Free decryptor for files encrypted by REvil/Sodinokibi prior to July 13, 2021 (Source: Bitdefender)

Good News: REvil Ransomware Victims Get Free Decryptor

Mathew J. Schwartz • September 17, 2021

Score one for the good guys in the fight against ransomware: Anyone who fell victim to REvil, aka Sodinokibi, crypto-locking malware before July 13 can now decrypt their files for free, thanks to a decryptor released by security firm Bitdefender.

Access Management

United Nations Says Attackers Breached Its Systems

Latest

Cybercrime

Illinois Man Convicted of Running DDoS Facilitation Websites

Prajeet Nair • September 19, 2021

An Illinois man has been found guilty of running subscription-based distributed denial of service attacks that enabled customers to launch DDoS strikes of their own. He is now facing a statutory maximum sentence of 35 years in federal prison when sentenced in January 2022.

Application Security

Mirai Botnet Actively Exploiting OMIGOD Flaw

Mihir Bagwe • September 17, 2021

The Mirai botnet is actively exploiting the known vulnerability CVE-2021-38647, which is part of a quarter of vulnerabilities dubbed OMIGOD, in Microsoft's Azure Linux Open Management Infrastructure framework, according to Kevin Beaumont, head of the security operations center for Arcadia Group.

Cybercrime

Fraudster Gets 12-Year Sentence for AT&T 'Unlocking' Scheme

Dan Gunderman • September 17, 2021

A dual citizen of Pakistan and Grenada has been sentenced to 12 years in prison for orchestrating a seven-year scheme that unlawfully unlocked nearly 2 million AT&T smartphones, which the carrier says amounted to $200 million in subscriber losses, according to the U.S. DOJ.

Application Security

Nigerian Hacker Connected to Aviation Industry Attacks

Doug Olenick • September 17, 2021

Cisco Talos researchers have connected a previously discovered series of aviation industry attacks stretching back more than three years to a Nigeria-based attacker. The attacker sold the stolen information on the darknet, the researchers say.

3rd Party Risk Management

US Warns Nation-State Groups May Exploit Flaw in Zoho Tool

Scott Ferguson • September 17, 2021

CISA, the FBI and the U.S. Coast Guard Cyber Command warn users of Zoho Corp.'s single sign-on and password management tool to patch for a vulnerability that nation-state groups may look to exploit. Attackers could use the bug to compromise credentials and exfiltrate data from Active Directory.

Business Continuity Management / Disaster Recovery

Is White House Crackdown on Ransomware Having Any Effect?

Mathew J. Schwartz • September 17, 2021

The latest edition of the ISMG Security Report features an analysis of the state of the Biden administration's efforts to disrupt ransomware attackers, as well as how a newly patched Apple iMessage flaw was being targeted by Pegasus spyware to effect zero-click exploits.

Business Continuity Management / Disaster Recovery

Is Grief's Threat to Wipe Decryption Key Believable?

Doug Olenick • September 16, 2021

Regarding the recent tactical innovation by the Grief ransomware gang that is threatening to wipe a victim's data and decryption key if the victim engages a ransom negotiator, analysts are calling this a desperate ploy to scare a target into paying the ransom demand.

Breach Notification

FTC: Health App, Device Makers Must Report Breaches

Marianne Kolbasuk McGee • September 16, 2021

The FTC warns makers of personal health records, mobile health apps, fitness devices and a variety of similar products and services that they will face stiff civil monetary penalties for failure to comply with the commission's 12-year-old - but never-yet enforced - Health Breach Notification Rule.

Application Security

Republican Governors Association Targeted in Exchange Attacks

Scott Ferguson • September 16, 2021

The Republican Governors Association was one of several U.S. organizations targeted in March when a nation-state group took advantage of vulnerabilities in Microsoft Exchange email servers, according to a breach notification letter filed with Maine authorities. It appears some PII was exposed.

CISO Trainings

Profiles in Leadership: Tim Nedyalkov, Commonwealth Bank

Jeremy Kirk • September 16, 2021

Cloud-based services are affecting governance, risk management and compliance practices in Australia, says Tim Nedyalkov, who is a technology information security officer with Commonwealth Bank. He discusses the differences between how managers and practitioners approach the problems.

Blockchain & Cryptocurrency

New York Court Shuts Down Crypto Platform 'Coinseed'

Dan Gunderman • September 15, 2021

New York officials won a court order shuttering cryptocurrency trading platform Coinseed, after it allegedly defrauded thousands of investors out of millions of dollars, according to State Attorney General Letitia James. The court also awarded a $3 million judgment against Coinseed and its CEO.

Business Continuity Management / Disaster Recovery

House Committees Seek to Spend Millions on Cybersecurity

Scott Ferguson • September 15, 2021

A pair of House committees this week said they want to spend additional millions on cybersecurity by injecting funds into CISA and the FTC, as part of the debate over the Biden administration's $3.5 trillion budget proposal for 2022. Part of the money would help fulfill Biden's executive order.