This posting is here to collect cyber security news in June 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in June 2021.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
341 Comments
Tomi Engdahl says:
Preventing financial crime and protecting consumers are key drivers of forthcoming regulation
American And Swedish Authorities Signal Stricter Crypto Oversight As U.K. Banks Restrict Transfers To Digital Currency Exchanges
https://www.forbes.com/sites/roberthart/2021/06/01/american-and-swedish-authorities-signal-stricter-crypto-oversight-as-uk-banks-restrict-transfers-to-digital-currency-exchanges/
Financial regulators in Sweden and the U.S. both hinted at impending crackdowns on largely unregulated cryptocurrency markets over Memorial Day weekend, noting the absence of a consistent framework for the new technology, the specter of financial crime and the risks to consumers posed by crypto exchange platforms, which a number of U.K. banks reportedly blocked customers from transferring money to.
Michael Hsu, the new acting comptroller of the currency, told the Financial Times he wanted U.S. agencies to coordinate and set a “regulatory perimeter” for cryptocurrencies and take a more active role regulating the market, something he said there was appetite for.
Tomi Engdahl says:
The impacts of the cyberattack on the world’s largest meat processing company are already being felt across the U.S.
Suspected Russian Cyberattack Wipes Out One-Fifth Of U.S. Beef Production Capacity: Report
https://www.forbes.com/sites/jemimamcevoy/2021/06/01/suspected-russian-cyberattack-wipes-out-one-fifth-of-us-beef-production-capacity-report/
A cyber attack of the world’s largest meat processing company, JBS, that the White House said Tuesday likely originated from Russia has wiped out one-fifth of the U.S.’s beef production capacity, according to a new report from Bloomberg.
Bloomberg, based on information from labor unions and employees, calculated five of JBS’s biggest beef plants in the U.S. halted processing after the weekend ransomware attack.
The crippling of these plants—which altogether handle over 22,000 cattle a day—means the U.S. has lost about one-fifth of its beef production capacity, the news outlet tallied, as JBS accounts for roughly a quarter of the country’s beef processing.
Though the full impact of the attack globally is still being tallied, slaughter operations in Australia were also shut down on Monday and one of Canada’s largest beef plants has also been shuttered since the start of this week.
Jean-Pierre didn’t detail the ransom demand, but said the U.S. has been in contact with Russia’s government about the attack.
JBS announced the attack in a press release Monday, explaining the company’s IT systems in both North America and Australia had been targeted. “The company took immediate action, suspending all affected systems,” the statement said, noting “backup servers were not affected.” The attack has still had an impact on the global supply chain as JBS shut down its Australian operations on Monday and has stopped livestock slaughter in several U.S. states, according to Reuters.
This attack comes a month after a separate ransomware attack took offline the Colonial Pipeline, the U.S.’s largest fuel pipeline. That cyber attack was also believed to have originated in Russia from a since-shuttered group of cyber criminals known as “DarkSide.”
The two cyber attacks increase the pressure on President Biden to address the issue during his upcoming meeting with Russian President Vladimir Putin. Biden has already said he plans to press Putin on human rights when the two are slated to convene at a summit in Geneva, Switzerland on June 16.
Tomi Engdahl says:
U.S. says ransomware attack on meatpacker JBS likely from Russia
https://www.reuters.com/world/us/some-us-meat-plants-stop-operating-after-jbs-cyber-attack-2021-06-01/
The White House said on Tuesday that Brazil’s JBS SA (JBSS3.SA) has informed the U.S. government that a ransomware attack against the company that has disrupted meat production in North America and Australia originated from a criminal organization likely based in Russia.
Tomi Engdahl says:
Hackers hit JBS, the world’s largest meat processor, in ransomware attack
The breach is the latest targeting a crucial supply chain and comes three weeks after the Colonial Pipeline hack disrupted fuel operations in the U.S.
https://www.washingtonpost.com/business/2021/06/01/jbs-cyberattack-meat-supply-chain/
Tomi Engdahl says:
One-Fifth of U.S. Beef Capacity Wiped Out by JBS Cyberattack
https://www.bloomberg.com/news/articles/2021-05-31/meat-is-latest-cyber-victim-as-hackers-hit-top-supplier-jbs
Tomi Engdahl says:
Ruotsi ja Norja vaativat Tanskalta selvitystä vakoiluväitteistä
https://yle.fi/uutiset/3-11955732
Mediatietojen mukaan Tanskan puolustusministeri olisi tiennyt jo viime elokuussa, että Yhdysvaltain Kansallisen turvallisuuden virasto NSA on vakoillut Tanskan kautta useiden liittolaismaiden poliitikkoja ja virkamiehiä. Ruotsin ja Norjan puolustusministerit vaativat Tanskalta selvitystä mediatiedoista, joiden mukaan Yhdysvallat olisi vakoillut Tanskan kautta niiden poliitikkoja ja virkamiehiä, kertoo muun muassa Tanskan yleisradioyhtiö DR.
Tomi Engdahl says:
US seizes domains used by APT29 in recent USAID phishing attacks https://www.bleepingcomputer.com/news/security/us-seizes-domains-used-by-apt29-in-recent-usaid-phishing-attacks/
The US Department of Justice has seized two Internet domains used in recent phishing attacks impersonating the U.S. Agency for International Development (USAID) to distribute malware and gain access to internal networks.
Tomi Engdahl says:
World’s biggest meat supplier, JBS, suffers cyber attack https://grahamcluley.com/worlds-biggest-meat-supplier-jbs-suffers-cyber-attack/
The world’s largest meat supplier, JBS, says that it has suffered a cyber attack against its IT systems in North America and Australia impacting its ability to “process” thousands of cattle, sheep, and pigs. The security incident, first spotted on Sunday, has not been officially confirmed to a be a ransomware attack but I think anyone hearing the news would not be surprised if a ransomware gang was to blame.
JBS ransomware attack likely came from a Russian group, White House says https://therecord.media/jbs-ransomware-attack-likely-came-from-a-russian-group-white-house-says/
A cyberattack that shut down some operations at JBS, a major meat processor with plants across Australia and the Americas, is believed to be a ransomware incident originating from a criminal organization based in Russia, the White House said Tuesday. JBS first disclosed details about the attack on Monday, calling it “an organized cybersecurity attack” that affected some of the servers supporting its IT systems in North America and Australia. According to press reports, White House spokeswoman Karine Jean-Pierre told reporters on Air Force One that the Brazil-based meatpacker notified the Biden administration Sunday that it was a ransomware attack. “The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harber ransomware criminals, ”
Jean-Pierre said, adding that the FBI is investigating the incident.
Tomi Engdahl says:
Critical WordPress plugin zero-day under active exploitation https://www.bleepingcomputer.com/news/security/critical-wordpress-plugin-zero-day-under-active-exploitation/
Threat actors are scanning for sites running the Fancy Product Designer plugin to exploit a zero-day bug allowing them to upload malware. Fancy Product Designer is a visual product configurator plugin for WordPress, WooCommerce, and Shopify, and it allows customers to customize products using their own graphics and content.
The security flaw is a critical severity remote code execution (RCE) vulnerability discovered by Wordfence security analyst Charles Sweethill on Monday.
Fancy Product Designer is a visual product configurator plugin for WordPress, WooCommerce, and Shopify, and it allows customers to customize products using their own graphics and content.
According to sales statistics for the plugin, Fancy Product Designer has been sold and installed on more than 17,000 websites.
Attackers who successfully exploit the Fancy Product Designer bug can bypass built-in checks blocking malicious files uploading to deploy executable PHP files on sites where the plugin is installed.
“Due to this vulnerability being actively attacked, we are publicly disclosing with minimal details even though it has not yet been patched in order to alert the community to take precautions to keep their sites protected,” Gall said.
Critical 0-day in Fancy Product Designer Under Active Attack
https://www.wordfence.com/blog/2021/06/critical-0-day-in-fancy-product-designer-under-active-attack/
Tomi Engdahl says:
Meat Producer JBS Says Expects Most Plants Working Wednesday
https://www.securityweek.com/meat-producer-jbs-says-expects-most-plants-working-wednesday
A ransomware attack on the world’s largest meat processing company disrupted production around the world just weeks after a similar incident shut down a U.S. oil pipeline.
Brazil’s JBS SA, however, said late Tuesday that it had made “significant progress” in dealing with the cyberattack and expected the “vast majority” of its plants to be operating on Wednesday.
“Our systems are coming back online and we are not sparing any resources to fight this threat,” Andre Nogueira, the CEO of JBS USA said in a statement.
Tomi Engdahl says:
NSA spied on European politicians through Danish telecommunications hub
https://therecord.media/nsa-spied-on-european-politicians-through-danish-telecommunications-hub/
Denmark’s foreign secret service allowed the US National Security Agency to tap into a crucial internet and telecommunications hub in Denmark and spy on the communications of European politicians, a joint investigation by some of Europe’s biggest news agencies revealed on Sunday.
The covert spying operation, called Operation Dunhammer, took place between 2012 and 2014, based on a secret partnership signed by the two agencies.
Tomi Engdahl says:
Report: Accellion Failed to Notify Customers of FTA Zero-Day
https://www.securityweek.com/report-accellion-failed-notify-customers-fta-zero-day
Accellion failed to notify customers of a zero-day vulnerability in its file transfer application (FTA) and related cyber-attacks targeting the security flaw, according to a new report from professional services firm KPMG.
FTA is a large file transfer service that was retired at the end of April 2021, after being in use for roughly 20 years. In mid-December, Accellion identified a critical vulnerability in the service and later discovered in-the-wild hacking attempts targeting the flaw.
At the time of attack, FTA still had roughly 50 customers, and some already confirmed impact from the incident, including The Reserve Bank of New Zealand, the U.S.-based law firm Jones Day, the Office of the Washington State Auditor (SAO), and security and compliance solutions provider Qualys.
While Accellion did issue patches for the targeted security bugs, a problem with its email system prevented it from notifying impacted customers of the attacks in a timely manner, explains KPMG, which was engaged by the Reserve Bank of New Zealand – Te Pūtea Matua – to review the bank’s response to the breach.
Tomi Engdahl says:
Poisoned Installers Found in SolarWinds Hackers Toolkit
https://www.securityweek.com/poisoned-installers-found-solarwinds-hackers-toolkit
The ongoing multi-vendor investigations into the SolarWinds mega-hack took another twist this week with the discovery of new malware artifacts that could be used in future supply chain attacks.
According to a new report from anti-malware firm SentinelOne, the latest wave of attacks being attributed to APT29/Nobelium threat actor includes a custom downloader that is part of a “poisoned update installer” for electronic keys used by the Ukrainian government.
SentinelOne principal threat researcher Juan Andrés Guerrero-Saade documented the latest finding in a blog post that advances previous investigations from Microsoft and Volexity. “At this time, the means of distribution [for the poisoned update installer] are unknown. It’s possible that these update archives are being used as part of a regionally-specific supply chain attack,” Guerrero-Saade said.
Guerrero-Saade said the latest iteration of malware activity linked to Nobelium uses a convoluted multi-stage infection chain that runs five to six layers deep. This includes the use of ‘DLL_stageless’ downloaders, called NativeZone, that serves as booby-trapped update installer for a Ukrainian cryptographic smartkey used in government operations.
NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks
https://labs.sentinelone.com/noblebaron-new-poisoned-installers-could-be-used-in-supply-chain-attacks/
Tomi Engdahl says:
CNBC:
JBS, the world’s top meatpacker, is hit by a ransomware attack, leading it to pause its Australian operations, livestock slaughter in many US states, and more — – The attack caused JBS’s Australian operations to shut down on Monday. The company, the world’s largest meatpacker, said it was working to resolve the incident.
U.S. says ransomware attack on meatpacker JBS likely from Russia; cattle slaughter resuming
https://www.cnbc.com/2021/06/01/big-north-american-meat-plants-halt-operations-after-jbs-cyberattack.html
JBS, the world’s largest meatpacker, said on Tuesday night it had made “significant progress in resolving the cyberattack.”
The “vast majority” of the company’s beef, pork, poultry and prepared foods plants will be operational on Wednesday, according to a statement, easing concerns over rising food prices.
JBS halted cattle slaughter at all its U.S. plants on Tuesday, according to union officials. On Monday, the attack caused Australian operations to shut down.
JBS, the world’s largest meatpacker, said on Tuesday night it had made “significant progress in resolving the cyberattack.” The “vast majority” of the company’s beef, pork, poultry and prepared foods plants will be operational on Wednesday, according to a statement, easing concerns over rising food prices.
The cyberattack followed one last month by a group with ties to Russia on Colonial Pipeline, the largest fuel pipeline in the United States, which crippled fuel delivery for several days in the U.S. Southeast.
JBS halted cattle slaughter at all its U.S. plants on Tuesday, according to union officials. On Monday, the attack caused Australian operations to shut down
“Our systems are coming back online and we are not sparing any resources to fight this threat,” said Andre Nogueira, chief executive of JBS USA.
Ongoing shutdowns of JBS plants would threaten to raise meat prices further for American consumers during summer grilling season and to disrupt meat exports at a time of strong demand from China.
“The supply chains, logistics and transportation that keep our society moving are especially vulnerable to ransomware, where attacks on choke points can have outsized effects and encourage hasty payments,” said threat researcher John Hultquist with security company FireEye.
The disruption quickly had an impact on Tuesday, industry analysts said. U.S. meatpackers slaughtered 22% fewer cattle than a week earlier and 18% than a year earlier, according to estimates from the U.S. Department of Agriculture. Pork processing was also down.
Prices for choice and select cuts of U.S. beef shipped to wholesale buyers in large boxes each jumped more than 1%, the USDA said.
The USDA contacted several major meat processors to encourage them to keep supplies moving and slaughter additional livestock when possible, according to a statement. The agency also urged meatpackers to make their IT and supply-chain infrastructure more durable.
Federal agencies including the USDA and Department of Homeland Security are closely monitoring meat and poultry supplies, a White House official said. The agencies are also working with agricultural processors to ensure no price manipulation occurs as a result of the cyberattack, the official said.
Affected systems suspended
JBS said it suspended all affected systems, notified authorities and that backup servers were not affected. A representative in Sao Paulo said there was no impact on Brazilian operations.
The company said Sunday’s cyberattack affected its North American and Australian IT systems and “resolution of the incident will take time, which may delay certain transactions with customers and suppliers.”
U.S. beef and pork prices are already rising as China increases imports, animal feed costs rise and slaughterhouses face a dearth of workers. Any further impact on consumers will depend on how long JBS plants remain closed, analysts said.
JBS Beef in Cactus, Texas, said on Facebook that there would be no production for fabrication, slaughtering or rendering on one shift on Wednesday. Another shift will have regular start times for employees.
A pork plant in Ottumwa, Iowa, will have no “harvest production” on its first or second shifts on Wednesday
The United States Cattlemen’s Association, a beef industry group, said on Twitter that it had reports of JBS redirecting livestock haulers who arrived at plants with animals ready for slaughter.
Last year, cattle and hogs backed up on U.S. farms and some animals were euthanized when meat plants were shut during coronavirus outbreaks among workers.
Over the past few years, ransomware has evolved into a pressing national security issue. A number of gangs, many of them Russian speakers, develop the software that encrypts files and then demand payment in cryptocurrency for keys that allow the owners to decipher and use them again.
Anubhab says:
Thank you for the tech news updates. This Ransomware is getting harmful, every department should push some updates to fight against this.
Tomi Engdahl says:
It Is Surprisingly Easy To Find Top Secret US Nuclear Weapons Intel Online
https://www.iflscience.com/technology/it-is-surprisingly-easy-to-find-top-secret-us-nuclear-weapons-intel-online/
many soldiers stationed on US military bases in Europe have turned to flashcard learning apps to help them memorize these protocols – and, as a new investigation from Bellingcat has revealed, how they have been accidentally leaking highly sensitive information regarding the US’s nuclear arsenal online for nearly a decade.
Flashcard apps work like, well, flashcards: you have a question or prompt on one side of the virtual “card”, and the answer on the other. They’re a useful tool for exam revision or learning a language. The problem (or at least the problem if you’re trying to study something highly classified) is that any flashcard uploaded onto these apps becomes available publicly. In fact, as Bellingcat explains, discovering the locations of US nuclear weaponry was as easy as Googling the names of likely air bases together with words like “vault”, “PAS” [protective aircraft shelter], or “WS3” [Weapons Storage and Security System].
Now, the locations of these nuclear weapons being leaked isn’t such a big deal – it ought to be, but they were already accidentally leaked two years ago. But the soldiers using these apps revealed much more than just which airbases store nukes somewhere on site: various flashcards found by Bellingcat include details such as precisely which vaults contain nuclear weapons, secret code words that signal when a guard is in trouble, and even things like how often the vaults are patrolled and the number and positions of security cameras around the base. Some even contained detailed descriptions of the badges needed to access restricted areas.
The findings show a “flagrant breach” in US nuclear security practices
US Soldiers Expose Nuclear Weapons Secrets Via Flashcard Apps
https://www.bellingcat.com/news/2021/05/28/us-soldiers-expose-nuclear-weapons-secrets-via-flashcard-apps/
Simply searching for “PAS”, “WS3” and “vault” on Google together with the names of air bases in Europe quickly led to free flashcard platforms such as Chegg, Quizlet, and Cram.
One example is Volkel Air Base in the Netherlands. Although the presence of US nuclear weapons at Volkel has been detailed in leaked documents and statements by retired officials, the Dutch government still considers it a secret.
Tomi Engdahl says:
Amazon US customers have one week to opt out of mass wireless sharing
Critics raise transparency fears over plan to turn all smart home devices into ‘mesh network’
https://www.theguardian.com/technology/2021/jun/01/amazon-us-customers-given-one-week-to-opt-out-of-mass-wireless-sharing
Tomi Engdahl says:
The billion-dollar company has been forced to shut down slaughterhouses and plants across parts of its beefy empire.
Hackers Attack World’s Biggest Meat Supplier, Forcing Plants To Temporarily Shut Down
https://www.iflscience.com/technology/hackers-attack-worlds-biggest-meat-supplier-forcing-plants-to-temporarily-shut-down/
The world’s largest meat processing company has been hammered by a serious cyber-attack, forcing the billion-dollar company to temporarily shut down slaughterhouses and plants across parts of its beefy empire.
The attack forced many of the corporation’s abattoirs and meat-packing plants to close their doors, halting work for around 7,000 abattoir workers in Australia, as well as 3,000 workers in Canada and the US, the Financial Times reports. Operations in Mexico and the UK were said to have been unphased and business continued as usual. On Tuesday, three days after the initial attack, JBS indicated some of its plants remained shut, but “several” of their food plants had opened and its Canada beef facility resumed production.
The US White House revealed information about the cyberattack at a media briefing on Tuesday, explaining how they believe the hackers were “from a criminal organization likely based in Russia.”
JBS is the world’s largest meat supplier, supplying beef, chicken, and pork to a host of supermarkets and fast-food restaurants across dozens of countries. The knock-on effect from the disruption hasn’t yet emerged, but some parts of the world might see some supply problems given the breadth of JBS’s influence.
“Supermarkets and other large end-users like the McDonald’s burger pattie supply network will be some of the most immediately impacted customers, due to their need for consistent supply, if the current stoppage lasts for any significant length of time,” trade group Beef Central said.
The incident is just the latest in a long line of cyber-attacks that have hit vital infrastructure and services in the US. On May 7, 2021, a ransomware cyberattack was launched against the Colonial Pipeline, an oil pipeline system that carries gas and jet fuel across the Southeastern United States.
In an especially sensational cyber-attack, hackers remotely gained access to a Florida water treatment plant in February 2021 and attempted to increase the amount of sodium hydroxide in the water to “potentially dangerous” levels. Fortunately, no one was harmed
Tomi Engdahl says:
PayPal Shuts Down Long-Time Tor Supporter with No Recourse
https://www.eff.org/deeplinks/2021/06/paypal-shuts-down-long-time-tor-supporter-no-recourse
Larry Brandt, a long-time supporter of internet freedom, used his nearly 20-year-old PayPal account to put his money where his mouth is. His primary use of the payment system was to fund servers to run Tor nodes, routing internet traffic in order to safeguard privacy and avoid country-level censorship. Now Brandt’s PayPal account has been shut down, leaving many questions unanswered and showing how financial censorship can hurt the cause of internet freedom around the world.
Tomi Engdahl says:
FireEye to sell products unit to Symphony-led group for $1.2B
https://techcrunch.com/2021/06/02/fireeye-to-sell-products-unit-for-1-2b-to-symphony-led-group/?tpcc=ECFB2021
Cybersecurity giant FireEye has agreed to sell its products business to a consortium led by private equity firm Symphony Technology Group for $1.2 billion.
The all-cash deal will split FireEye, the maker of network and email cybersecurity products, from its digital forensics and incident response arm Mandiant.
FireEye’s chief executive Kevin Mandia said the deal unlocks its “high-growth” Mandiant business, allowing it to stand alone as a separate business running incident response and security testing.
Just few months ago:
McAfee sells enterprise biz to Symphony Technology Group for $4B
https://techcrunch.com/2021/03/08/mcafee-sells-enterprise-biz-to-symphony-technology-group-for-4b/
Tomi Engdahl says:
And one year ago:
Dell sells RSA to consortium led by Symphony Technology Group for over $2B
https://techcrunch.com/2020/02/18/dell-sells-rsa-to-consortium-led-by-symphony-technology-group-for-over-2b/
Tomi Engdahl says:
Paul R. La Monica / CNN:
NortonLifeLock says it’s adding an Ethereum mining function to Norton 360, its paid antivirus software, initially to a small group of customers — New York (CNN Business)Mining for bitcoin and other cryptocurrencies is typically done by companies that own massive server farms operating outside of the United States.
Cybersecurity firm NortonLifeLock will let customers mine crypto
https://edition.cnn.com/2021/06/02/investing/nortonlifelock-crypto-mining-ethereum/
Mining for bitcoin and other cryptocurrencies is typically done by companies that own massive server farms operating outside of the United States. But cybersecurity firm NortonLifeLock is hoping to bring mining to your desktop.
NortonLIfeLock (NLOK) announced Wednesday morning that it is launching a new feature for a select group of early customers of its Norton 360 platform that will allow them to mine for ethereum, the world’s second most valuable cryptocurency, on their personal computers.
“As the crypto economy continues to become a more important part of our customers’ lives, we want to empower them to mine cryptocurrency with Norton, a brand they trust,” said Vincent Pilette, CEO of NortonLifeLock, in a statement.
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
FireEye says it is selling its products business to PE firm Symphony Technology Group for $1.2B in cash; deal splits FireEye from digital forensics arm Mandiant — Cybersecurity giant FireEye has agreed to sell its products business to a consortium led by private equity firm Symphony Technology Group for $1.2 billion.
https://techcrunch.com/2021/06/02/fireeye-to-sell-products-unit-for-1-2b-to-symphony-led-group/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cudGVjaG1lbWUuY29tLw&guce_referrer_sig=AQAAAMTVxS-2JiGs7Fk484IB5T-3M7BEE-0Kp_btoM3-9Wo8fYMz0_uGxNOY8xQkpLr9py736_3bfvzUoMOxRwx98tnKgaDLqIHJxEA2s4i2qlG-DyG5j3h2IKrNTRPhJyP_A1QW29Ka9_5SIkkZdjqohywfrtF-VezVnbtEytUF_jXn
Tomi Engdahl says:
Adam Janofsky / The Record:
The FBI says ransomware group REvil is behind the ongoing attack targeting meatpacking company JBS — The US Federal Bureau of Investigation on Wednesday confirmed reports that the well-known cybercriminal group REvil (also known as Sodinokibi) is behind the ongoing ransomware attack targeting JBS …
FBI: JBS ransomware attack was carried out by REvil
https://therecord.media/fbi-jbs-ransomware-attack-was-carried-out-by-revil/
The US Federal Bureau of Investigation on Wednesday confirmed reports that the well-known cybercriminal group REvil (also known as Sodinokibi) is behind the ongoing ransomware attack targeting JBS, the world’s largest meatpacking company.
“We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice,” the FBI said in a statement late in the day. “We continue to focus our efforts on imposing risk and consequences and holding the responsible cyber actors accountable.”
The group has attracted attention both inside and outside of the cybersecurity ecosystem in recent years for their audacious attacks that push the boundaries of the ransomware-as-a-service industry. Among other incidents, the group attempted to extort then-President Donald Trump last year, and has released or threatened to sell documents related to celebrities including Lady Gaga.
Tomi Engdahl says:
Ransomware attack disrupts Massachusetts ferries https://therecord.media/ransomware-attack-disrupts-massachusetts-ferries/
A ransomware attack has caused delays and disruptions at Steamship Authority, the largest ferry service in Massachusetts, and has disrupted ferry transports between mainland US and the Martha’s Vineyard and Nantucket islands. The attack took place earlier today, according to a series of tweets posted on the company’s official Twitter account.
FUJIFILM shuts down network after suspected ransomware attack https://www.bleepingcomputer.com/news/security/fujifilm-shuts-down-network-after-suspected-ransomware-attack/
FujiFilm is investigating a ransomware attack and has shut down portions of its network to prevent the attack’s spread. “Based on our unique threat prevention platform Andariel, FUJIFILM Corporate appeared to be infected with Qbot malware based on May 15, 2021, ”
Advanced Intel CEO Vitali Kremez told BleepingComputer. “Since the underground ransomware turmoil, the Qbot malware group currently works with the REvil ransomware group.”
Tomi Engdahl says:
Zerodium acquiring zero-days in Pidgin, an IM client popular with cybercriminals https://therecord.media/zerodium-acquiring-zero-days-in-pidgin-an-im-client-popular-with-cybercriminals/
Exploit broker Zerodium announced plans today to pay up to $100, 000 for zero-days in Pidgin, a multi-protocol instant messaging desktop client and a popular IM tool used in cybercriminal circles. The company, which buys exploits from security researchers and sells them to government and law enforcement agencies, said it would buy Pidgin zero-days at the higher $100, 000 price for the next three months, until August 2021, in what the company described as a temporary bug acquisition drive.
Tomi Engdahl says:
Largest Meat Producer Getting Back Online After Cyberattack
https://www.securityweek.com/largest-meat-producer-getting-back-online-after-cyberattack
The world’s largest meat processing company has resumed most production after a weekend cyberattack, but experts say the vulnerabilities exposed by this attack and others are far from resolved.
JBS notified the federal government the ransom demand came from the ransomware gang REvil, which is believed to operate in Russia, according to a person familiar with the situation who is not authorized to discuss it publicly.
REvil has not posted anything related to the hack on its darkweb site. But that’s not unusual. Ransomware syndicates as a rule don’t post about attacks when they are in initial negotiations with victims — or if the victims have paid a ransom.
JBS said late Tuesday that it had made “significant progress” in dealing with the cyberattack and expected the “vast majority” of its plants to be operating on Wednesday. The attack affected servers supporting JBS’s operations in North America and Australia. Backup servers weren’t affected and the company said it was not aware of any customer, supplier or employee data being compromised.
JBS is the second-largest producer of beef, pork and chicken in the U.S. If it were to shut down for even one day, the U.S. would lose almost a quarter of its beef-processing capacity, or the equivalent of 20,000 beef cows, according to Trey Malone, an assistant professor of agriculture at Michigan State University.
Tomi Engdahl says:
Ex-Top General, NSA Head Issues Dire Warning on Chinese and Russian Cyberattacks: ‘We’re Not Ready’
https://thefederalistpapers.org/us/ex-top-general-nsa-head-issues-dire-warning-chinese-russian-cyberattacks-not-ready
Retired Gen. Keith Alexander, former director of the National Security Agency and the first commander of the United States Cyber Command, joined ABC News’ Martha Raddatz on Sunday to discuss a recent sharp increase in Russian and Chinese cyberattacks against U.S. targets.
Calling the recent spate of cyberattacks “more blatant than I’ve seen in my career,” Alexander cited an attack reported last week against the U.S. Agency for International Development, last year’s attack on the Texas-based SolarWinds technology firm that ended up affecting thousands of the firm’s clients — including federal government agencies — and the mid-May hack on the Colonial Pipeline that disrupted gasoline supplies in the Southeast.
Tomi Engdahl says:
Fujifilm becomes the latest victim of a network-crippling ransomware attack
https://techcrunch.com/2021/06/03/fujifilm-becomes-the-latest-victim-of-a-network-crippling-ransomware-attack/?tpcc=ECFB2021
Tomi Engdahl says:
Exchange Servers Targeted by Epsilon Red’ Malware https://threatpost.com/exchange-servers-epsilon-red-ransomware/166640/
Threat actors have deployed new ransomware on the back of a set of PowerShell scripts developed for making encryption, exploiting flaws in unpatched Exchange Servers to attack the corporate network, according to recent research. Researchers from security firm Sophos detected the new ransomware, called Epsilon Red, in an investigation of an attack on a U.S.-based company in the hospitality sector, Sophos Principal Researcher Andrew Brandt wrote in a report published online.
Tomi Engdahl says:
Necro Python bot revamped with new VMWare, server exploits https://www.zdnet.com/article/necro-python-bot-revamped-with-new-vmware-smb-exploits/
A recent Necro Python bot campaign has shown that the developer behind the malware is hard at work ramping up its capabilities. The developer behind the Necro Python bot has made a number of changes to increase the power and versatility of the bot, including exploits for over 10 different web applications and the SMB protocol that are being weaponized in the bot’s recent campaigns. Exploits are included for vulnerabilities in software such as VMWare vSphere, SCO OpenServer, and the Vesta Control Panel.
Tomi Engdahl says:
New SkinnyBoy malware used by Russian hackers to breach sensitive orgs https://www.bleepingcomputer.com/news/security/new-skinnyboy-malware-used-by-russian-hackers-to-breach-sensitive-orgs/
Security researchers have discovered a new piece of malware called SkinnyBoy that was used in spear-phishing campaigns attributed to Russian-speaking hacking group APT28. SkinnyBoy is intended for an intermediary stage of the attack, to collect information about the victim and to retrieve the next payload from the command and control
(C2) server. SkinnyBoy is delivered through a Microsoft Word document laced with a macro that extracts a DLL file acting as a malware downloader. The lure is a message with a spoofed invitation to an international scientific event held in Spain at the end of July.
Tomi Engdahl says:
FireEye sells FireEye Products unit to STG for $1.2 billion
https://www.zdnet.com/article/fireeye-sells-fireeye-products-unit-to-stg-for-1-2-billion/#ftag=RSSbaffb68
FireEye said it is selling its FireEye Products business for $1.2 billion to a consortium led by Symphony Technology Group (STG).
FireEye said that the transaction separates the company’s network, email, endpoint and cloud security products from Mandiant’s software and services. FireEye Products and Mandiant Solutions will continue to be one entity until the transaction closes.
Tomi Engdahl says:
Norton antivirus adds Ethereum cryptocurrency mining
https://www.bbc.com/news/technology-57345632
In a surprise move, one of the world’s best-known anti-virus software makers is adding cryptocurrency mining to its products. “Our customers can mine for cryptocurrency with just a few clicks, avoiding many barriers to entry in the cryptocurrency ecosystem.”
Tomi Engdahl says:
WordPress force installs Jetpack security update on 5 million sites https://www.bleepingcomputer.com/news/security/wordpress-force-installs-jetpack-security-update-on-5-million-sites/
Automattic, the company behind the WordPress content management system, force deploys a security update on over five million websites running the Jetpack WordPress plug-in. The vulnerability was found in the Carousel feature and its option to display comments for each image, with nguyenhg_vcs being the one credited for responsibly disclosing the security bug. The Jetpack development team added that it found no evidence that the vulnerability has been exploited in the wild.
Tomi Engdahl says:
Surur / MSPoweruser:
Microsoft says Teams will support end-to-end encryption for one-to-one voice calls on desktop and mobile apps starhttps://mspoweruser.com/end-to-end-encryption-is-coming-to-microsoft-teams-calls-soon/ting in early July
https://mspoweruser.com/end-to-end-encryption-is-coming-to-microsoft-teams-calls-soon/
Tomi Engdahl says:
Christopher Bing / Reuters:
US DOJ says it is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack — The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack …
Exclusive-U.S. to give ransomware hacks similar priority as terrorism, official says
https://www.reuters.com/article/cyber-usa-ransomware-idUSL2N2NC1SD
Tomi Engdahl says:
TikTok just gave itself permission to collect biometric data on US users, including ‘faceprints and voiceprints’
https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints/?tpcc=ECFB2021
A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect biometric identifiers and biometric information” from its users’ content. This includes things like “faceprints and voiceprints,” the policy explained. Reached for comment, TikTok could not confirm what product developments necessitated the addition of biometric data to its list of disclosures about the information it automatically collects from users, but said it would ask for consent in the case such data collection practices began.
Tomi Engdahl says:
Catalin Cimpanu / The Record:
Sources: Cox Media Group is apparently suffering a ransomware attack, as live streams for Cox radio and TV stations go down — Live streams for radio and TV stations owned by the Cox Media Group, one of the largest media conglomerates in the US, have gone down earlier today in what multiple sources …
Live streams go down across Cox radio & TV stations in apparent ransomware attack
https://therecord.media/live-streams-go-down-across-cox-radio-tv-stations-in-apparent-ransomware-attack/
Live streams for radio and TV stations owned by the Cox Media Group, one of the largest media conglomerates in the US, have gone down earlier today in what multiple sources have described as a ransomware attack.
The incident took place earlier this morning and impacted the internal networks and live streaming capabilities for Cox media properties, such as web streams and mobile apps. Official websites, telephone lines, and normal programming remained running but some live programming could not go on air as scheduled.
“This morning we were told to shut down everything and log out our emails to ensure nothing spread. According to my friends at affiliate stations, we shut things down in time to be safe and should be back up and running soon,” a Cox employee shared in a private conversation earlier today.
Live streams for some of the impacted TV stations have returned online, according to checks performed by The Record, but most of the Cox radio streams are still offline at the time of writing.
In the aftermath of the incident, some radio and TV stations had to cancel live programming, according to tweets shared by some Cox program hosts earlier today.
Today’s ransomware attack has also been the main talking point of several private online communities dedicated to TV and radio reporters, who noticed that some of their colleagues have not gone on air earlier today.
While The Record has not been able to compile an exact list of impacted Cox radio and TV stations, we have been able to confirm issues with streams from News9, WSOC, WSB, WPXI, KOKI, and almost all Cox radio stations.
The Cox Media Group owns 57 radio and TV stations across 20 US markets.
Today’s incident marks the second time a ransomware group has hit a major media conglomerate in the US. In September 2019, a ransomware gang hit CBS-owned Entercom, the second-largest radio broadcasting network in the States, taking some radio stations offline.
Ransomware attacks have also temporarily took down some big TV channels like France’s M6 and US-based The Weather Channel in isolated attacks in 2019.
Tomi Engdahl says:
Updated: American ISP Sent Customer DMCA for Downloading Ubuntu
https://www.omgubuntu.co.uk/2021/05/ubuntu-iso-dmca-copyright-infringement
Torrenting Ubuntu is not only an a-okay thing to do, but it’s something that the people who make Ubuntu (and own the Ubuntu copyright) actively encourage.
Heck, the Ubuntu website even provides torrent download links for people to use.
“We have received a notification by a copyright owner, or its authorized agent, reporting an alleged infringement of one or more copyrighted works made on or over your Xfinity Internet service,” the letter received reads.
It goes on to instruct them to “search all devices that may be connected to your network for the file(s) mentioned […] and delete them”.
The file in question is ubuntu-20.04.2.0-desktop-amd64.iso.
Tomi Engdahl says:
Politico:
SCOTUS narrows the scope of Computer Fraud and Abuse Act, ruling it can’t be used to charge people who misused databases they are otherwise entitled to access — The Supreme Court has sharply curtailed the scope of the nation’s main cybercrime law, limiting a tool that civil liberties advocates …
Supreme Court narrows scope of sweeping cybercrime law
https://www.politico.com/news/2021/06/03/supreme-court-cybercrime-law-491764
The justices agreed with a broad range of critics that prosecutors had been misusing the 35-year-old law.
Tomi Engdahl says:
Matt Day / Bloomberg:
Amazon says it will require police departments that need Ring security footage to publicly post requests in Ring’s Neighbors app, beginning next week — – The change follows criticism of cozy ties to law enforcement — Police officers must post requests in Ring’s Neighbors app
Amazon’s Ring Will Ask Police to Publicly Request User Videos
https://www.bloomberg.com/news/articles/2021-06-03/amazon-s-ring-will-ask-police-to-publicly-request-user-videos
Amazon.com Inc.’s Ring, long criticized for a cozy relationship with law enforcement, will start requiring the police to publicly request home security footage captured by the company’s doorbells and cameras.
Beginning next week, police departments that want Ring users to help with investigations will be required to make the requests in the company’s Neighbors app. Previously, police officers emailed users in a dedicated portal.
Ring, the leading maker of internet-connected doorbells, has put cameras on the front of millions of homes, selling residents peace of mind via smartphone. But for civil liberties groups, the cameras — and their use by law enforcement agencies — pose threats to Americans’ privacy and civil rights. Ring has shown no signs of abandoning its relationship with the police, but in recent years has grown more transparent, publicly identifying law enforcement partners and, as of next week, letting all Neighbors users see what information is being requested.
Tomi Engdahl says:
https://www.facebook.com/groups/2600net/permalink/3042042932685478/
Essentially as far as federal law is concerned it’s fine if I leak sensitive data, as long as I have authorized access to said privileged information? Cool story.
Supreme Court sides with police officer who improperly searched license plate database
https://amp.cnn.com/cnn/2021/06/03/politics/supreme-court-cybercrime-law-case/index.html
Tomi Engdahl says:
Biden Says ‘Looking’ at Russia Retaliation Over Cyberattack
https://www.securityweek.com/biden-says-looking-russia-retaliation-over-cyberattack
Tomi Engdahl says:
Chinese Hackers Using Previously Unknown Backdoor
https://www.securityweek.com/chinese-hackers-using-previously-unknown-backdoor
Newly discovered cyber weapon uses elaborate multi-stage infection-chain to make detection and analysis difficult
Researchers have discovered a new cyber espionage weapon they believe was developed and is used by a China-based APT group they have named SharpPanda. A previously unknown Windows backdoor enables remote access and the collection of considerable live data – but only during Chinese working hours.
The documents are weaponized using the RoyalRoad RTF exploit kit, and then sent in a spear-phishing campaign to multiple targets within the Ministry of Foreign Affairs. Researchers from Check Point Research (CPR) report that opening the attachment starts a chain of in-memory loaders leading to the delivery of the previously unknown backdoor.
The weaponized document includes embedded objects that exploit the Equation Editor vulnerabilities in MS Word (which although old and fixed, is still popular with Chinese APT groups) to obtain the backdoor’s downloader. This is the beginning of an elaborate multi-stage infection-chain that seeks to make detection and analysis difficult.
Tomi Engdahl says:
Trend Micro Releases PoC Exploit for Vulnerability Affecting macOS, iOS
https://www.securityweek.com/trend-micro-releases-poc-exploit-vulnerability-affecting-macos-ios
Tomi Engdahl says:
https://www.securityweek.com/two-carbanak-gang-members-sentenced-8-years-prison
https://www.securityweek.com/nigerian-arrested-us-hacking-payroll-services-company
Tomi Engdahl says:
Cisco Plugs High-Risk Security Flaws in Webex, SD-WAN
https://www.securityweek.com/cisco-plugs-high-risk-security-flaws-webex-sd-wan
Tomi Engdahl says:
https://etn.fi/index.php/13-news/12232-yrityksiin-hyokataan-joka-11-sekunti
Tomi Engdahl says:
Code execution flaw in vCenter is exploited to install web shell on unpatched machines.
This is not a drill: VMware vuln with 9.8 severity rating is under attack
https://arstechnica.com/gadgets/2021/06/under-exploit-vmware-vulnerability-with-severity-rating-of-9-8-out-of-10/
Code execution flaw in vCenter is exploited to install web shell on unpatched machines.