Welcome to CyberIntelMag’s weekly roundup! A place where you can find the most important stories in the cybersecurity world from the past week.
From the good news:
This week, we’ve learned about new commitments from big tech to bolster US cybersecurity, the demise of the Ragnarok ransomware gang, new initiatives from IBM and Linux, and more.
- Leaders from various industries and organizations, such as Microsoft, Google, committed to investing billions in bolstering US cybersecurity during the White House’s cybersecurity summit.
- IBM has announced a new Secure Access Service Edge (SASE) solution to encourage the zero-trust approach in the enterprise. It will leverage technology provided by cybersecurity firm Zscaler, and IBM’s zero-trust strategy protocols, SASE blueprints, a modern network architecture, and Zscaler capabilities.
- The Linux Foundation and allies are launching a new program and will pay developers who help secure Linux and open-source software programs. It is funded by a variety of pro-Linux and open-source organizations, including Google, Microsoft, and the Open Source Security Foundation (OpenSSF).
- Data backup and recovery provider HYCU announced a new free-of-charge cloud application to help organizations identify and measure their ability to effectively recover from ransomware attacks. It is available as a free service at GetRScore.org.
- Microsoft has released guidance to help organizations address the actively exploited ProxyShell flaws that affect several versions of its Exchange servers.
- The FBI has released technical details, tactics, and methods used in the attacks carried out by the Hive ransomware.
- The Ragnarok ransomware gang has reportedly shut down its operations and released the master key for victims to unlock files that were encrypted with Ragnarok malware.
From the bad news:
This week has brought news about new ransomware victims, security holes in Ethereum, Microsoft databases, and Microsoft’s Power Apps, new details on fledgling ransomware gangs, and other important stories you can’t miss.
- The Boston Public Library (BPL) was hit by a cyberattack on Wednesday, which led to a system-wide outage. An ongoing investigation by external IT experts has not yet found any evidence of data stolen.
- The Ethreum project had to address a high-severity chain-split flaw in the “Geth” implementation of Ethereum protocol that could cause corruption in blockchain applications and network outages.
- Several new ransomware gangs have recently debuted and are threatening organizations in various sectors. CIM detailed seven new ransomware operations: ALTDOS, AvosLocker, Hive, HelloKitty, LockBit 2.0 and OnePercent Group, and BlackMatter.
- Microsoft has warned thousands of customers about a flaw in their Azure databases. The vulnerability in Microsoft’s Cosmos DB database can let attackers gain the ability to read, change, or even delete the main databases.
- Three new ransomware attacks on healthcare institutions were confirmed this week that resulted in patient data breaches. Among the victims are US Eskenazi Health hospital, a private eye clinic Eye & Retina Surgeons in Singapore, and Atlanta Allergy & Asthma.
- A new zero-click exploit in iMessage allows to secretly install NSO Group’s Pegasus spyware. The vulnerability was exploited to compromise the devices of at least nine Bahraini activists, according to researchers at Citizen Lab.
- According to FortiGuard Labs’ 2021 mid-year Global Threat Landscape Report, ransomware attacks have seen a staggering, more than tenfold increase. The volume of attacks has also increased significantly over the past six months.
- Bitdefender researchers reported that cybercrime gang FIN8 has breached a US financial institution’s network and installed a never-before-seen backdoor. Dubbed Sardonic, FIN8 distributes it via social engineering or spear-phishing. Its main goal is to harvest system information.
- Over 38 million records from 47 users of Microsoft’s Power Apps were found exposed online. Various governments and companies have been affected as a result.
- A US Nokia subsidiary was hit by an attack with Conti ransomware during which attackers stole data and encrypted its systems. Personal information of Nokia employees was stolen.