14 June 2022
2021
UC San Diego Health Breach Tied to Phishing Attack
Becky Bracken
https://threatpost.com/uc-san-diego-health-breach/168250/
Excerpt:
“Authorities at the University of California San Diego Health reported a phishing attack led to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data.”
New Ransomware Gangs — Haron and BlackMatter — Emerge on Cybercrime Forums
Ravie Lakshmanan
https://thehackernews.com/2021/07/new-ransomware-gangs-haron-and.html
Excerpt:
“Two new ransomware-as-service (RaaS) programs have appeared on the threat radar this month, with one group professing to be a successor to DarkSide and REvil, the two infamous ransomware syndicates that went off the grid following major attacks on Colonial Pipeline and Kaseya over the past few months.”
#TECH: Addressing digital skills gap in technology sector
BOTS team
Excerpt:
“KUALA LUMPUR: Tata Consultancy Services (TCS), an IT services, consulting and business solutions organisation is expanding its jobs creation programme in the technology sector.”
British man arrested in connection with Twitter mega-hack that posted cryptocurrency scam from celebrity accounts
Graham Cluley
Excerpt:
“Police in Spain have arrested a British man in connection with what many consider the worst hack in Twitter’s history.”
Kaseya obtains decryption key for victims of massive ransomware attack
Tonya Riley
https://www.cyberscoop.com/kaseya-ransomware-russia-revil/
Excerpt:
“Roughly three weeks after Russia-based ransomware group REvil attacked Kaseya, the Florida-based IT firm has obtained a working decryption key to unlock encrypted files belonging to hundreds of victims, a spokesperson confirmed to CyberScoop on Thursday.”
Olympic Ticket Data Leaked, Says Japanese Government
https://www.ehackingnews.com/2021/07/olympic-ticket-data-leaked-says.html
Excerpt:
“Following a breach, user IDs and passwords for the Tokyo Olympic ticket gateway were released on a leak website, a government official told Kyodo News on Wednesday. The leak was "not huge," according to the source, but the IDs and passwords might provide someone access to a person's name, address, bank account information, and other personal information.”
We must prepare workers for tech-based future
Dr Hoe-Han Goh
https://www.nst.com.my/opinion/columnists/2021/07/710490/we-must-prepare-workers-tech-based-future
Excerpt:
“THE fourth industrial revolution is the culmination of information and communications technology and Internet-of-Things under the current big data-era of artificial intelligence (AI)-enabled precision and personalisation, with the convergence of physical, biological and digital technology.”
IoT malware attacks rose 700% during the pandemic
https://www.helpnetsecurity.com/2021/07/20/iot-malware-attacks-rose/
Excerpt:
“Zscaler released a study examining the state of IoT devices left on corporate networks during a time when businesses were forced to move to a remote working environment.”
Don’t Wanna Pay Ransom Gangs? Test Your Backups
Brian Krebs
https://krebsonsecurity.com/2021/07/dont-wanna-pay-ransom-gangs-test-your-backups/
Excerpt:
“Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective.”
U.S. Government sets up ransomware task force, offers $10 million reward for info
Zeljka Zorz
https://www.helpnetsecurity.com/2021/07/16/ransomware-task-force/
Excerpt:
“The U.S. Government has set up a cross-agency ransomware task force, a hub for ransomware resources, and is offering $10 million for information on state-sponsored cyber attackers.”
US offers $10 million reward in hunt for state-sponsored ransomware attackers
Graham Cluley
Excerpt:
“The United States Department of State is offering a reward of up to $10 million for information leading to the identification of anyone, working for a foreign government, who participates in a cybercriminal attack against American critical infrastructure.”
Arrests of members of Tetrade seed groups Grandoreiro and Melcoz
https://securelist.com/arrests-of-members-of-tetrade-seed-groups-grandoreiro-and-melcoz/103366/
Excerpt:
“Spain’s Ministry of the Interior has announced the arrest of 16 individuals connected to the Grandoreiro and Melcoz (also known as Mekotio) cybercrime groups. Both are originally from Brazil and form part of the Tetrade umbrella, operating for a few years now in Latin America and Western Europe.”
Health insurers facing growing risk of customer data theft
https://www.helpnetsecurity.com/2021/07/12/health-insurers-data-theft/
Excerpt:
“The U.S. health insurance industry is facing growing risks from cybersecurity threats due to the increasingly sophisticated techniques used by cybercriminals amid the expansion of remote healthcare delivery and growing digitization of insurance transactions, clinical records and billing.”
IT, healthcare and manufacturing top targets for cyberattacks
https://www.helpnetsecurity.com/2021/07/12/cyberattacks-top-targets/
Excerpt:
“Avanan announced the release of a report which analyzes today’s threat landscape, phishing vectors, and industry-based attacks, exposing healthcare and manufacturing as two of the top targets for cyberattacks in the first half of the year.”
Morgan Stanley reports data breach after vendor Accellion hack
Sergiu Gatlan
Excerpt:
“Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor.”
Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits
Pierluigi Paganini
https://securityaffairs.co/wordpress/119845/cyber-crime/hacker-zero-day.html
Excerpt:
“A threat actor that goes online with the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums with the intent to purchase zero-day Exploits from other forum members, researchers from threat intelligence firm Cyble.”
Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities
Ravie Lakshmanan
https://thehackernews.com/2021/07/interpol-arrests-hacker-in-morocco-who.html
Excerpt:
“Law enforcement authorities with the Interpol have apprehended a threat actor responsible for targeting thousands of unwitting victims over several years and staging malware attacks on telecom companies, major banks, and multinational corporations in France as part of a global phishing and credit card fraud scheme.”
Ransomware: This new free tool lets you test if your cybersecurity is strong enough to stop an attack
Danny Palmer
Excerpt:
“Organisations can test their network defences and evaluate if their cybersecurity procedures can protect them from a ransomware attack using a new self-assessment tool from the US Cybersecurity and Infrastructure Security Agency (CISA).”
Industrial facilities progressively at risk of data theft and ransomware attacks
https://www.helpnetsecurity.com/2021/07/01/industrial-facilities-ransomware/
Excerpt:
“Trend Micro released a new report highlighting the growing risk of downtime and sensitive data theft from ransomware attacks aimed at industrial facilities.”
Fintech and the evolving cybersecurity landscape
Andy Sen
https://www.fintechnews.org/fintech-and-the-evolving-cybersecurity-landscape/
Excerpt:
“As the digital universe keeps expanding with a rising number of transactions, there is a concomitant increase in cybercrimes. What’s more, many individuals and institutions are falling victim to such crimes at some point in time.”
The top five cloud security threats
Dave Mckay
https://www.fintechnews.org/the-top-five-cloud-security-threats/
Excerpt:
“Practically every business is running some kind of cloud network, meaning cloud security is vital. Here is our list of topics that you need to be in control of to stay safe.”