20-09-202122-09-2021

Security daily (21-09-2021)

Treasury sanctions cryptocurrency platform for working with ransomware payments

The Treasury Department on Tuesday announced sanctions against a cryptocurrency exchange for facilitating transactions involving money illegally gained via ransomware hacking, the first action of its kind. The sanctions against Russia-based exchange Suex are a significant step by the Biden administration in making it harder for cybercriminals to access payments, with the ultimate goal of disrupting the rapid rise of ransomware attacks. (The government did not disclose which hacking groups allegedly laundered their funds through the service.) “Exchanges like Suex are critical to attackers’ ability to extract profits from ransomware attacks. This action is a signal of our intention to expose and disrupt illicit infrastructure using these attacks,” said Wally Adeyemo, deputy secretary of the Treasury Department. Over 40% of Suex’s transactions are associated with illegal activity, according to the Treasury Department. The new sanctions block all of Suex’s property and business interests in the U.S. and threaten additional sanctions […] The post Treasury sanctions cryptocurrency platform for working with ransomware payments appeared first on CyberScoop. (CyberScoop)

Key lawmakers to CISA: Let us send you more money, power

The Department of Homeland Security’s cyber division, a key government agency charged with helping stop and respond to cyberattacks, might be getting ready for a bigger role in the spotlight.  One key House committee advanced legislation in July to give the Cybersecurity and Infrastructure Security Agency an extra $400 million. Then, another committee on Sept. 14 separately advanced its take on legislation that would provide an additional nearly $800 million to the agency, which has a $2 billion total budget in the current fiscal year. Those proposed funds come on top of another extra $650 million that Congress and President Joe Biden already provided to CISA in March through the American Rescue Plan focused on COVID-19 relief. And the recent moves on Capitol Hill to bolster CISA, an agency formally established only three years ago, aren’t limited to cash. Both chambers of Congress are contemplating legislation that would make CISA the […] The post Key lawmakers to CISA: Let us send you more money, power appeared first on CyberScoop. (CyberScoop)

iOS 15 launches with 22 documented security patches – including a Face ID bypass using a “3D model”

Fake heads! (Cue dystopian scifi music.) (Naked Security)

$5.9 Million Ransomware Attack On Farming Cooperative May Cause Food Shortage

(News ≈ Packet Storm)

Siemens Launches AI Solution To Fight Industrial Cybercrime

(News ≈ Packet Storm)

HackerOne Expands To Tackle Open Source Projects

(News ≈ Packet Storm)

Nation-State Group Breaches Alaska Department Of Health

(News ≈ Packet Storm)

US Sanctions Cryptocurrency Exchange SUEX for Aiding Ransomware Gangs

The U.S. Treasury Department on Tuesday imposed sanctions on Russian cryptocurrency exchange Suex for helping facilitate and launder transactions from at least eight ransomware variants as part of the government's efforts to crack down on a surge in ransomware incidents and make it difficult for bad actors to profit from such attacks using digital currencies. "Virtual currency exchanges such as (The Hacker News)

The Gap in Your Zero Trust Implementation

Over the last several years, there have been numerous high-profile security breaches. These breaches have underscored the fact that traditional cyber defenses have become woefully inadequate and that stronger defenses are needed. As such, many organizations have transitioned toward a zero trust security model. A zero trust security model is based on the idea that no IT resource should be trusted (The Hacker News)

High-Severity RCE Flaw Disclosed in Several Netgear Router Models

Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. <!--adsense--> Traced as CVE-2021-40847 (CVSS score: 8.1), the security weakness impacts the following models -

R6400v2 (fixed in firmware version 1.0.4.120) R6700 (The Hacker News)

VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server

VMware on Tuesday published a new bulletin warning of as many as 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that a remote attacker could exploit to take control of an affected system. The most urgent among them is an arbitrary file upload vulnerability in the Analytics service (CVE-2021-22005) that impacts vCenter Server 6.7 and 7.0 deployments. "A malicious actor with (The Hacker News)

Unpatched High-Severity Vulnerability Affects Apple macOS Computers

Cybersecurity researchers on Tuesday disclosed details of an unpatched zero-day vulnerability in macOS Finder that could be abused by remote adversaries to trick users into running arbitrary commands on the machines. "A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands, these files can be embedded inside emails which if the user clicks on them (The Hacker News)

Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug

Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe's ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target's network 79 hours after the hack. The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a (The Hacker News)

New Capoae Malware Infiltrates WordPress Sites and Installs Backdoored Plugin

A recently discovered wave of malware attacks has been spotted using a variety of tactics to enslave susceptible machines with easy-to-guess administrative credentials to co-opt them into a network with the goal of illegally mining cryptocurrency. "The malware's primary tactic is to spread by taking advantage of vulnerable systems and weak administrative credentials. Once they've been infected, (The Hacker News)

Cybersecurity Priorities in 2021: How Can CISOs Re-Analyze and Shift Focus?

2020 was a year of relentless disruptions. The protective layer of secured enterprise networks and controlled IT environments of the physical premises did not exist. Over the past year, CISOs (Chief Information Security Officers) have had to grapple with the challenges of bolstering the security posture, minimizing risks, and ensuring business continuity in the new normal. The rise in volumes (The Hacker News)

Europol Busts Major Crime Ring, Arrests Over 100 Online Fraudsters

Law enforcement agencies in Italy and Spain have dismantled an organized crime group linked to the Italian Mafia that was involved in online fraud, money laundering, drug trafficking, and property crime, netting the gang about €10 million ($11.7 million) in illegal proceeds in just a year. "The suspects defrauded hundreds of victims through phishing attacks and other types of online fraud such (The Hacker News)

Epik Confirms Hack, Gigabytes of Data on Offer

"Time to find out who in your family secretly ran ... [a] QAnon hellhole," said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security. (Threatpost)

Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It?

Nick Kael, CTO at Ericom, discusses how phishing is gaining sophistication and what it means for businesses. (Threatpost)

Turla APT Plants Novel Backdoor In Wake of Afghan Unrest

“TinyTurla,” simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years. (Threatpost)

20-09-202122-09-2021

/security-daily/ 22-09-2021 23:44:23