IT Security News Blast – 7-23-2021
Kaseya gets master decryptor to help customers still suffering from REvil attack
“We obtained the decryptor yesterday from a trusted third party and have been using it successfully on affected customers,” Dana Liedholm, senior VP of corporate marketing, wrote in an email on Thursday morning. “We are providing tech support to use the decryptor. We have a team reaching out to our customers, and I don’t have more detail right now.”
CISA warns of stealthy malware found on hacked Pulse Secure devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by antivirus products. [...] Adversaries leveraged multiple vulnerabilities (CVE-2019-11510, CVE-2020-8260, CVE-2020-8243, CVE-2021-2289) for initial entry and placed webshells for backdoor access.
Microsoft shares workaround for Windows 10 SeriousSAM vulnerability
"An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database," Microsoft explains in a security advisory published on Tuesday evening. [...] Microsoft recommends restricting access to the problematic folder AND deleting Volume Shadow Copy Service (VSS) shadow copies to mitigate this issue.
'Relentless' cyberattacks no good for hospital finances, Fitch says
Nonprofit hospitals and health systems will need to plan for increased revenue and expense pressure from "relentless" cyberattacks, Fitch Ratings said July 22. The last 18 months has brought a "historic" increase in the number and severity of cyberattacks on healthcare organizations, Fitch said. Hospitals and health systems are particularly at risk because of their large amounts of sensitive patient data.
How Can Congress Aid Healthcare Cybersecurity, Fight Ransomware?
“I recommend the development of standardized metrics of cyber-attack severity on hospitals. Mandatory reporting of patient safety and care quality outcomes should occur for severe attacks. I recommend that federal agencies such as the National Institutes of Health (NIH) and the National Science Foundation (NSF) prioritize funding for research on this topic,” he stated.
Small Breaches Leading to Big Consequences: Sontiq Report
“Cybercriminals seized on new vulnerabilities created by remote work and the general chaos of the pandemic. Small businesses, in particular, were not as well-equipped to fend off cyberattacks,” Jim Van Dyke, SVP of financial wellness for Sontiq, stated. “Most people do not realize how dangerous these small-scale data breaches can be.”
Industrial cyber-attacks will kill someone by 2025
“In operational environments, security and risk management leaders should be more concerned about real world hazards to humans and the environment, rather than information theft,” said Gartner senior research director Wam Voster as the firm issued guidance about the security controls needed to protect OT systems.
Saudi Aramco confirms data leak after $50m cyber ransom demand
Aramco said in a statement that it had “recently become aware of the indirect release of a limited amount of company data which was held by third-party contractors”. [...] In another post, the perpetrator offered to delete the data if Aramco paid up $50m in a niche cryptocurrency Monero, which is particularly difficult for authorities to trace. The post also offered prospective buyers the chance to purchase the data for about $5m.
House passes several new bipartisan cybersecurity bills
The State and Local Cybersecurity Improvement Act (HR 3138) would authorize a new $500 million grant program to provide state, local, tribal and territorial governments with dedicated funding to secure their networks from ransomware and other cyberattacks.
The Brave New World of Cybersecurity Compliance—Key Takeaways from Recent Government Action on Cybersecurity
Continued pressure and strong government action to create consequences for criminal actors will be critical to curb the current wave of ransomware attacks. The government must continue sending a clear message that no safe havens exist from which individuals can run global cybercrime operations without consequences.
A favorite target of Russian hackers, the Olympics are on guard
“When I started, we were always talking about Russia and sort of hard infrastructure, like energy,” Martin said. “Of course, some of their most brazen and impactful interventions have come after softer infrastructure: politics, sports, undermining confidence and enjoyment in some of the things that are the fabric of the West, the nonauthoritarian world. Sport fits into that.”
EXCLUSIVE-Cyber attack disrupts South African container terminals, sources say
Transnet, which operates major South African ports, including Durban and Cape Town, and a huge railway network that transports minerals and other commodities for export, confirmed its IT applications were experiencing disruptions and it was identifying the cause. It declined to comment on whether a cyber attack caused the disruption.
China's New Law Requires Vendors to Report Zero-Day Bugs to Government
The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to mandatorily disclose them first-hand to the government authorities within two days of filing a report.
Is US muddling its cyber policy by policing China and Russia differently?
“Naming and shaming doesn't stop the behavior,” said Congressman Jim Hines, D-Conn. In the past, “I remember opening the New York Times to read about the very specific indictment of individual PLA [China People’s Liberation Army] units with exquisitely detailed explanations of how the Chinese were doing what they were doing – and did that stop it? No, it didn't.”
Critical Jira Flaw in Atlassian Could Lead to RCE
On Wednesday, Atlassian issued a security advisory concerning the vulnerability, which is tracked as CVE-2020-36239. The bug could enable remote, unauthenticated attackers to execute arbitrary code in some Jira Data Center products. [...] Atlassian said that the bug was introduced in version 6.3.0 of Jira Data Center, Jira Core Data Center, Jira Software Data Center and Jira Service Management Data Center (known as Jira Service Desk prior to 4.14).
Cybercriminals Rewrite Malware to Target MacOS
FormBook reappeared on underground forums in February 2020 under the new moniker XLoader, with a new avatar. While both variants share the same code base, XLoader comes with a few key changes, including its ability to infect macOS systems. Attackers can buy XLoader licenses on the Dark Web for as low as $49.
The threat of Pegasus-style spyware could creep toward the business community
“Every day, the research teams at Lookout observe advanced techniques used by the likes of the NSO Group,” Cockerill said. “There has been a trend where these techniques are being adopted more frequently by consumer-grade surveillanceware and spyware vendors. This could put very powerful surveillance tools in almost anyone's hands.”
Respect in Security initiative aims to build reporting lines for infosec bods suffering harassment at work, conferences and online
Research commissioned by Respect in Security said about a third of 302 industry professionals had experienced harassment at work while online and in-person, with a significant amount of in-person harassment occurring at industry events and during work socials.