Russian-Linked Group Using Secondary Backdoor Against Targets

Scott Ferguson • September 22, 2021

A Russian-linked group known as Turla has been deploying a secondary backdoor against numerous targets to maintain persistence within compromised devices even after the primary malware has been discovered and removed, Cisco Talos report. Victims include U.S., German and Afghan organizations.

Critical Infrastructure Security

Bad News: Innovative REvil Ransomware Operation Is Back

Latest

DDoS Protection

Russians Prevent Mēris Botnet From Hijacking 45,000 Devices

Mihir Bagwe • September 22, 2021

Russian cybersecurity firm Rostelecom-Solar reports that it prevented what it believes is the Mēris botnet from an attempted takeover of 45,000 new devices. The company's president says it also stopped 19 distributed denial-of-service attacks targeting Russia’s remote electronic voting system.

3rd Party Risk Management

US DHS, FBI Face Ransomware Questions from Congress

Dan Gunderman • September 22, 2021

U.S. FBI and Department of Homeland Security leaders fielded several cybersecurity questions from House lawmakers Wednesday, particularly around the surge in ransomware attacks, diplomatic efforts to curb ransomware's financial model, and the nation-states that harbor cybercriminals.

Anti-Phishing, DMARC

Microsoft Analyzes Phishing-as-a-Service Operation

Doug Olenick • September 22, 2021

Microsoft Security on Tuesday issued a detailed report on a massive phishing-as-a-service operation named BulletProofLink that offered as a subscription all the tools needed to conduct a campaign. The gang remains operational.

Application Security

Researcher Finds Exposed Data of 106 Million Thai Visitors

Mihir Bagwe • September 22, 2021

Researcher Bob Diachenko has discovered an unsecured database containing personal information of 106 million foreign nationals who have visited Thailand in the past decade. The 200GB database, which has now been secured, has not been accessed by unauthorized personnel, Thai authorities say.

Application Security

Zero-Day Vulnerability Found in UK Virgin Media Routers

Prajeet Nair • September 22, 2021

Researchers have found a zero-day vulnerability in U.K. broadband and cable TV provider Virgin Media’s Super Hub 3 routers that enables an attacker to unmask IP addresses of VPN users. But a Virgin Media spokesperson says the risk of that happening is "very low."

3rd Party Risk Management

US Treasury Blacklists Russia-Based Crypto Exchange

Dan Gunderman • September 22, 2021

The U.S. Department of the Treasury has blacklisted Russia-based cryptocurrency exchange Suex for allegedly laundering tens of millions of dollars for ransomware operators, scammers and darknet markets. It is the first such designation for a virtual currency exchange.

3rd Party Risk Management

BlackMatter Knocks Marketron Off the Air

Doug Olenick • September 22, 2021

Marketron Broadcast Solutions was hit over the weekend by a ransomware attack launched by the BlackMatter gang, and the attack has taken down a number of the marketing firm's products. Marketron is currently in talks with its attacker.

Electronic Healthcare Records

Facilitating the Secure Exchange of Health Data

Marianne Kolbasuk McGee • September 22, 2021

The acquisition of the SAFE Identity consortium and its trust framework by DirectTrust, best known for creating and maintaining trust frameworks for secure email messaging in healthcare, will help facilitate new secure health information exchange use cases, says DirectTrust CEO Scott Stuewe.

Breach Notification

Hacking Incidents Lead to 2 Big Eye Care Provider Breaches

Marianne Kolbasuk McGee • September 21, 2021

Two eye care entities are among the latest healthcare provider organizations recently reporting hacking breaches each affecting tens of thousands of individuals. One of the incidents involved a foiled wire transfer fraud attempt.

Critical Infrastructure Security

Ransomware Reportedly Hits Iowa Farm Services Cooperative

Scott Ferguson , Doug Olenick • September 20, 2021

NEW Cooperative, an Iowa-based farm services cooperative, has reportedly been targeted by the BlackMatter ransomware gang, demanding a $5.9 million payment from the organization, according to security researchers and published reports. The cooperative is working with law enforcement agencies.

Blockchain & Cryptocurrency

Hacker Makes Off With $12 Million in Latest DeFi Breach

Dan Gunderman • September 20, 2021

In the latest security incident involving a decentralized finance protocol, cross-chain project pNetwork announced Sunday it had been hacked for 277 pBTC, a form of wrapped bitcoin, with losses worth over $12 million at current value.

Active Defense & Deception

Chinese APT Data-Harvesting Campaign Analyzed

Rashmi Ramesh • September 20, 2021

Earlier this month, McAfee Enterprise's Advanced Threat Research team, working with McAfee's Professional Services IR team, reported that an APT campaign dubbed Operation Harvest had been in operation for years. Their analysis provides insight into the group's tools, tactics and techniques.