Daily NCSC-FI news followup 2021-06-12

Tracking ransomware cryptocurrency payments: What now for Bitcoin?

www.welivesecurity.com/2021/06/11/tracking-ransomware-cryptocurrency-payments/ Earlier this week, the Department of Justice announced it seized around $2.3 million worth of bitcoin (BTC 63.7) collected in the BTC 75 payment for Colonial Pipeline ransomware. Does this mean Bitcoin is hackable given enough computation horsepower?. For years Bitcoins weaknesses (or strengths, depending on your point of view) have been known, yet rarely come to the fore. But scammers got greedy, or the market just decided for them. With public sentiment boiling, along with policymakers willingness to pursue those trying to take control of critical infrastructure, the appetite to go after Bitcoin has resurfaced.

Audi, Volkswagen data breach affects 3.3 million customers

www.bleepingcomputer.com/news/security/audi-volkswagen-data-breach-affects-33-million-customers/ Audi and Volkswagen have suffered a data breach affecting 3.3 million customers after a vendor exposed unsecured data on the Internet. Volkswagen Group of America, Inc. (VWGoA) is the North American subsidiary of the German Volkswagen Group. It is responsible for US and Canadian operations for Volkswagen, Audi, Bentley, Bugatti, Lamborghini, and VW Credit, Inc.. According to data breach notifications filed with the California and Maine Attorney General’s office, VWGoA disclosed that a vendor left unsecured data exposed on the Internet between August 2019 and May 2021.. Also:


Fortinet Targeted for Unpatched SSL VPN Discovery Activity

isc.sans.edu/forums/diary/Fortinet+Targeted+for+Unpatched+SSL+VPN+Discovery+Activity/27520/ Over the past 60 days, I have observed scanning activity to discover FortiGate SSL VPN unpatched services. Fortinet has fixed several critical vulnerabilities in SSL VPN and web firewall this year from Remote Code Execution (RCE) to SQL Injection, Denial of Service (DoS) which impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products. Two weeks ago, US-CERT released an alert re-iterating that APT actors are looking for Fortinet vulnerabilities to gain access to networks.

Unpatched Bugs Found Lurking in Provisioning Platform Used with Cisco UC

threatpost.com/unpatched-bugs-provisioning-cisco-uc/166882/ The Akkadian Provisioning Manager, which is used as a third-party provisioning tool within Cisco Unified Communications environments, has three high-severity security vulnerabilities that can be chained together to enable remote code execution (RCE) with elevated privileges, researchers said. They remain unpatched, according to the researchers at Rapid7 who discovered them.

As Ransomware Demands Boom, Insurance Companies Keep Paying Out

www.wired.com/story/ransomware-insurance-payments/ EARLIER THIS WEEK, Colonial Pipeline CEO Joseph Blount testified before the House Homeland Security Committee that his company had filed a claim with its cyberinsurance carrier for the $4.4 million cryptocurrency ransom it paid last month. This week, US authorities announced that they had managed to recover $2.3 million of that ransom, raising further questions about who would receive that moneyColonial Pipeline or its insurance carriersand what signal it would send to ransomware victims and their insurers.

Trickbot Investigation Shows Details of Massive Cybercrime Effort

beta.darkreading.com/threat-intelligence/trickbot-investigation-shows-details-of-massive-cybercrime-effort The group behind the Trickbot malware operation, which infected more than a million systems in nearly a dozen countries, includes malware experts, freelance developers, and pay-as-you-go money mules, among other participants, according to an indictment against one developer unsealed this week. Details from the indictment against Latvian national Alla Witte charged with being a developer with the group paints a picture of a sprawling, and largely ad hoc, organization that expanded its operations to include almost 20 different participants, and probably more.

U.S. Army Hacked By 40 Military And Civilian Hackers In Six Weeks

www.forbes.com/sites/daveywinder/2021/06/12/us-army-hacked-by-40-military-and-civilian-hackers-in-six-weeks/ Across six weeks, starting in January 2021, a team of hackers described as top-tier military and civilian operatives took aim at military assets belonging to the U.S. Department of the Army and the U.S. Defense Digital Services. These assets included a number of army.mil and westpoint.edu applications. The operation was a success, and that’s no bad thing because the hackers were participating in the third Hack the Army event to have taken place since 2016.

You might be interested in …

Daily NCSC-FI news followup 2019-08-07

SWAPGS Vulnerability in Modern CPUs Fixed in Windows, Linux, ChromeOS www.bleepingcomputer.com/news/security/swapgs-vulnerability-in-modern-cpus-fixed-in-windows-linux-chromeos/ At BlackHat today, Bitdefender disclosed a new variant of the Spectre 1 speculative execution side channel vulnerabilities that could allow a malicious program to access and read the contents of privileged memory in an operating system.. In a statement from Intel, BleepingComputer was told […]

Read More

Daily NCSC-FI news followup 2020-05-12

Coronavirus cyber-attacks update: beware of the phish blog.checkpoint.com/2020/05/12/coronavirus-cyber-attacks-update-beware-of-the-phish/ While we all try to get used to the Covid-19 pandemics new normal in our work and home lives, this year has been a time of unprecedented opportunity for cyber-criminals. The global response to the pandemic, and our desire for the latest information about it, has supercharged […]

Read More

Daily NCSC-FI news followup 2021-06-17

Black Kingdom ransomware securelist.com/black-kingdom-ransomware/102873/ Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065). The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.