Cybersecurity News: June 26th— July 2nd 2021
This week’s malware, data breaches, new laws, vulnerabilities, cost of a data breach, privacy, and cybersecurity news
Free Content on Jobs in Cybersecurity | Sign up for the Email List
2nd Sight Lab | Cybersecurity | Vulnerabilities | Malware | Threat Reports | Breaches & Attacks | Cost of a Data Breach | Laws & Legal | Investments
2nd Sight Lab News
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you like this blog, please clap, follow, join, or pass it on. Thanks! 👏
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Catch a few blog posts from 2nd Sight Lab this week. First up is a story about trying to report a system problem and the resulting rabbit hole.
A related post explains problems with mortgage and real estate industry portals and how that leads to increased cybersecurity risk.
AWS asked me to write a guide for executives might attending re:Inforce. Here are the picks. Names and information about the presenters included in the original was removed but was the basis, in part, for many of the selections. The presenters have executive-level perspectives and a few are personal connections. The one exception is the workshop. A hands-on session may or may not interest some executives, but it was the only session on that AWS service at the time of writing. It’s all about managing the risk — as explained in my book on cybersecurity for executives.
TDR203, IAM201, DPP206, GRC202, TDR202, DPP204, TDR201, GRC251, GRC204, DPP201
https://reinforce.awsevents.com/static/media/guides/2021_reInforce_HeroGuide_Executive.pdf
Projects…
2nd Sight Lab won’t be at re:Inforce this year, but you can schedule consulting calls with Teri Radichel through IANS Research if you have cloud or cybersecurity questions. We are working on some new presentations for other venues and projects which will be writing more about later in this blog.
Happy Fourth of July!
If you are in the United states, happy Fourth. It’s a holiday and we had some visitors including someone who’s going to be helping with an update to 2nd Sight Lab’s cybersecurity classes. Enjoy the fireworks!
Cybersecurity
_____________________________________________
IC3 Logs 6 Million Complaints
I just noticed this report that came out in May:
It took nearly seven years for the FBI’s Internet Crime Complaint Center (IC3) to log its first million complaints. It took only 14 months to add the most recent million.
This statistic may also be due to increased crime but also increased awareness about where to report Internet crimes. I write about the IC3 in my book which came out last February.
Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments
Since at least mid-2019 through early 2021, Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military unit 26165, used a Kubernetes® cluster to conduct widespread, distributed, and anonymized brute force access attempts against hundreds of government and private sector targets worldwide.
This type of traffic is examined in an article on how scanners lead to scammers and my book explains how to reduce cyber risk from these types of attacks.
From FBI:
UK NCSC:
Request for Comments: PCI DSS v4.0 Draft Validation Documents
From 28 June to 28 July, PCI SSC stakeholders can participate in a Request for Comments (RFC) on a draft of the PCI DSS v4.0 draft validation documents.
MITRE ATT&CK® mappings released for built-in Azure security controls
Secretary Mayorkas Announces Most Successful Cybersecurity Hiring Initiative in DHS History
Today, Secretary of Homeland Security Alejandro N. Mayorkas announced the Department’s largest cybersecurity hiring initiative in its history with the onboarding of nearly 300 cybersecurity professionals and the extension of an additional 500 tentative job offers. This hiring initiative, which exceeded its goal by almost 50 percent, is part of a 60-day Cybersecurity Workforce Sprint focused on building a more diverse cybersecurity workforce.
This is very welcome news. However, more bodies does not always equate to better outcomes. Success will depend on the results of the work performed by these individuals and whether or not insiders were hired that could leak information. Time will tell.
New Google Scorecards Tool Scans Open-Source Software for More Security Risks
Google has launched an updated version of Scorecards, its automated security tool that produces a “risk score” for open source initiatives, with improved checks and capabilities to make the data generated by the utility accessible for analysis.
Twitter now lets users set security keys as the only 2FA method
More on security keys in Security for Startups.
SOC Investment Improves Detection and Response Times, Data Shows
Would like to see statics related to effective use of automation for incident response.
Latest web hacking tools
More crimes affecting children, some involving Internet activity.
Global police shut down Russian-based DoubleVPN service favored by cybercriminals
Law enforcement agencies from Europe, the United States and Canada have teamed up to take down the web domains and seized the infrastructure of DoubleVPN, a virtual private network (VPN) service that was used by cybercriminals to conduct their activities anonymously.
Google Updates Vulnerability Data Format to Support Automation
Microsoft’s Halo dev site breached using dependency hijacking
Security training org EC-Council pulls blog over copyright violations, promises editorial improvements
On June 20, business information security officer, hacker, and public speaker Alyssa Miller sent out a tweet saying that an EC-Council member had reworded, then republished, a feature Miller had written — titled, ‘What is a Business Information Security Officer (BISO)?’ — on the organization’s blog.
Kubernetes is deprecating Dockershim
Some updates may be required. How to tell if this change affects you:
More:
NIST defines critical software
Is designed to run with elevated privilege or manage privileges
Has direct or privileged access to networking or computing resources
Is designed to control access to data or operational technology
Performs a function critical to trust
Operates outside of normal trust boundaries with privileged access
UK: Sensitive Defense Documents Found at Bus Stop
https://www.infosecurity-magazine.com/news/sensitive-defense-documents-bus
How to bypass the Windows 11 TPM 2.0 requirement
Google Chrome will get an HTTPS-Only Mode for secure browsing
CISA releases new ransomware self-assessment security audit tool
WhiteHat Security Rebrands as NTT Application Security
Hacks Are Prompting Calls For A Cyber Agreement, But Reaching One Would Be Tough
Revisiting a Framework on Military Takedowns Against Cybercriminals
Senate Bill Asks for DHS Study on ‘Hack-Back’ Options
Privacy
_____________________________________________
Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax
US Government Accountability Office published: FACIAL RECOGNITION TECHNOLOGY Federal Law Enforcement Agencies Should Better Assess Privacy and Other Risks
https://www.gao.gov/assets/gao-21-518.pdf
Microsoft exec reveals “routine” secrecy orders from government investigators
Windows 11 includes the DNS-over-HTTPS privacy feature
Large companies may want to consider security implications as explained in this blog post on DNS over HTTPS and Quic.
New API Lets App Developers Authenticate Users via SIM Cards
Not so sure about this one. Would need to test it out but probably won’t have time soon. Sample questions I would ask:
- What kind of data do you give up in the verification process?
- How secure are the verification systems? Have they been pentested?
Google now requires app developers to verify their address and use 2FA
Google on Monday announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification (2SV), provide an address, and verify their contact details later this year.
Vulnerabilities
_____________________________________________
CISA offers guidance for PrintNightmare, Critical Windows Print Spooler Vulnerability
Like I wrote in a prior post on this blog — why do cloud VMs have the print services turned on by default? Turn it off if you are not using it. That goes for any extraneous service on any server.
Researchers “accidentally release”?? exploit I mentioned in last week’s blog post.
Windows Update bug blocks Azure Virtual Desktops security updates
“We are investigating an issue where devices running Windows 10 Enterprise multi-session, version 1909 might not be able to download updates later than May 2021,” Microsoft says in the Windows Health Dashboard.
“This is observed in the Settings app under the Windows Update setting, which will display the message ‘You’re up to date’ even if no updates later than May 2021 have been installed.”
Attackers Already Unleashing Malware for Apple macOS M1 Chip
Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise
Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine
“This is done by impersonating the metadata server from the targeted virtual machine’s point of view,” security researcher Imre Rad said in an analysis published Friday. “By mounting this exploit, the attacker can grant access to themselves over SSH (public key authentication) so then they can login as the root user.”
Google Project Zero demonstrates how a vulnerability in KVM AMD-specific code can lead to a virtual machine escape
In this blog post I describe a vulnerability in KVM’s AMD-specific code and discuss how this bug can be turned into a full virtual machine escape. To the best of my knowledge, this is the first public writeup of a KVM guest-to-host breakout that does not rely on bugs in user space components such as QEMU. The discussed bug was assigned CVE-2021–29657, affects kernel versions v5.10-rc1 to v5.12-rc6 and was patched at the end of March 2021.
Another Zero Day looms for Western Digital MyBook Live users
Multiple vulnerabilities in WordPress plugin pose website remote code execution risk
The plugin in question is ProfilePress — formerly named WP User Avatar — which facilitates the uploading of WordPress user profile images. The technology has more than 40,000 installs, according to Wordfence.
I just wrote about the dangers associated with file upload functionality on websites and web applications in my blog post on secure portals.
Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks
The bug in Edge’s auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.
Details of RCE Bug in Adobe Experience Manager Revealed
The bug, patched in May, allowed hackers to bypass authentication protection and execute code remotely on vulnerable AEM installs.
“This bug allows attackers to bypass authentication and gain access to CRX Package Manager,” researchers wrote in a blog post about the vulnerability published Monday. “Packages enable the importing and exporting of repository content, and the Package Manager can be used for configuring, building, downloading, installing and deleting packages on local AEM installations.”
The blog post seems to have been deleted from the Detectify blog.
Check to see that your Microsoft DCOM configuration is secure.
NVIDIA Patches High-Severity GeForce Spoof-Attack Bug
The prerequisites for an attack, known as a spoofing attack, include an adversary with network or remote access to the vulnerable PC. According NVIDIA details, because the victim must be coaxed into clicking on a malicious link, the attack is considered complex, reducing the risk of a successful exploitation.
Vulnerability Spotlight: Memory corruption vulnerability in PowerISO’s DMG handler
Pandora monitoring system pwned by chained vulnerability exploit
A security researcher has shown how he was able to chain two vulnerabilities to achieve remote code execution (RCE) against Pandora FMS (Flexible Monitoring System).
Microsoft warns of critical PowerShell 7 code execution vulnerability
Malware
_____________________________________________
Kaseya supply‑chain attack
Lorenz ransomware decryptor recovers victims’ files for free
Botnet attacks on APIs: Why most companies are unprepared
2nd Sight Lab helps customers test APIs through our penetration testing services. I also speak to a lot of companies about API security through IANS Research.
Lil’ skimmer, the Magecart impersonator
But in this case it is more complex because the hosting servers are comprised of a large number of domains names, many of which are also malicious but not skimming related. Hiding in the noise is another common trait for threat actors.
New Mirai-Inspired Botnet Could Be Using Your KGUARD DVRs in Cyber Attacks
Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called “mirai_ptea” that leverages an undisclosed vulnerability in digital video recorders (DVR) provided by KGUARD to propagate and carry out distributed denial-of-service (DDoS) attacks.
Android Apps with 5.8 million Installs Caught Stealing Users’ Facebook Passwords
Malware masquerades as privacy tool
TrickBot Spruces Up Its Banking Trojan Module
The TrickBot trojan is adding man-in-the-browser (MitB) capabilities for stealing online banking credentials that resemble Zeus, the early banking trojan, researchers said — potentially signaling a coming onslaught of fraud attacks.
REvil moving to Linux to target VMWare ESXi and NAS devices
Cybercriminals behind a string of high-profile ransomware attacks, including one extorting $11 million from JBS Foods last month, have ported their malware code to the Linux operating system. The unusual move is an attempt to target VMware’s ESXi virtual machine management software and network attached storage (NAS) devices that run on the Linux operating system (OS).
Babuk Ransomware Builder Mysteriously Appears in VirusTotal
Decryptor likely to follow.
And is being used in attacks:
Malware using DropBox for C2
Check Point research recently discovered an ongoing spear-phishing campaign targeting the Afghan government. The malware uses Dropbox to act as its Command and Control server. The email contains a password-protected RAR archive named NSC Press conference.rar.
IBM examines ShellBot from the inside
Examining two ShellBot botnets that appeared in attacks honeypots caught, the X-Force team was able to infect its own devices and become part of the live botnets, thereby gaining insight into how these botnets were managed internally.
Guardicore Labs published a GitHub repository with new IOCs for wormable Indexsinas (NSABuffMiner) malware
Sentinel Labs writes about MAC TCC bypasses
The tl;dr: keep a close and regular eye on what is allowed to automate the Finder in your System Preferences Privacy pane.
IBM: Malware Actors Have Using AutoHotkey Scripts For Attacks
Threat Reports
_____________________________________________
Proofpoint: Cobalt Strike is a favorite
I wrote about this in previous news blogs and how to spot it.
SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers
In addition, Microsoft said it detected information-stealing malware on a machine belonging to one of its customer support agents, who had access to basic account information for a small number of its customers.
The NCSC has issued advice to UK organisations following an update from Microsoft on malicious cyber campaigns:
Impersonation Becomes Top Phishing Technique
Avanan’s 2021 Global Phish Cyber Attack Report finds credential harvesting is used in 54% of all phishing attacks and is up nearly 15% compared to 2019. Researchers also found 20.7% of all phishing attacks are business email compromise (BEC), and only 2.2% are extortion.
New Chubb Whitepaper Explores Common Types of Email Social Engineering Schemes
According to the Chubb whitepaper, the most common social engineering fraud schemes include impersonation of executives, vendors and suppliers, exploitation of email accounts, and manipulation of vendor management accounts.
Ransomware gangs now creating websites to recruit affiliates
Smart Home Experiences Over 12,000 Cyber-Attacks in a Week
The consumer group partnered with NCC Group and the Global Cyber Alliance (GCA) to conduct the experiment, in which a home was filled with numerous IoT devices, including TVs, thermostats and smart security systems. They then analyzed the number of attempted hacks that took place over several weeks.
https://www.infosecurity-magazine.com/news/smart-home-experiences-cyber/
Breaches & Attacks
_____________________________________________
Hackers hit a televised phone-in between President Putin and citizens at a TV show
Learn how Russian hackers used DDOS attacks of service attacks against Easter European companies in Sandworm.
Salvation Army Hit by Ransomware Attack
https://www.infosecurity-magazine.com/news/salvation-army-ransomware-attack/
Russian hackers had months-long access to Denmark’s central bank
FBI assisting Monroe, Michigan schools in cyber attack
US chemical distributor shares info on DarkSide ransomware data theft
An interesting case study of a Nefilim ransomware attack
During their active vulnerability scanning (T1595.002) of Company X’s internet facing hosts, the adversaries find that X has not patched a Citrix Application Delivery Controller vulnerability (CVE-2019–19781). This is a vulnerability they can exploit to gain initial access (T1133) through the exposed Remote Desktop Protocol (RDP), and so the attack begins!
All breaches and attack disclosures should indicate how the attackers got in as explained above. This will enable security professionals to monitor and mitigate top attack vectors more easily. This report also provides mitigations.
Microsoft admits to signing rootkit malware in supply-chain fiasco
Someone infiltrated a counterfeit check criminal ring. Companies and law enforcement apparently are not doing anything about it.
For the past year, B. Ware has maintained contact with an insider from the criminal group that’s been sending daily lists of would-be victims who are to receive counterfeit checks printed using the real bank account information of legitimate companies.
Traditionally, these groups have asked recipients to transit money via wire transfer. But these days, B. Ware said, the same crooks are now asking people to forward the money via mobile applications like CashApp and Venmo.
PurpleFox Using WPAD to Target Indonesian Users
To abuse WPAD, the PurpleFox authors registered the domain “wpad.id” with Cloudflare. They then load the URL for WPAD services, which is located at http://wpad[.]id/wpad[.]dat. At the time of analysis, this would return a standalone JavaScript version of the CVE-2019–1367 with custom shellcode to follow the attack chain setup for the WPAD attack. Figure 1 shows the WPAD resolution and malicious sample delivery.
Data Breach at Las Vegas Hospital
https://www.infosecurity-magazine.com/news/data-breach-at-las-vegas-hospital/
4.5 mn PDS beneficiaries’ data breached in TN, reports Technisanct
A link leaking 5.2 million user data, which includes 49,19,668 Aadhaar numbers, was uploaded on a popular hacker forum on June 28 by a vendor known to have shared the leaked databases in the past. Technisanct reported that major details, including the Personal Identifiable Information (PII) and Aadhaar number of citizens, beneficiaries’ details and those of their relatives too, have been kept for sale in a data sharing platform.
DreamHost Database Leak Exposed 815 Million Records of Customer Data
200,000 Northwestern patients affected in Elekta data breach; 42 health systems hit
A data breach on a cancer software vendor Stockholm-Based Elektra has exposed the information of 201,197 Chicago-based Northwestern Memorial HealthCare patients at nine health system hospitals. The health system is the last to come forward as a victim of the breach.
Data for 700 million LinkedIn users up for grabs on hacker forum
For the second time this year, data scraped from the accounts of hundreds of millions of LinkedIn users has been posted for sale on a hacking forum. This haul seems to be even bigger than the one that involved data belonging to 500 million LinkedIn user accounts and was put up for sale in April of this year.
Microsoft:
Our teams have investigated a set of alleged LinkedIn data that has been posted for sale,” the company’s statement to Threatpost said. “We want to be clear that this is not a data breach and no private LinkedIn member data was exposed.
Already being targeted by hackers:
Hacked Data for 69K LimeVPN Users Up for Sale on Dark Web
Hacker claims to have stolen the company’s entire customer database before knocking its website offline. Says they have every user’s key.
Banking details of policyholders leaked in a QSure data breach
South Africa-based insurance premium handling services provider QSure Pty Ltd.’s IT infrastructure was compromised in a cyber attack on June 9 leading to a data breach that affected the customer data of Qsure’s clients, including insurers and brokers, TechCentral reported. Banking details, including the account holder name, bank account numbers and bank branch codes of the policyholders have been compromised in the data breach incident.
Banking details of policyholders leaked in a data breach
Navistar data leaked on auction site after cyberattack
Byju’s, India’s most valued startup, is discovering the real cost of acquiring WhiteHat Jr. A server that mostly contained data about WhiteHat Junior’s students, parents and teachers — including email addresses, phone numbers and account reset information — was left exposed.
RSS newsreader NewsBlur was down for 10 hours last week after a criminal hacker attempted — unsuccessfully — to hold its data to ransom.
Data breach hits major SA insurance player
QSure, a big player in South Africa’s insurance industry, has been hit by a data breach in which bank account numbers and other sensitive information were compromised by a third party.
Ransomware attack exposes PHI of 38,000 Georgia fertility clinic patients
EA Ignored Vulnerabilities Prior To Massive Data Breach
Data breach sees UK Manchester council accidentally release residents’ personal details
In the data leak, how locals voted on the plans, including their comments, were inadvertently shared along with their personal details. The sensitive information was accidentally sent to resident Matt O’Donoghue, who has previously spoken out in favour of the planters, in response to a Freedom of Information request.
Hackers spread backdoor after compromising the Mongolian CA MonPass
Date Reported: 6/26/21
……………………………..
St. Mark’s School of Texas / Blackbaud (New Hampshire)
https://www.doj.nh.gov/consumer/security-breaches/documents/st-marks-texas-20210628.pdf
Town of Salem, New Hampshire (Maine)
Cause: External System Breach (Hacking)
https://apps.web.maine.gov/online/aeviewer/ME/40/b6cddbf3-abea-4939-8499-59f1944d029b.shtml
Date Reported: 6/28/21
……………………………..
TA Realty (New Hampshire)
Stratus (New Hampshire)
https://www.doj.nh.gov/consumer/security-breaches/documents/stratus-technologies-20210628.pdf
Asset Marketing Services, LLC d/b/a GovMint.com (New Hampshire)
Asset Marketing Services, LLC d/b/a GovMint.com, June 28, 2021
TEP Holdings LLC (Iowa, New Hampshire)
https://www.iowaattorneygeneral.gov/media/cms/6302021_Marsh_McLennan_6D3F7850F223E.pdf
Pharmavite LLC (California, New Hampshire)
https://oag.ca.gov/system/files/Pharmavite-%20Sample%20Letter.pdf
Cove Risk LLC (Maine)
https://apps.web.maine.gov/online/aeviewer/ME/40/d3a20374-7fd0-4574-8aeb-b9ba42c86eb3.shtml
Guardian Energy Management Solutions (Maine)
https://apps.web.maine.gov/online/aeviewer/ME/40/cce34eff-076a-429e-94db-116b4e41eea8.shtml
Braman Management Association (Maine, Montana)
https://apps.web.maine.gov/online/aeviewer/ME/40/805d1fca-0845-4537-adad-bcd4b92c9b11.shtml
Ankle and Foot Physicians and Surgeons PLLC (Montana)
https://media.dojmt.gov/wp-content/uploads/a-notif-31.pdf
Paxton Media Group (New Hampshire)
Paxton Media Group, June 28, 2021
Date Reported: 6/29/21
……………………………..
People Community Health Clinic (Montana)
https://media.dojmt.gov/wp-content/uploads/a-notif-33.pdf
Southern Eagle Distributing Inc. (Montana)
https://media.dojmt.gov/wp-content/uploads/a-notif-34.pdf
Freund, Freeze & Arnold, LPA (Maine, Montana)
https://apps.web.maine.gov/online/aeviewer/ME/40/7906af50-86bc-4b2f-84d0-24490e7d33fe.shtml
Arctaris Impact Investors LLC (Maine, New Hampshire)
https://apps.web.maine.gov/online/aeviewer/ME/40/4a38314f-b182-4148-842e-3c5de10ad572.shtml
Handi Quilter, Inc (Maine, Montana)
https://apps.web.maine.gov/online/aeviewer/ME/40/1a768d61-844c-4029-9731-33d6ea07bc19.shtml
Mash McLennan (Marsh, Mercer, GuyCarpenter, and OliverWyman) (Iowa, Montana)
https://www.iowaattorneygeneral.gov/media/cms/6302021_Marsh_McLennan_6D3F7850F223E.pdf
ASAP Semiconductor LLC (Montana)
https://media.dojmt.gov/wp-content/uploads/asapSamp.pdf
Date Reported: 6/30/21
……………………………..
Arnoff Moving & Storage (New Hampshire)
Arnoff Moving & Storage, Inc., June 30, 2021
AG/CM (New Hampshire)
Wolfe Clinic, P.C. (California, Maine, Iowa, New Hampshire, North Dakota)
Hudson Envelope of New Jersey Corp. (California, Montana, Maine)
https://oag.ca.gov/system/files/Hudson-Sample%20Letter.pdf
https://apps.web.maine.gov/online/aeviewer/ME/40/96b28f4b-ef37-4df2-8cec-d2ebaa2ebe4d.shtml
Arthur J. Gallagher & Co. (California, Maine)
https://oag.ca.gov/system/files/AJG%20-%20Sample%20Notice.pdf
https://apps.web.maine.gov/online/aeviewer/ME/40/e1bbd3ab-4fbb-432b-9110-7ed9ccc0a178.shtml
United Way of Greater Portland (Maine)
https://apps.web.maine.gov/online/aeviewer/ME/40/8bb542cf-6ae0-48d0-a9ef-110db41ec5a1.shtml
E.T. Dayton, Inc. dba Dayton Ritz and Osborne (Maine)
https://apps.web.maine.gov/online/aeviewer/ME/40/5eef1509-c57d-4cc3-b5ab-ea962b9801f7.shtml
Date Reported: 7/1/21
……………………………..
Marsh McLennan (Oregon)
No link to notification
Nevada Restaurant Services Inc. (Oregon, Maine, Montana, North Dakota)
https://apps.web.maine.gov/online/aeviewer/ME/40/e2b0f0dd-0c1d-4a34-91b1-148dfa376b28.shtml
Professional Business Systems d/b/a Practicefirst Medical Management Solutions and PBS Medcode Corp. (California, Maine, Montana)
https://apps.web.maine.gov/online/aeviewer/ME/40/dfa3beca-170a-45f9-9d61-e7d4c6990c30.shtml
Nevada Restaurant Services Inc. (California)
https://oag.ca.gov/system/files/NRS%20-%20Sample%20Notice.pdf
Discovery Practice Management, Inc. (California)
https://oag.ca.gov/system/files/DPM-%20Sample%20Letter.pdf
The Paradies Shops, LLC (California, Oregon, Maine, Montana)
https://oag.ca.gov/system/files/Consumer%20Notice%20Letter%20Sample.pdf
https://apps.web.maine.gov/online/aeviewer/ME/40/2d63098b-9062-4996-bc15-91301e44875b.shtml
The Producer Group, LLC (“TPG”) D/B/A The Todd Organization (Maine)
https://apps.web.maine.gov/online/aeviewer/ME/40/c51788ae-3c10-4acd-b796-3a9bbc0459e6.shtml
Lourdes University, Sisters of St. Francis of Sylvania (Maine)
https://apps.web.maine.gov/online/aeviewer/ME/40/80871286-bc56-45ca-b141-ce6c0e8ea9ed.shtml
Sitzberger & Company (Maine, Montana)
https://apps.web.maine.gov/online/aeviewer/ME/40/7f7f4db3-8e5b-415c-b1a3-4f78b690b511.shtml
Avient Corporation (Maine)
https://apps.web.maine.gov/online/aeviewer/ME/40/7c207e70-eec3-4a97-a46a-cf14242334f2.shtml
JP Noonan Transportation, Inc (Maine)
https://apps.web.maine.gov/online/aeviewer/ME/40/5b71313b-84ff-43f1-99a7-442736911eba.shtml
All Copy Products, Inc. (Maine)
https://apps.web.maine.gov/online/aeviewer/ME/40/09a3920b-a7fd-477b-9c80-8fa749faa1af.shtml
Kelly Klee, Inc. (Montana)
https://media.dojmt.gov/wp-content/uploads/kellySamp.pdf
Date Reported: 7/2/21
……………………………..
McCabe & Associates (Maine)
https://apps.web.maine.gov/online/aeviewer/ME/40/e4af7838-535e-4032-a71a-bbbf14c1c011.shtml
UnitedHealthcare (Maine, Montana)
https://apps.web.maine.gov/online/aeviewer/ME/40/db9e3502-fa52-4e4a-8d20-c65aad30ec88.shtml
Morgan Stanley / Guidehouse (Maine, Montana)
https://apps.web.maine.gov/online/aeviewer/ME/40/80c03b97-a91f-4211-a785-99ec745b46bd.shtml
Envision Pharma Group Ltd. (Maine)
https://apps.web.maine.gov/online/aeviewer/ME/40/41238827-0552-475b-9654-1ffd91a8182d.shtml
GPCD Partners, LLC (Maine)
https://apps.web.maine.gov/online/aeviewer/ME/40/14b87a89-91fc-4a7a-85d9-79511fd510eb.shtml
Indian Industries, Inc d/b/a RAVE Sports (Maine)
https://apps.web.maine.gov/online/aeviewer/ME/40/02172262-cc4f-4c11-a06e-50eecc74ef86.shtml
Cost of a Data Breach
_____________________________________________
SEC Settles Charges Against Real Estate Services Company Over Control Failures Related to Cybersecurity Disclosure
First American agreed to cease and desist from committing or causing future violations of Exchange Act Rule 13a-15 and to pay a civil money penalty of $487,616.
Two felons sentenced to prison for scheme to steal thousands in COVID-19 unemployment insurance funds
Extradited Ghanaian National Sentenced To Nearly 6 Years In Prison For Multimillion-Dollar Money Laundering Conspiracy
DEBORAH MENSAH was sentenced to 70 months in prison for her participation in a conspiracy to launder millions of dollars of fraud proceeds from business email compromises and romance scams that targeted the elderly from at least in or about 2014 through in or about 2018.
New Charges Filed Against Alleged Capital One Hacker
A superseding indictment filed in June accuses former software engineer Paige A. Thompson of seven new charges relating to the hack of Capital One. Six of the charges relate to computer fraud and abuse and one relates to access device fraud.
Check out 2nd Sight Lab’s analysis of the Capital One Breach.
https://www.infosecurity-magazine.com/news/new-charges-alleged-capital-one
Ransomware Losses Drive Up Cyber-Insurance Costs
Blackbaud must face data breach claims over 2020 ransomware attack
A South Carolina federal judge is allowing multidistrict data breach litigation against software company Blackbaud Inc to go forward, finding the plaintiffs have sufficiently alleged standing to keep the case on track.
Kroger agrees to pay $5 million over Accellion data breach
Volkswagen and Audi Hit with Data Breach Class Action
SEC Brings Charges Against Company for Deficient Data Breach Reporting Protocol
Private Eye Charged in Hacking Scheme Seeks Plea Deal
After two years of detention in a New York jail, a private investigator charged with involvement in a massive international hacker-for-hire scam is seeking to reach a plea agreement. Israeli national Aviram Azari is accused of working with co-conspirators in India to target environmental victims around the world with phishing emails and fake websites designed to steal their credentials.
https://www.infosecurity-magazine.com/news/private-eye-ready-to-sing/
Facebook sues hackers who hijacked advertising agencies’ accounts
Binance getting blocked around the world
Binance, the world’s largest and most popular cryptocurrency exchange network, has had a rough few days.
Colombian police arrest Gozi malware suspect after 8 years at large
Police warn of WhatsApp scams in time for Social Media Day
We have seen a surge in WhatsApp accounts being hacked, if you are sent a text from WhatsApp with a code on it, don’t share the code with ANYONE no matter who’s asking, or the reason why.
Laws & Legal
_____________________________________________
US email hacker gets his “computer trespass” conviction reversed
Legal matters always come down to the words you use, not always what is right. Had they chosen a different law the person may still have been in jail. He did serve 8 years of a 10 year sentence.
Four states propose laws to ban ransomware payments
This is good in a way, but will there be an exception process when a hospital or critical infrastructure gets shut down? Perhaps businesses should be double-fined — once by the attackers and again by the government.
ACH Data Security Rule Takes Effect
As of June 30, the ACH Security Framework now requires large, non-financial-institution (Non-Fi) originators, third-party service providers (TPSPs) and third-party senders (TPSs) to protect deposit account information by rendering it unreadable when it is stored electronically.
How is anyone in this business still storing unencrypted data?
https://www.infosecurity-magazine.com/news/ach-data-security-rule-takes/
Google Faces Administrative Case in Russia for Breaching Personal Data Law
Republic takes Senate, Cyber Ninjas to court for audit records
French law takes on cyber-bullying
China investigates Didi over cybersecurity days after its huge IPO
BEIJING/HONG KONG, July 2 (Reuters) — Didi Global’s (DIDI.N) shares fell more than 10% in New York on Friday after China’s cyberspace agency said it had launched an investigation into the Chinese ride-hailing giant to protect national security and the public interest.
Supreme Court decision may have significant implications for data breach and privacy class actions
The Supreme Court reversed, finding that only the members who had that their misleading credit reports were disclosed to third-parties by TransUnion had suffered a sufficient harm to trigger Article III standing. In assessing whether a class member has suffered a “concrete harm” under Article III, the Court reaffirmed principles from Spokeo v. Robins, namely that courts must “[a]ssess . . . whether the asserted harm has a ‘close relationship’ to a harm traditionally recognized as providing a basis for a lawsuit in American courts — such as physical harm, monetary harm, or various intangible harms including (as relevant here) reputational harm.”
So what about the harm that occurs down the road when data gets sold on the dark web?
SEC Appoints New Director Of Enforcement
New Mississippi law takes effect that requires computer science curriculum in all K-12 public schools
New laws legalize police state operations in Germany
Zero tolerance policy for child sexual exploitation: Twitter on FIR filed by Delhi police
Changes In Connecticut’s Data Privacy Laws — But Not As Drastic As It Could Have Been
Indiana Supreme Court Refuses to Hold Commercial Crime Policy Covers Ransomware Attack
New bipartisan cybersecurity bill aims to attract top talent into government, co-authors say
I hope this bill includes using contractors who do not want a government job but would be happy to assist. Someone contacted me about one of these “rotational assignments” and I offered to help through my company, providing the services I offer, but declined a full time job. There is no reason the government cannot hire people running small and large cybersecurity companies as consultants, using whatever methods the companies currently use to do work for their clients. Of course there may be some additional vetting.
Department of Defense approves additional (ISC)² certifications as requirements for cybersecurity staff
Investments
_____________________________________________
Barracuda Agrees to Acquire Skout Cybersecurity
Skout Cybersecurity was founded in 2013 to build a security platform that offers security monitoring, as well as endpoint and email protection for channel partners. So far it has raised $25 million in funding, Crunchbase reports.
SentinelOne Starts Trading on NYSE, Raises $1.2B IPO
Forcepoint to Acquire Cybersecurity Company Deep Secure; Sean Berg Quoted
Ntrinsec Raises $2.5M in Seed Funding
JFrog acquires Vdoo to secure the DevSecOps cycle
I’ve been talking about JFrog and related technologies a lot in my cybersecurity consulting calls for IANS Research.
Sevco Security raises $15M to scale adoption of the cloud-native security asset intelligence platform
Noname Security Lands $60M Series B
floLIVE Secures $15.5 Million Investment Led by Intel Capital and Launches New Global 5G Service
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2021
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
