Update Regarding VSA Security Incident (Kaseya) Kaseya’s VSA product has unfortunately been the victim of a sophisticated cyberattack. Due to our teams’ fast response, we believe that this has been localized to a very small number of on-premises customers only.
The Kaseya ransomware attack: history and industry reaction. (The CyberWire) On Friday Kaseya sustained a ransomware attack on its widely used VSA product. The attack, as it propagated through the supply chain of the managed service providers (MSPs) who use Kaseya VSA, has affected users worldwide. Huntress Labs warned on Friday that ransomware had been deployed through VSA on-premises servers beginning around 11:00 AM EDT. Early indications were that the ransomware was REvil, and subsequent ransom demands have seen the REvil gang (widely regarded as a Russian privateer, and the same threat actor responsible for the recent high-profile attack on JBS Foods) claim credit. The gang wants $70 million in Bitcoin, for which it promises to release decryptors to all the victims.
Biden says US will respond if Russia behind cyber attack (The Straits Times) CENTRAL LAKE (Michigan) • President Joe Biden says he has directed United States intelligence agencies to investigate who was behind a sophisticated ransomware attack that hit hundreds of American businesses and led to suspicions of Russian gang involvement.. Read more at straitstimes.com.
Biden orders probe of latest ransomware attack (Reuters) President Joe Biden said on Saturday he has directed U.S. intelligence agencies to investigate who was behind a sophisticated ransomware attack that hit hundreds of American businesses and led to suspicions of Russian gang involvement.
'Colossal and devastating' cyber attack on US businesses to be investigated for ties to Russia (ABC) A cyber attack that immobilised US businesses ahead of the nation's July 4 holiday weekend will be investigated for links to Russia, US President Joe Biden says.
Biden Orders Investigation of Kaseya Ransomware Attack (BankInfoSecurity) U.S. President Joe Biden has ordered federal intelligence agencies to investigate the incident involving IT management software vendor Kaseya. Attackers reportedly
White House reaching out with assistance to latest ransomware victims (Reuters) The White House said on Sunday it was reaching out to victims of a wide-ranging ransomware outbreak that is centered on a Florida-based information technology company and has had an impact on hundreds of businesses worldwide.
Kaseya Attack Fallout: CISA, FBI Offer Guidance (Threatpost) Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer guidance to victims.
EU device-cracking platform to receive major upgrade (The Record by Recorded Future) The European Union has allocated €4 million in funding to upgrade Cerberus, a platform used by EU law enforcement agencies to crack passwords and access encrypted devices.
P/C Insurers Defend Ransomware Reimbursements in New Cyber Principles (Insurance Journal) The nation's largest property/casualty insurance organization is defending ransom payment reimbursements by insurers in a new set of principles stressing
APCIA Announces Strong Cyber Extortion/Ransomware Guiding Principles (APCIA) The American Property Casualty Insurance Association (APCIA) today announced its Cyber Extortion/Ransomware Guiding Principles that will provide guidance as the industry develops thoughtful action-driven opportunities to address this societal problem.
How to stop ransomware? International cooperation, disrupting payments are key (CSO Online) Anti-ransomware acts or regulations will require global cooperation, experts say. In the meantime, ransomware victims should cooperate quickly and fully with authorities.
Hacks Are Prompting Calls For A Cyber Agreement, But Reaching One Would Be Tough (NPR.org) The recent ransomware attacks on U.S. industries have sparked renewed talk of an international cyber agreement that could set rules for what's permissible, and spell out sanctions for violators.
On New Zealand’s Lack Of Adequate Cyber Security Defences (Scoop News) Remember how, back in the olden days, we had security concerns about the Chinese firm Huawei? Allegedly, Huawei was to be shunned as a business arm of the Chinese Communist Party and supposedly some Huawei products contained security glitches that ...
Scramble for cyber space: India needs urgently to formulate its National Cyber Strategy (Times of India Blog) Two critical aspects of cyber space were explained by the Indian National Cyber Security Coordinator Lt. Gen. (Dr) Rajesh Pant at a conference organised by the Public Affairs Forum of India, which merit attention of...
EUROPE : EU cybersecurity agency maps out pan-European incident response procedures (Intelligence Online) Increasing numbers of European projects want to ramp up cooperation on cyber incident response and the European cybersecurity agency ENISA has found partners to help it shape its policy in this field.
Putin Approves Updated Russian National Security Strategy (Tasnim News Agency) TEHRAN (Tasnim) – Russian President Vladimir Putin approved an updated Russian National Security Strategy, with the corresponding decree published on the state portal of legal information on Saturday.
Norway Law Forces Influencers to Label Retouched Photos on Instagram (Motherboard) The new law will require advertisements where a body’s shape, size, or skin has been retouched to be labeled.
Kevin McCarthy calls Biden "weak against Putin" while pointing to ransomware attacks (Newsweek) "Remember when President Biden gave Putin a list of things that were supposed to be off-limits for cyber attacks?" McCarthy wrote in his post. "What he SHOULD have said is that ALL American targets are off-limits."
China Targets Firms Listed Overseas After Launching Didi Probe (Wall Street Journal) China said it would tighten rules for companies seeking to sell shares abroad and strengthen oversight of overseas-listed companies, moves that follow scrutiny of Didi Global and could hinder attempts by homegrown firms to raise money in the U.S.
China Likely Outed Soon For Exchange Hacks (Breaking Defense) The Exchange campaign attribution will also provide hints about the role of the first national cyber director in such incidents. NSA veteran Chris Inglis was confirmed for the position just weeks ago.
How U.S. cyber policy changed after SolarWinds (CBS News) The Biden Administration imposed sanctions on Russia, ordered new cybersecurity standards for federal contracts with software companies, and chose the nation's first National Cyber Director.
SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and Commerce Departments (CBS News) Bill Whitaker reports on how Russian spies used a popular piece of software to unleash a virus that spread to 18,000 government and private computer networks.
Debate Heats Up as Senator Prepares to Introduce Incident-Reporting Legislation (Nextgov.com) Reviews are in on draft legislation Sen. Mark Warner’s office has circulated and plans to update for introduction after the holiday break.
Lawmakers, experts question whether CISA should be split from DHS after delayed confirmation of Easterly (ZDNet) Anger over the delayed confirmation of Jen Easterly has reignited calls for CISA to exist on its own.
Proposed bill would create a new federal agency to protect consumer data (CSO Online) The Data Protection Act of 2021 has wide-ranging definitions of high-risk data practices and privacy harm.
Congress Considers Measures to Improve Telecom Security (GovInfoSecurity) A House subcommittee is considering a slate of nine bills designed to improve cybersecurity practices in the telecommunications supply chains that support wireless
US Department of Homeland Security toasts success of warp-speed drive to diversify cybersecurity workforce (The Daily Swig | Cybersecurity news and views) Federal agency has filled or found candidates for 800 positions in just 60 days
Twitter loses immunity over user-generated content in India (Reuters) Twitter Inc (TWTR.N) no more enjoys liability protection against user-generated content in India as the U.S. microblogging giant has failed to comply with new IT rules, the Indian government said in a court filing.