Biden Says U.S. Will Take 'Any Necessary Action' to Defend U.S. Against Ransomware Attacks

Kaseya employees reportedly told execs of security flaws, CNA Financial hit with data breach, Ukraine blames Russia for hack on military drills, Iran pins train disruption on Mossad cyberattack, more

Stay on top of developments throughout the day by following us on Twitter!

Follow Metacurity on Twitter

Following a series of disruptive ransomware attacks culminating in the infection of software provider Kaseya, President Biden told Russian President Vladimir Putin in a phone call that the United States will take “any necessary action” to defend U.S. infrastructure.

“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Biden said. (Ellen Nakashima and Eugene Scott / Washington Post)

Related: Business InsiderWRAL Tech WireFox BusinessWashingtonExaminer.comInvestor's Business DailyTechCrunchTODAYonlineReutersWashington ExaminerThe SunAOLPOLITICOVoxRT USABusiness InsiderMercury NewsChicago Sun-Times - AllVoxMalay Mail - AllWGRZ - NewsBloombergUPI.comWSJ.com: World NewsThe Hill: CybersecurityCNN.comDeutsche WelleTASSChannel News AsiaNew York TimesDaily MailIT ProFinancial TimesWSJ.com: World NewsWashington Post PoliticsNew York Daily NewsAP Top NewsCTVNews.caTribLIVEThe IndependentCapital GazetteNews: NPR, CNBCEuronewsSputnik News, iNewsNYT > PoliticsCBSNews.comTechSpotThe Korea Times NewsSecurityWeek, Axios

Employees at software provider Kaseya, which became the victim of Russian ransomware gang REvil, say they warned supervisors for years of security flaws in the firm’s software and IT security practices to no avail, five former employees say.

For years the employees reportedly warned that Kaseya used outdated code, implemented poor encryption, and didn’t routinely patch its software and servers. They claim they specially warned of vulnerabilities in its antiquated Virtual System Administrator software. A zero-day flaw in this software is what allowed REvil to launch its ransomware attack. One employee said he sent Kaseya executives a 40-page memo outlining his security concerns. (Ryan Gallagher and Andrew Martin / Bloomberg)

Related: Gizmodo, Silicon Angle, Engadget

Leading U.S. insurance company CNA Financial Corporation informed customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March.

The data breach reported by CNA, which occurred between March 5 and March 21, affected 75,349 individuals, according to breach information filed with the office of Maine's Attorney General. The breach affected mostly current and former employees, contract workers, and their dependents. The exposed data included personal information including name, Social Security number, and in some instances, information related to health benefits for certain individuals. (Sergiu Gatlan / Bleeping Computer)

Related: CISO MAGReddit - cybersecuritySecurityWeekTechradarSecurity AffairsDataBreaches.netCandid.Technology

Heshmatollah Falahatpisheh, formerly the head of the Iranian parliament’s committee for national security and foreign affairs, said that cyberattacks that disrupted Iran last week resulted from actions taken against Iran by the Israeli Mossad spy agency.

Trains in Iran were disrupted after a notice on electronic boards at stations asked travelers to call a number that belonged to the office of Supreme Leader Ayatollah Ali Khamenei. (Elad Benari / Arutz Sheva)

Related: Jerusalem PostPerthNowGizmodoAlgemeiner.comJust SecurityGuardian, The Times of IsraelDAILYSABAHChannel News Asia, JewishPress.comAssociated Press TechnologyThe IndependentSecurityWeekReuters: World NewsHaaretz.comAl BawabaSecurity Affairs, The Hindu - NewsBusiness StandardNDTV Gadgets360.com, TechXplore, Security Week, PresstvAlgemeiner.com

Ukraine's defense ministry said that hackers linked to the Russian authorities attacked the website of the Ukrainian Naval Forces and published fake reports about the international Sea Breeze-2021 military drills.

The military exercises, which Russia opposes, involve more than 30 countries in the Black Sea. (Natalia Zinets / Reuters)

Related: News 112.internationalThe Hill

In what Germany's Federal Office for Information Security (BSI) declare’s the country’s first "cyber-catastrophe,” the district of Anhalt-Bitterfeld in the eastern German state of Saxony-Anhalt says it was the victim of a cyberattack and has formally declared disaster after hackers infiltrated its computer systems.

Anhalt-Bitterfeld will likely be forced to remain offline for at least a week, leaving it unable to fulfill its duties such as pay out welfare benefits to recipients or finance youth programs. (Deutsche Welle)

Related: PerthNowChannel News Asia

Researchers at Trend Micro say that a new remote access trojan (RAT) dubbed BIOPASS uses the popular OBS Studio live-streaming app to record and broadcast the screen of its victims to attackers.

The RAT has targeted online gambling companies in China and has been disguised inside legitimate installers for Adobe Flash Player or Microsoft Silverlight, two technologies still being used in China, despite reaching EOL (end-of-life). (Catalin Cimpanu / The Record)

Related: Trend MicroThe Hacker News

Mobile carrier Mint Mobile disclosed a data breach after an unauthorized person gained access to subscribers' account information and ported phone numbers to another carrier.

According to an email sent to affected customers, between June 8th and June 10th, a threat actor ported the phone numbers for a "small" number of Mint Mobile subscribers to another carrier without authorization. (Lawrence Abrams / Bleeping Computer)

Related: xda-developersApple InsiderAndroid CentralSecurity AffairsTechDator

Microsoft said it had awarded $13.6M in bug bounties to more than 340 security researchers across 58 countries over the past year.

The largest award was $200K under the Hyper-V Bounty Program. The average award was more than $10,000 across all programs. (Catalin Cimpanu / The Record)

Related: ZDNet SecurityIT ProSecurityWeek, DataBreaches.net, Microsoft

A new personal project of Jack Cable, a Stanford University student and security researcher for the Krebs Stamos Group, dubbed Ransomwhere, seeks to create a crowdfunded, free, and open database of past ransomware payments to expand visibility into the broader picture of the ransomware ecosystem.

The site allows victims of ransomware attacks or cybersecurity professionals to submit a copy of a ransom note, along with the size of the ransom demand and the Bitcoin address where victims made the payment, which would then be indexed in a public database. (Catalin Cimpanu / The Record)

Related: TechCrunch

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory that Philips Clinical Collaboration Platform Portal (aka Vue PACS) suffers from multiple vulnerabilities, some of which could be exploited by an adversary to take control of an affected system.

Philips fixed some of the shortcomings as part of its updates shipped in June 2020 and May 2021 and is expected to patch the rest of the security issues in version 15 of Speech, MyVue, and PACS, currently in development and set for release in Q1 2022. In the meantime, CISA urges entities to minimize network exposure for all control system devices and ensure that they are not accessible from the Internet, segment control system networks and remote devices behind firewalls, and use virtual private networks (VPNs) for secure remote access. (Ravie Lakshmanan / The Hacker News)

Related: Heimdal Security BlogPocket-lint, CISA

The Cyberspace Administration of China said that all companies holding personal data on at least one million users must apply for a cybersecurity review, similar to the one that marred the U.S. stock market debut of Didi Global Inc. last week.

On Friday, China’s cyber watchdog ordered mobile app stores to remove 25 apps operated by Didi’s China arm and banned websites and platforms from providing access to Didi-linked services in the country. (Keith Zhai and Frances Yoon / Wall Street Journal)

Related: Japan TimesSouth China Morning PostFinancial TimesBusiness StandardTech - Nikkei Asian ReviewThe Straits Times Asia NewsChannel News AsiaReuters

Sources say that Microsoft has agreed to acquire digital threat management firm RiskIQ for $500 million.

The deal is expected to be announced in the next few days. (Katie Roof and Dina Bass / Bloomberg)

Related: Techradar, Silicon Angle, Mspoweruser, GeekWire, MSPoweruserMSSP AlertTechCentralThe NationalGovCon Wire

Photo by Valery Tenevoy on Unsplash