01-06-202103-06-2021

Security daily (02-06-2021)

FireEye is selling its security products business for $1.2B

FireEye is selling its security products services to a consortium led by private equity firm Symphony Technology Group for $1.2 billion, the company announced on Wednesday. The long-time cybersecurity giant is best known recently for its role in alerting U.S. authorities in December to the breach of network software company SolarWinds. A months-long alleged Russian hack of the SolarWinds software ensnared at least nine U.S. federal agencies and nearly 100 U.S. companies. The separation announced Wednesday includes FireEye’s network, email, cloud and other security products. The company’s Mandiant forensic intelligence services will remain intact and continue to operate as its own publicly traded company, pending regulatory approval of the sale. FireEye will operate as a stand-alone company under the STG umbrella. “We believe this separation will unlock our high-growth Mandiant Solutions business and allow both organizations to better serve customers,” FireEye Chief Executive Officer Kevin Mandiant said in a statement. […] The post FireEye is selling its security products business for $1.2B appeared first on CyberScoop. (CyberScoop)

Sensitive medical, financial data exposed in extortion of Massachusetts hospital

A hospital in Massachusetts quietly paid off a ransomware gang after a February hack that exposed patients’ sensitive medical and financial data, the hospital said in a May 28 statement. Sturdy Memorial Hospital, a 126-bed facility in the city of Attleboro, said that the information exposed in the hacking incident may have included insurance claim numbers, medical history, treatment information, Social Security numbers, bank routing numbers and credit card numbers and security codes, among other data. “In exchange for a ransom payment, we obtained assurances that the information acquired would not be further distributed and that it had been destroyed,” Sturdy Memorial said. The incident did not affect patient care or medical devices, hospital spokesperson Kathi Hague said in an email. Hague declined to disclose the size of the ransom, the type of ransomware involved or the number of patients affected by the incident. “Though certain files on certain systems […] The post Sensitive medical, financial data exposed in extortion of Massachusetts hospital appeared first on CyberScoop. (CyberScoop)

Why combining FIDO2 and PKI provides broader enterprise-wide security

This past year’s seismic shift in how and where people access corporate resources has heightened the urgent need for organizations to upgrade the identity and authentication systems they rely on. That urgency isn’t likely to diminish anytime soon, according to a 2021 Gartner CIO survey. The survey found that 64% of employees at CIOs’ organizations are now able to work from home, and two-fifths are actually doing so, suggesting the landscape for authenticating users has clearly taken on new and more dynamic contours. But it’s not just people accessing enterprise resources. The transition to cloud-based services and the underlying automation supporting digital workloads have led to dramatic increases in the volume of non-human entities — virtual machines, mobile devices, applications, containers, and IoT/OT devices — all seeking their own access to enterprise resources independent of the end user’s identity. As a result, managing machine identities has also become part of […] The post Why combining FIDO2 and PKI provides broader enterprise-wide security appeared first on CyberScoop. (CyberScoop)

Team of romance scammers defrauded US victims out of $2.5M since 2016, DOJ says

U.S. prosecutors have charged nine people in connection with a scheme to defraud elderly Americans out of more than $2.5 million by pretending to be friends or romantic partners online. The suspects, who hail from Nigeria, Ghana and the U.S., used websites like Facebook and Google to find victims seeking friendship, companionship and love. By masquerading as interested partners who needed money, the thieves would convince unwitting victims, often senior citizens, to send them thousands of dollars at a time, the Justice Department said. The charges, unsealed Tuesday, are the latest allegations of so-called romance scams, in which fraudsters exploit lonely web users to try emptying their bank accounts. Victims reported $304 million in losses from romance scams in 2020, according to the Federal Trade Commission, a figure that does not account for any losses not disclosed to the government. Conversations typically begin innocuously on dating apps and social media […] The post Team of romance scammers defrauded US victims out of $2.5M since 2016, DOJ says appeared first on CyberScoop. (CyberScoop)

“Have I Been Pwned” breach site partners with… the FBI!

If your password gets stolen as part of a data breach, you'll probably be told. But what if your password gets pwned some other way? (Naked Security)

Amazon US Customers Have A Week To Opt Out Of Mass Wifi Sharing

(News ≈ Packet Storm)

JBS Ransomware Attack Likely The Work Of Russia

(News ≈ Packet Storm)

Cyber-Insurance Fuels Ransomware Payment Surge

(News ≈ Packet Storm)

Where Bug Bounty Programs Fall Flat

(News ≈ Packet Storm)

Cybercriminals Hold $115,000-Prize Contest to Find New Cryptocurrency Hacks

A top Russian-language underground forum has been running a "contest" for the past month, calling on its community to submit "unorthodox" ways to conduct cryptocurrency attacks. The forum's administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the possibility of targeting cryptocurrency-related technology, including the theft of private keys and (The Hacker News)

Researchers Uncover Hacking Operations Targeting Government Entities in South Korea

A North Korean threat actor active since 2012 has been behind a new espionage campaign targeting high-profile government officials associated with its southern counterpart to install an Android and Windows backdoor for collecting sensitive information. Cybersecurity firm Malwarebytes attributed the activity to a threat actor tracked as Kimsuky, with the targeted entities comprising of the Korea (The Hacker News)

The Incident Response Plan - Preparing for a Rainy Day

The unfortunate truth is that while companies are investing more in cyber defenses and taking cybersecurity more seriously than ever, successful breaches and ransomware attacks are on the rise. While a successful breach is not inevitable, it is becoming more likely despite best efforts to prevent it from happening.  Just as it wasn’t raining when Noah built the ark, companies must face the fact (The Hacker News)

Hackers‌ ‌Actively‌ ‌Exploiting‌ ‌0-Day‌ ‌in WordPress Plugin Installed on Over ‌17,000‌ ‌Sites

Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that's being actively exploited in the wild to upload malware onto sites that have the plugin installed. Wordfence's threat intelligence team, which discovered the flaw, said it reported the issue to the plugin's developer on May 31. While the flaw has (The Hacker News)

US Seizes Domains Used by SolarWinds Hackers in Cyber Espionage Attacks

Days after Microsoft, Secureworks, and Volexity shed light on a new spear-phishing activity unleashed by the Russian hackers who breached SolarWinds IT management software, the U.S. Department of Justice (DoJ) Tuesday said it intervened to take control of two command-and-control (C2) and malware distribution domains used in the campaign. The court-authorized domain seizure took place on May 28, (The Hacker News)

Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors

Starting June 8, Amazon will automatically enable a feature on its family of hardware devices, including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring Spotlight Cams, that will share a small part of your Internet bandwidth with nearby neighbors — unless you choose to opt-out. To that effect, the company intends to register all compatible devices that are operational in the (The Hacker News)

Podcast: The State of Ransomware

In this Threatpost podcast, Fortinet’s top researcher sketches out the ransom landscape, with takeaways from the DarkSide attack on Colonial Pipeline. (Threatpost)

Effective Adoption of SASE in 2021

In this Threatpost podcast, Forcepoint’s SASE and Zero Trust director describes how the pandemic jump-started SASE adoption. (Threatpost)

Banking Attacks Surge Along with Post-COVID Economy

FinTech fraud spikes 159 percent in Q1 2021 along with stimulus spending. (Threatpost)

REvil Ransomware Ground Down JBS: Sources

Responsible nations don't harbor cybercrooks, the Biden administration admonished Russia, home to the gang that reportedly froze the global food distributor's systems. (Threatpost)

DoJ Charges Rhode Island Woman in Phishing Scheme Against Politicians

Diana Lebeau allegedly tried to trick candidates for public office and related individuals into giving up account credentials by impersonating trusted associates and the Microsoft security team. (Threatpost)

Amazon Sidewalk Poised to Sweep You Into Its Mesh

On June 8, Amazon’s pulling all its devices into a device-to-device wireless mix, inspiring FUD along the way. Now's the time to opt out if you're be-FUDdled. (Threatpost)

01-06-202103-06-2021

/security-daily/ 03-06-2021 23:44:22