- CISA and the Federal Bureau of Investigation have published the Guidance for MSPs and their Customers Affected by the Kaseya VSA supply-chain ransomware attack. CISA and FBI strongly urge affected MSPs and their customers to follow their guidance.
- Experts from Amnesty International, Forensic Architecture, Citizen Lab have developed DIGITAL VIOLANCE – an interactive 3D platform to present a geographic distribution of Pegasus malware.
- Microsoft released out-of-band patches for Windows systems affected by two critical bugs being tracked as CVE-2021-1675 and CVE-2021-34527 and has advised admins to disable the print spooler service until patches are applied. But Microsoft’s patch for the critical PrintNightmare bug might not solve all the problems the flaw has created, say security researchers.
- SolarWinds patches critical Serv-U vulnerability exploited in the wild and urges customers to patch a Serv-U remote code execution vulnerability that was exploited in the wild by “a single threat actor” in attacks targeting a limited number of customers. The vulnerability tracked as CVE-2021-35211 impacts Serv-U Managed File Transfer and Serv-U Secure FTP, and it enables remote threat actors to execute arbitrary code with privileges following successful exploitation.
Cybersecurity Blog Posts
- Michael Vizard has provided Kaseya REvil attack details in his post and commented their incident response plan. He insists that aach organization needs to weigh the degree to which they want to rely on an external service versus managing security themselves.
- Marcus Bartrum highlighted a new approach to tackling cybersecurity threats. He explained that fewer organizations are choosing to pay ransoms as businesses lose confidence that extortionists will honor their end of the bargain and CISOs are doubling down on precautionary measures, purchasing backup storage and cybersecurity insurance.
- Splunk Threat Research Team shared REvil ransomware threat research update and detections and showed how REvil is executed in a simulation.
- Cameron Camp and Aryeh Goretsky from ESET investigated the supply-chain ransomware attack against Kaseya’s IT management software and published Indicators of Compromise (IoCs) associated with this ransomware.
Research and Analytics
- Avast’s mobile threat team identified 2021’s biggest Android threats, and adware takes the cake. Analyzing all the threat intelligence they collected in the first five months of the year, Avast mobile threat researchers have been able to identify the greatest threats to Android devices in 2021. By a vast margin, the most common danger has been adware, making up 45% of the threats encountered so far this year.
- Fortinet specialists have published threat report where dived into the inner workings of Diavol and its possible attribution to the criminal group known as Wizard Spider.
- A home filled with smart devices could be exposed to more than 12,000 hacking or unknown scanning attacks from across the world in a single week, a new Which? investigation has found. They set up a test home in collaboration with NCC Group and IoT malware specialists, the Global Cyber Alliance (GCA), and the scale of scanning and hacking activity against the devices was breathtaking.
- According to IDC Survey of 200 Security Decision Makers, 63% of Organizations Experienced Exposure of Sensitive Data. 98% of the companies surveyed had experienced at least one cloud data breach in the past 18 months compared to 79% last year. Meanwhile, 67% reported three or more such breaches, and 63% said they had sensitive data exposed.
- Security researchers at the Lookout Threat Lab have identified over 170 Android apps, including 25 on Google Play, scamming people interested in cryptocurrencies. According to the analysis, they scammed more than 93,000 people and stole at least $350,000 between users paying for apps and buying additional fake upgrades and services.
- ReversingLabs experts described the hidden risks behind off-the-shelf software supply chain components. They addressed the importance of validating third-party software components as a way to manage the risks that they can introduce and explained why some of these security risks can only be recognized by analyzing the final software product delivered to the customers.
Major Cyber Incidents
- US water company WSSC Water hit by a ransomware attack that targeted a portion of their network that operates non-essential business systems. According to reports from WJZ13 Baltimore, the company removed the malware just hours later and locked out the threat, however, the attackers accessed internal files.
- Kaseya, an IT solutions developer for MSPs and enterprise clients, announced that it had become the victim of a cyberattack. It appears that attackers have carried out a supply chain ransomware attack by leveraging a vulnerability in Kaseya’s VSA software against multiple managed service providers (MSP) — and their customers. The cyberattack has been attributed to the REvil/Sodinikibi ransomware group, which has claimed responsibility on its Dark Web leak site, “Happy Blog.”
- Swedish supermarket chain Coop has shut down approximately 500 stores after they were affected by an REvil ransomware attack targeting managed service providers through a supply-chain attack. The supermarket chain closed its stores after the REvil ransomware gang targeted managed service providers (MSPs) and their customers in a massive supply-chain attack through Kaseya VSA, a remote patch management and monitoring uite.
- Russian government hackers breached the computer systems of the Republican National Committee last week, around the time a Russia-linked criminal group unleashed a massive ransomware attack.The government hackers were part of a group known as APT 29 or Cozy Bear.
- GETTR, the new social media launched by Trump advisor Jason Miller, has been hacked, with over 90,000 user locations and details exposed. Users also cannot delete their accounts. The data, which was accessed via exploiting “bad API” implemented on GETTR, did not include password hashes and data that could be used to log into accounts, but did include emails, usernames, and most worryingly, the location data of the users.
- American fashion brand and retailer Guess is notifying affected customers of a data breach following a February ransomware attack that led to data theft. According to the breach notifications information exposed in the attack includes personal and financial data. Guess has implemented additional measures to boost its security protocols and is cooperating with law enforcement as part of an ongoing incident investigation. DarkSide ransomware likely behind the attack.