14 June 2022
2021
Clop Gang Partners Laundered $500 Million in Ransomware Payments
Ravie Lakshmanan
https://thehackernews.com/2021/06/clop-gang-members-laundered-500-million.html
Excerpt:
“The cybercrime ring that was apprehended last week in connection with Clop (aka Cl0p) ransomware attacks against dozens of companies in the last few months helped launder money totaling $500 million for several malicious actors through a plethora of illegal activities.”
BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models
Ravie Lakshmanan
https://thehackernews.com/2021/06/bios-disconnect-new-high-severity-flaws.html
Excerpt:
“Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device.”
FIN7 Supervisor Gets 7-Year Jail Term for Stealing Millions of Credit Cards
Ravie Lakshmanan
https://thehackernews.com/2021/06/fin7-supervisor-gets-7-year-jail-term.html
Excerpt:
“A Ukrainian national and a mid-level supervisor of the hacking group known as FIN7 has been sentenced to seven years in prison for his role as a "pen tester" and perpetuating a criminal scheme that enabled the gang to compromise millions of customers debit and credit cards.”
SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers
Ravie Lakshmanan
https://thehackernews.com/2021/06/solarwinds-hackers-breach-microsoft.html
Excerpt:
“In yet another sign that the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away, Microsoft said the threat actor behind the malicious cyber activities used password spraying and brute-force attacks in an attempt to guess passwords and gain access to its customer accounts.”
Cybersecurity threats: 'Malaysia must bolster systems, websites'
Dhesegaan Bala Krishnan
Excerpt:
“KUALA LUMPUR: Malaysia should gear itself towards cyber resilience as the threat of a global cybersecurity breach continues to pose a major risk.”
#TECH: Kaspersky and Skill Cup launch free mobile course to improve cybersecurity competencies
BOTS team
Excerpt:
“A FREE training course, based on the Skill Cup mobile app and developed with the Kaspersky Security Awareness platform team, has been launched to help parents and their kids better navigate cybersecurity and digital ethics.”
Biden drops plan to ban Chinese-owned apps TikTok, WeChat
AFP
Excerpt:
“WASHINGTON: President Joe Biden on Wednesday revoked executive orders from his predecessor Donald Trump seeking to ban Chinese-owned mobile apps TikTok and WeChat over national security concerns, the White House said.”
Three Things Your Company Should Be Doing To Avoid A Costly Ransomware Attack
Richard McLain
Excerpt:
“The recent cyberattack on the nation’s largest fuel pipeline showed how effortlessly and efficiently cybercriminals can breach security firewalls at major corporations.”
#TECH: Minimising cybersecurity threats
Nur Zarina Othman
https://www.nst.com.my/lifestyle/bots/2021/06/701457/tech-minimising-cybersecurity-threats
Excerpt:
“IT has been more than a year since we first started to work from home. But is it safe to be working from home?”
Ransomware: What board members should know and what they should be asking their technical experts
Hannah H
https://www.ncsc.gov.uk/blog-post/what-board-members-should-know-about-ransomware
Excerpt:
“The impact of a ransomware attack on an organisation can be devastating. So what should board members be doing to ensure that their organisation is prepared for such a ransomware attack, and in the best possible place to respond quickly?”
How to hack 2FA: 5 attack methods explained
David Strom
https://www.csoonline.com/article/3620223/how-to-hack-2fa.html
Excerpt:
“Multi-factor authentication (MFA) continues to embody both the best and worst of business IT security practice. As Roger Grimes wrote in this article about two-factor hacks three years ago, when MFA is done well it can be effective, but when IT managers take shortcuts it can be a disaster.”
6 minimum security practices to implement before working on best practices
Susan Bradley
Excerpt:
“We all want to abide by security best practices, but who decides what is best? If something is best for one firm, it is best for all? Too often we do not take the time to analyze what we are protecting to ensure we are protecting it as well as we can. There are, however, some basic techniques that can be deployed in nearly all organizations. I’m calling these recommendations “minimum practices.” Here are six to consider.”
Are businesses taking the threat of cybercrime seriously?
David Simmons
https://www.fintechnews.org/are-business-taking-the-threat-of-cybercrime-seriously/
Excerpt:
“The news that Australian National University suffered from a massive hack, seeing 19 years of data stolen made headlines earlier this week.”
5 solutions for Fintech companies to stay cyber aware in 2021
Neville Louzado
Excerpt:
“Cybersecurity continues to be a top priority across industries – as financial institutions are responsible for storing and handling sensitive data from millions of users, security is of paramount importance. However, building a highly secured environment is not an easy task. As security risks and challenges continue to rise in complexity, the FinTech sector needs to find new security solutions to protect their customers’ information and secure business continuity.”
Top five insights from the 2021 CyberEdge Cyberthreat Defense Report
Bruce Lynch
https://www.imperva.com/blog/top-five-insights-from-the-2021-cyberedge-cyberthreat-defense-report/
Excerpt:
“For the last eight years, the Cyberthreat Defense Report has been helping enterprise security professionals gauge their internal practices and security investments against their peers across multiple countries and industries. The report is based upon data from 1,200 qualified IT security professionals from organizations with more than 500 employees, representing 19 industries in 17 countries across the globe.”
European cloud computing market to surpass $140 billion by 2028
https://www.helpnetsecurity.com/2021/06/10/european-cloud-computing-market/
Excerpt:
“Global Market Insights added a report on the European cloud computing market which estimates the market valuation will cross $140 billion by 2028 due to the government support for promoting cloud adoption throughout Europe.”
DoJ seized $2.3 million paid to the Colonial Pipeline ransomware extortionists
https://www.helpnetsecurity.com/2021/06/08/colonial-pipeline-ransomware-extortionists/
Excerpt:
“The Department of Justice has seized 63.7 bitcoins currently valued at approximately $2.3 million. These funds allegedly represent the proceeds of a May 8, ransom payment to individuals in a group known as DarkSide, which had targeted Colonial Pipeline, resulting in critical infrastructure being taken out of operation.”
Fujifilm refuses to pay ransomware demand, restores network from backups
Robert Scammell
https://www.verdict.co.uk/fujifilm-ransom-demand/
Excerpt:
“Japanese multinational conglomerate Fujifilm said it has refused to pay a ransom demand to the cyber gang that attacked its network in Japan last week and is instead relying on backups to restore operations.”
Nigerian Arrested in US for Hacking Payroll Services Company
Ionut Arghire
https://www.securityweek.com/nigerian-arrested-us-hacking-payroll-services-company
Excerpt:
“A Nigerian national was arrested recently in the United States on charges related to hacking into user accounts at a payroll processing company, to steal payroll deposits.”
NY transit officials confirm cyberattack; say harm limited
https://techxplore.com/news/2021-06-ny-transit-cyberattack-limited.html
Excerpt:
“Hackers infiltrated computer systems for the Metropolitan Transportation Authority in New York, setting off a scramble to counter a potentially crippling cyberattack against North America's largest transit system, MTA officials confirmed on Wednesday.”
Sensitive medical, financial data exposed in extortion of Massachusetts hospital
Sean Lyngaas
https://www.cyberscoop.com/hospital-ransomare-payment-sturdy-memorial/
Excerpt:
“A hospital in Massachusetts quietly paid off a ransomware gang after a February hack that exposed patients’ sensitive medical and financial data, the hospital said in a May 28 statement.”
FUJIFILM shuts down network after suspected ransomware attack
Lawrence Abrams
Excerpt:
“FujiFilm is investigating a ransomware attack and has shut down portions of its network to prevent the attack's spread.”
Banking fraud rises by more than 150 percent
Ian Barker
https://betanews.com/2021/06/02/banking-fraud-up-150-percent/
Excerpt:
“A new report from financial crime management platform Feedzai shows that all banking fraud -- combining internet, telephone, and branch attacks -- grew by 159 percent in the first quarter of 2021 compared to the end of 2020.”
The World Will Store 200 Zettabytes Of Data By 2025
Steve Morgan
https://cybersecurityventures.com/the-world-will-store-200-zettabytes-of-data-by-2025/
Excerpt:
“The 2020 Data Attack Surface Report (download PDF) predicts the total amount of data that the world will need to protect over the next 5 years.”
A New Spyware is Targeting Telegram and Psiphon VPN Users in Iran
Ravie Lakshmanan
https://thehackernews.com/2021/06/a-new-spyware-is-targeting-telegram-and.html
Excerpt:
“Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan (RAT) capable of stealing sensitive information from targets' devices since at least 2015.”