SMB’s with Cybersecurity, including a Training Act which will allow small business to be better assisted with their cybersecurity and cyber-strategy needs, cybersecurity expert reacted below.
BACKGROUND: F5’s new report “Continuous API Sprawl: Challenges and Opportunities in an API-Driven Economy” exposes security threats posed by the global proliferation of APIs. It cites sectors such as retail and financial services, and notes more generally that: “More than nine out of ten of enterprises experienced an API security incident in 2020. Every API thus becomes a point on the security perimeter that can be potentially compromised if not properly architected or protected.” “The number of APIs by 2030 will be in the 100s of millions, making it a significant scalability, manageability, and security challenge for our customers and…
BACKGROUND: CISA has issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities. The directive contains a public catalog of vulnerabilities known to be exploited in the wild and requires US federal agencies to patch affected systems within specific time frames. The lists include vulnerabilities from products such as Cisco, Google, Microsoft, Apple, Oracle, Adobe, Atlassian, IBM, and others. For vulnerabilities disclosed this year (CVE codes of CVE-2021-*****), the Directive requires US federal civilian agencies to apply patches by November 17, 2021. Older vulns must be patched by May 3, 2022. Experts with Gurucul, SecurityGate &…
BACKGROUND: The Times of Israel is reporting Black Shadow hackers leak medical records of 290,000 Israeli patients. The Iran-linked Black Shadow ransomware group released the medical records of the entire directory from Machon Mor medical institute, including information on treatments and appointments. This occurred the same day the group released the full database the LGTBQ dating website Atraf. Excerpts: The directory reportedly includes information on patients’ blood tests, treatments, appointments for gynecologists, CT scans, ultrasounds, colonoscopies, vaccinations for flights abroad, and more.The group uploaded the file to a channel on the Telegram messaging app after a ransom demand of $1…
BACKGROUND: Reuters is reporting that The US Commerce Dept. has put Israel’s NSO Group and Candiru on its trade blacklist on Wednesday, as a result of their sale of spyware to foreign governments that used the equipment to target government officials, journalists and others. Also added to the blacklist were Positive Technologies of Russia, and Computer Security Initiative Consultancy PTE LTD, from Singapore, who the Commerce Dept. said trafficked in cyber tools enabling unauthorized access to computer networks. An expert with SecurityGate offers perspective.