Dateline Miami: Kaseya's resolution of its REvil incident.
Update Regarding VSA Security Incident (Kaseya) July 12, 2021 - 3:30 PM EDT The unplanned maintenance across the VSA SaaS infrastructure has completed and all instances are now live. With the large number of users coming back online in a short window, we had seen some performance issues. We made configuration changes to address the issue and it is now resolved. We will continue to monitor the performance and make adjustments as required.
Kaseya Releases Patches for Vulnerabilities Exploited in Ransomware Attack (SecurityWeek) Kaseya has released patches for the vulnerabilities exploited in the recent ransomware attack, and it has started restoring SaaS services.
Kaseya Patches Zero-Days Used in REvil Attacks (Threatpost) The security update addresses three VSA vulnerabilities used by the ransomware gang to launch a worldwide supply-chain attack on MSPs and their customers.
Kaseya ransomware attack: What we know now (ZDNet) Here is everything we know so far. ZDNet will update this primer as we learn more.
The Kaseya Ransomware Attack: Next Steps for Customers (IGI) IGI has been closely watching and analyzing the attack on Kaseya’s VSA software, and has some insight on how it can affect those businesses.
With Kaseya patch, IT teams begin the long slog to recovery (VentureBeat) With the Kaseya patch, runbook, and hardening instructions available, IT teams can get started on the process of restoring their VSA servers.
There's a Clear Line From the REvil Ransomware to Russia (GovInfoSecurity) Threat intelligence researchers are looking closely at REvil, the ransomware gang that infected 1,500 companies and organizations in a single swoop. A look at the group's online infrastructure shows clear lines to Russian and U.K. service providers that in theory could help law enforcement.
The Kaseya ransomware attack: history and industry reaction. (The CyberWire) On Friday Kaseya sustained a ransomware attack on its widely used VSA product. The attack, as it propagated through the supply chain of the managed service providers (MSPs) who use Kaseya VSA, has affected users worldwide. Huntress Labs warned on Friday that ransomware had been deployed through VSA on-premises servers beginning around 11:00 AM EDT. Early indications were that the ransomware was REvil, and subsequent ransom demands have seen the REvil gang (widely regarded as a Russian privateer, and the same threat actor responsible for the recent high-profile attack on JBS Foods) claim credit. The gang wants $70 million in Bitcoin, for which it promises to release decryptors to all the victims.
Developments in the Kaseya ransomware attack: recovery and response. (The CyberWire) As Kaseya continues to move closer toward normal operations and capacity, the US considers defensive and retaliatory options.
Kaseya fixes VSA, and the US calls for Russian action against REvil. (The CyberWire) Kaseya has completed fixing VSA's on-premises and SaaS versions. And President Biden is optimistic his Friday phone call with President Putin will bring the Russians on board for cooperation against ransomware.
REvil and Kaseya: response and recovery. (The CyberWire) Kaseya continues to work toward recovery as the US Government continues to work out a response.
Kaseya fixes VSA, and the US calls for Russian action against REvil. (The CyberWire) Kaseya has completed fixing VSA's on-premises and SaaS versions. And President Biden is optimistic his Friday phone call with President Putin will bring the Russians on board for cooperation against ransomware.
JustTech Statement On Recent Massive Cyber-Attack (The Bay Net) On July 2nd, JustTech and their clients were victims of the recent cyber-attack that has been reportedly attributed to a criminal gang in Russia known as REvil. In this attack, REvil actors utilized a vulnerability in an industry leading security tool (Kaseya), which JustTech utilizes for our clients.
Attacks, Threats, and Vulnerabilities
Microsoft discovers critical SolarWinds zero-day under active attack (Ars Technica) Flaws allow attackers to run malicious code on machines hosting Serv-U products.
SolarWinds issues software update – one it wrote for a change – to patch hole exploited in the wild (Register) 'Single threat actor' already abusing RCE flaw, Microsoft reports
SolarWinds Confirms New Zero-Day Flaw Under Attack (SecurityWeek) SolarWinds said a single threat actor exploited security flaws in its Serv-U Managed File Transfer and Serv-U Secure FTP products to launch malware attacks against “a limited, targeted set of customers.”
SolarWinds patches critical Serv-U vulnerability exploited in the wild (BleepingComputer) SolarWinds is urging customers to patch a Serv-U remote code execution vulnerability exploited in the wild by "a single threat actor" in attacks targeting a limited number of customers.
Microsoft discovers SolarWinds zero-day exploited in the wild (The Record by Recorded Future) US software company SolarWinds has released security updates on Saturday to patch a vulnerability in its Serv-U file transferring technology that is being actively exploited in the wild.
Professor Says Being Impersonated by Iranian Hackers Was Stressful But Good For Networking (Motherboard) Security researchers say a series of phishing emails pretending to come from two university professors were actually written by a suspected Iranian government hacking group.
New phishing attack SpoofedScholars targets professors and writers specializing in the Middle East (TechRepublic) Proofpoint security analysis details the latest attack that uses the lure of speaking at a conference to steal credentials.
Operation SpoofedScholars: A Conversation with TA453 (Proofpoint) TA453, an Iranian-state aligned actor, masqueraded as British scholars to covertly target individuals of intelligence interest to the Iranian government in what Proofpoint has dubbed Operation SpoofedScholars.
"Cyber Disruption" Stops Websites of Iranian Ministry (SecurityWeek) Websites of Iran’s transport and urbanization ministry went out of service after a “cyber disruption” in computer systems of its staff, the official IRNA news agency reported.
China's Great Firewall is blocking around 311k domains, 41k by accident (The Record by Recorded Future) In the largest study of its kind, a team of academics from four US and Canadian universities said they were able to determine the size of China's Great Firewall internet censorship capabilities.
The Pentagon Tried to Take Down These Hackers. They’re Back. (The Daily Beast) U.S. Cyber Command and Microsoft, among others, launched operations on the eve of the election meant to hobble a Russian-speaking hacking group. But it’s rising again.
Trickbot Activity Increases; new VNC Module On the Radar (Bitdefender) Trickbot has been around since late 2016, when it appeared in the form of a banker and credential-stealing application. Drawing inspiration from Dyre (or Dyreza), Trickbot consists of an ecosystem of plugin modules and helper components. The Trickbot group, which has infected millions of computers worldwide, has recently played an active role in disseminating ransomware.
Trickbot Strikes Back (Gizmodo) U.S. authorities attempted to hobble an infamous cybercriminal group last year but it looks like the gang is back in action.
June 2021’s Most Wanted Malware: Trickbot Remains on Top - Check Point Software (Check Point Software) Check Point Research reports that Trickbot, often used in the initial stages of ransomware attacks, is the most prevalent malware for the second month
Microsoft did door-to-door router replacements to stop Trickbot malware (The Verge) It partnered with ISPs in Brazil and Latin America.
Exclusive: Western Intelligence Fears New Russian Sat-Nav's Espionage Capabilities (Newlines Magazine) GLONASS, Moscow’s answer to GPS, is set to launch an upgraded satellite network later this year, which it hopes to sell to the U.S. and Europe.
Armis discloses critical attack vector that allows remote take-over of Schneider Electric industrial controllers (Armis) New ModiPwn vulnerability puts Schneider Electric PLCs in global organizations at risk to attacker takeover
Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack (Threatpost) The attacks are enabled by a now-patched vulnerability in ForgeRock's Access Management, a popular platform that front-ends web apps and remote-access setups.
Hackers Spread BIOPASS Malware via Chinese Online Gambling Sites (The Hacker News) Hackers spread BIOPASS spyware by compromising Chinese online gambling sites
Twitter verified a number of bot accounts—raising questions about security (The Daily Dot) Questions have been raised over Twitter's verification process after a handful of suspicious accounts were seen with blue checkmarks.
The most dangerous messaging apps on Android (TechRepublic) Messaging apps are becoming some of the most popular smartphone programs in the world, and that means more attempts to phish their users, Kaspersky finds.
Guess announces breach of employee SSNs and financial data after DarkSide ransomware attack (ZDNet) The fashion brand admitted that cybercriminals gained access to people's Social Security numbers, driver's license numbers, passport numbers and financial account numbers.
Fashion retailer Guess discloses data breach after ransomware attack (BleepingComputer) American fashion brand and retailer Guess is notifying affected customers of a data breach following a February ransomware attack that led to data theft.
Guess Data Breach Impacts Customer Info (PYMNTS) Guess has suffered a data breach.
Information Regarding the Cyber-Attack on Spread Group (Spread Group) Spread Group is the corporate brand and home to Spreadshirt, Spreadshop, TeamShirts and SPOD. We empower customers around the world to express themselves with print-on-demand products.
200,000 patients exposed after hackers tried to wire money from ClearBalance funds (Becker's Hospital Review) ClearBalance, a loan provider that helps patients finance hospital bills, on July 9 began notifying 209,719 patients that their data was breached in a phishing attack.
Dotty’s Reveals Details about Data Breach Incident (GamblingNews) Nevada Restaurant Services-owned Dotty’s reveals that some of its customers may have been impacted by a data breach.
Security Patches, Mitigations, and Software Updates
SolarWinds urges customers to patch zero-day flaw actively exploited in the wild (Computing) Bug affects a pair of IT management tools - Serv-U Managed File Transfer and Serv-U Secure FTP
PrintNightmare patch: How to update Windows after Microsoft security alert (Fast Company) On Tuesday, Microsoft revealed that it had identified a severe vulnerability in its operating system that could let hackers access your computer.
Gmail deploys support BIMI security standard (The Record by Recorded Future) Google has rolled out today support for the new Brand Indicators for Message Identification (BIMI) standard to all Gmail users as part of an effort to improve email-sender authenticity.
Vulnerability Summary for the Week of July 5, 2021 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA.
Trends
Top 5 high severity CVEs detected by Detectify since June 2020 | Detectify Blog (Detectify Blog) We’re going to highlight the Top high severity CVEs found by Detectify. Thanks to the Crowdsource global community of handpicked ethical hackers, Detectify users get continuous access to the latest threat findings “from the streets” – even actively exploited vulnerabilities for which there aren’t yet any official vendor patches or updates.
31% of US companies close down after falling victim to ransomware (Atlas VPN) Data presented by the Atlas VPN research team reveals that 31% of businesses in the US are forced to close down as a consequence of falling victim to ransomware attacks.
94% Of Organizations Have Suffered Insider Data Breaches, Egress Research Reveals (BusinessWire) Egress’ Insider Data Breach Survey 2021 has revealed that an overwhelming 94% of organizations have experienced insider data breaches in the last year
Nearly a Quarter of Exploits Sold on Cybercriminal Underground Are More Than Three Years Old (PR Newswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, released new research urging organizations to focus patching...
Marketplace
Arctic Wolf raises $150M for its security operations platform that blends software with human experts (SiliconANGLE) Arctic Wolf raises $150M for its security operations platform that blends software with human experts - SiliconANGLE
Sophos acquires Capsule8 (IT-Online) Sophos has acquired Capsule8, a pioneer of runtime visibility, detection and response for Linux production servers and containers covering on-premise and cloud workloads. Founded in 2016, Capsule8 is privately held and headquartered in New York. “Sophos already protects more than two million servers for over 85,000 customers worldwide, and the Sophos server security business is […]
European Commission approves Aon-WTW merger subject to divestments (Insurance Times) The European body agrees to Aon's proposals to sell off businesses to Gallagher in order for WTW merger to go ahead
Microsoft to Acquire Threat Intelligence Vendor RiskIQ (SecurityWeek) Microsoft will spend a reported $500 million in cash to acquire RiskIQ, a late stage startup in the threat intelligence and attack surface management business.
Facebook delays its brand safety audit a year after ad boycott raged (Digiday) The MRC for months has been waiting for Facebook to complete an internal readiness process in preparation for the audit.
WSJ News Exclusive | ByteDance Shelved IPO Intentions After Chinese Regulators Warned About Data Security (Wall Street Journal) ByteDance put on hold indefinitely its intentions to list offshore earlier this year after Chinese officials told the company to focus on addressing data-security risks, people familiar with the matter said.
Intel 471 Increases Commitment to APAC Region (Intel471.com) Threat Intelligence Company Intel 471 Appoints Former Anomali Sales Executive and Additional Analyst Resources to Further Customer Growth and Drive New Partnership Momentum
Sumo Logic Accelerates Expansion Across Japan to Help Meet the Demand for Modern Security and Observability Solutions (Yahoo Finance) Sumo Logic’s Cloud SIEM Solution Now Provides Superior Performance and Data Residency for Japanese Customers; Company Appoints New Country Manager to Further Drive Customer and Partner Growth Across the RegionREDWOOD CITY, Calif., July 12, 2021 (GLOBE NEWSWIRE) -- Sumo Logic (Nasdaq: SUMO), the pioneer in continuous intelligence, today announced its Cloud SIEM solution is now available in Tokyo to help organizations modernize their security operations center (SOC) by fusing analytics and automat
FireEye Appoints Erin Joe as SVP of Strategy and Alliances (BusinessWire) Erin Joe will be responsible for Mandiant strategy development and implementation, as well as key alliances in both the government and private sector.
ThycoticCentrify’s Grace Ries Honored on the 2021 CRN® Rising Female Stars List (Thycotic) Santa Clara, Calif. and Washington, D.C. — July 12, 2021 — ThycoticCentrify, a leading provider of cloud identity security solutions formed by the merger of privileged access management (PAM) leaders Thycotic and Centrify, is pleased to announce today that CRN®, a brand of The Channel Company, has named Grace Ries, Regional Channel Account Manager, to…
Cybersecurity Veteran Marios Damianides Joins TrueFort Advisory Board (BusinessWire) TrueFort's zero trust application protection is especially valuable for organizations moving to the cloud and modernizing business processes.
Products, Services, and Solutions
Keyfactor integrates with Google Cloud to deliver cloud-scale certificate automation (Keyfactor) Discover how to simplify PKI with cloud-based certificate lifecycle automation for Google Cloud Certificate Authority Service.
Tecala and eSentire Partner to Protect Enterprises across APAC (eSentire) Tecala, Australia’s top technology services & consulting organisation will make eSentire’s market leading MDR services available across Australia & New Zealand
Datadobi Enhances DatadobiDriven Program with New Training Portal (Datadobi) Over a decade ago, Datadobi raised the bar for data migration solutions with the launch of DobiMigrate.
GBA Launches Subsidiary for Cyber Supply Chain Threat Mitigation (PR Newswire) The Global Business Alliance (GBA) today announced the launch of GBA Sentinel, a wholly-owned subsidiary focused on helping global companies...
SonicWall Chooses Globalization Partners to Grow its Worldwide Team | Globalization Partners (Globalization Partners) Globalization Partners SonicWall Chooses Globalization Partners to Grow its Worldwide Team. Eliminate the hurdles that come with onboarding and managing a global workforce.
Cobalt Iron Enhances Compass Support for Amazon Web Services With Management of Virtual Machine Snapshots (Yahoo Finance) Cobalt Iron Inc., a leading provider of SaaS-based enterprise data protection, today announced that it is bolstering its support for Amazon Web Services (AWS). In addition to backup and data protection, the company’s Compass® enterprise software-as-a-service (SaaS) platform now enables seamless management of AWS virtual machine (VM) snapshots.
Cybereason Launches Global Defenders League Partner Program (Cybereason) The Cybereason team is excited to announce the launch of the Cybereason Defenders League, a Global Partner community designed to reward the cybersecurity industry’s most trusted advisors and solution providers...
Technologies, Techniques, and Standards
Cyberattacks and Ransomware: How Can We Protect Our Energy Infrastructure? (Wall Street Journal) The ransomware attack that brought down the Colonial Pipeline highlighted the industry’s vulnerability. We asked experts to weigh in on how the U.S. can bolster its defenses.
Sensor monitoring technology can make critical infrastructures less attractive targets for ransomware (Control Global) There is a need to change the paradigm of control system cyber security from an intractable network problem to a tractable engineering issue.
How government can move out of the ransomware bull’s-eye (GCN) By strengthening their defenses – and those of their contractors – agencies can make themselves a less attractive target for ransomware, one cyber expert says.
CISA Analysis: FY2020 Risk and Vulnerability Assessments (CISA) Each year, the Cybersecurity and Infrastructure Security Agency (CISA) conducts Risk and Vulnerability Assessments (RVAs) of Federal Civilian Executive Branch (FCEB), Critical Infrastructure (CI), and State, Local, Tribal, and Territorial (SLTT) stakeholders.
CISA Releases Analysis of 2020 Risk and Vulnerability Assessments | SecurityWeek.Com (SecurityWeek) The United States Cybersecurity and Infrastructure Security Agency (CISA) has published the results of the Risk and Vulnerability Assessments (RVAs) it conducted in fiscal year 2020, revealing some of the security weaknesses that impact government and critical infrastructure organizations.
CISA Issues Mitigation Tips for Common Attack Tactics (Nextgov.com) The agency assessed 37 federal agencies, and state, local and tribal governments last year to see how they are typically exploited.
BIMI: Emerging Standard Aims to Address DMARC Shortcomings (SecurityWeek) Brand Indicators for Message Identification (BIMI) allows a DMARC authenticated provider to insert an authenticated logo next to genuine emails in the email inbox
SolarWinds urges customers to patch zero-day flaw actively exploited in the wild (Computing) Bug affects a pair of IT management tools - Serv-U Managed File Transfer and Serv-U Secure FTP
Accounting For Privacy: How to Build a Cybersecurity Budget (Accountants Daily) As the digital sphere continues to shape so much of the future of business, it’s no surprise that a growing number of organisations have begun developing budgets specifically for local network
Why security analytics needs to outgrow its ‘magic phase’ (VentureBeat) After three decades at the forefront of security analytics, Gunter Ollmann has some ideas about the sector's future.
It takes more than MFA to beat human hacking (Help Net Security) While multi-factor authentication (MFA) is a much-needed addition to an effective cyber defense strategy, it is by no means foolproof.
Air Force cyber squadron offers its malicious file detection software to private sector (C4ISRNet) The 90th Cyberspace Operations Squadron signed patent license agreements with private companies to use code that it developed to detect malicious files on a network.
Legislation, Policy, and Regulation
Cuba clamps down on social media and internet access as protests spread (The Record by Recorded Future) In an effort to quell a historic show of popular dissent against Cuba’s communist dictatorship, the Cuban government throttled internet access across the country on Sunday and Monday.
EU Delays Push for Digital Levy to Focus on Global Tax Deal (Bloomberg) Yellen, who opposed the effort, meets today with EU officials. EU’s Vestager insists regulators will keep working on a levy.
After the Biden-Putin Summit, U.S.-Russia Expert Consultations Should Focus on the Financial Sector (Lawfare) A bilateral agreement on cyberattacks against financial integrity would be an important first step that could help build confidence to make progress on other, more challenging areas. Yet, even for this issue, there are opportunities to make progress if expert consultations begin with a more narrowly defined policy problem.
Pushing Putin Won’t Solve America’s Ransomware Problem (Barron's) Let’s not lull ourselves into thinking that the effective cure for the ransomware plague lies in geopolitics, writes Glenn S. Gerstell.
Russia is trying to ‘denigrate’ Biden while China prefers ‘unpredictable’ Trump not be reelected, senior U.S. intelligence official says (Business Times) WHEN US President Joe Biden and Russian President Vladimir Putin held their first summit in Geneva last month, cyber weapons played a larger role on the agenda than the nuclear kind. Clearly the world has changed since the Cold War, but what, if anything, did Mr Biden accomplish?
ASPI 'soft target' warning on ransomware - InnovationAus (InnovationAus) Ransomware attacks will only get worse for Australia without strategic domestic efforts to thwart it, according to a new report which warns a “policy vacuum” has made the nation an “attractive market” for cyber attackers. The Australian Strategic Policy Institute report follows a spate of ransomware attacks in Australia and across the world, which have crippled services and infrastructure while costing organisations millions of dollars. The Opposition called for a national ransomware strategy in February and a mandatory notification scheme for Australia in June.
Elevation's McNamee: Inevitable govts will try to take power from Big Tech (NASDAQ:GOOG) (SeekingAlpha) Roger McNamee, co-founder and managing director at Elevation Partners, said Monday that it is "inevitable" that governments will want to take power back from Big Tech, citing China's...
The Cybersecurity 202: Biden’s cybersecurity team is finally ready to go (Washington Post) President Biden’s full slate of top cybersecurity officials is finally ready to get down to work nearly six months into the administration and amid a sea of crises.
Senate confirms former White House, NSA official Jen Easterly as CISA director after delay (CyberScoop) Seven months into Joe Biden’s presidency, an administration confronting several cybersecurity crises finally has a permanent director en route to take over one of the top few cyber posts in the federal government. The Senate on Monday confirmed Jen Easterly as director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency by voice vote.
Senate confirms Jen Easterly as head of U.S. cyber agency (POLITICO) Easterly, a former senior NSA and White House official, brings a combination of military, intelligence and business experience to the helm of an overwhelmed agency.
Senate unanimously approves Jen Easterly to lead DHS cyber agency (TheHill) The Senate on Monday unanimously approved the nomination of Jen Easterly to serve as director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
CISA Gets a New Director Amidst Ongoing Ransomware Dumpster Fire (Gizmodo) Jen Easterly, a former NSA official, is the new director of the Cybersecurity and Infrastructure Security Agency.
Easterly confirmed as CISA director as agency grapples with ransomware crisis (The Record by Recorded Future) The Senate confirmed President Joe Biden’s pick to lead the Cybersecurity and Infrastructure Security Agency, filling a critical vacancy as the country reels from a series of digital assaults.
It’s Time for National Cyber-Incident Reporting Legislation (Bloomberg Law) The status quo of a mix of federal and state cyberattack reporting laws creates few incentives for the robust public-private pooling of information needed to confront the problem of rampant cyber-intrusions, Sidley Austin LLP partner Sujit Raman says. Recent large cyberattacks should be a wake-up call to Congress to pass federal legislation.
Maj. Gen. Neil Hersey Named Deputy Commanding General at Army Cyber Command (MeriTalk) Department of Defense cybersecurity veteran Maj. Gen. Neil Hersey has been named the new deputy commanding general for Operations at Army Cyber Command. He transitioned to the role in June, after two years as commanding general at the Army Cyber Center of Excellence in Fort Gordon, Ga., according to his bio.
Litigation, Investigation, and Law Enforcement
Energy’s Cyber Response Office Misspent Millions Due to Lack of Budget Management (Nextgov.com) Complaints alleged the relatively new CESER misspent $11.7 million, though the inspector general could only substantiate some of those claims.
China Cyberspace Administration Orders 25 Didi Apps to be Removed (Entrepreneur) Serious violations of security regulations prohibiting the collection of personal data were cited.
Interpol urges police to unite against 'potential ransomware pandemic' (BleepingComputer) Interpol (International Criminal Police Organisation) Secretary General Jürgen Stock urged police agencies and industry partners to work together to prevent what looks like a future ransomware pandemic.
Seizing Cryptocurrency: How is Law Enforcement Tracing and Recovering Bitcoin Payments? (SecurityWeek) SecurityWeek explores several hypotheses on how U.S. and UK law enforcement could have effected two major bitcoin seizures
Rand Paul requests probe into allegations NSA spied on Tucker Carlson (TheHill) Sen. Rand Paul (R-Ky.) is requesting the director of the National Security Agency conduct an investigation into Fox News host Tucker Carlson's claims that the agency has been spying on him.
New York Department of Financial Services Announces a $1.8 Million Settlement with Two Life Insurers for Data Breach Violations (The National Law Review) The New York Department of Financial Services (“NYDFS”) recently announced that it has entered into a Consent Order with two affiliated life insurers for alleged violations of New York&rsq
PACS vulnerabilities, data breach spur lawsuit against radiology specialists (SC Media) A lawsuit against Northeast Radiology and Alliance HealthCare alleges negligence and inadequate security, after a nine-month, PACS-related data breach.
Huawei, Verizon agree to settle patent lawsuits (Reuters) Chinese telecommunications company Huawei Technologies Co Ltd (HWT.UL) and U.S. group Verizon Communications (VZ.N) agreed to settle a pair of lawsuits alleging patent infringement, the companies both said on Monday.