Biden Says U.S. Will Take 'Any Necessary Action' to Defend U.S. Against Ransomware Attacks
Kaseya employees reportedly told execs of security flaws, CNA Financial hit with data breach, Ukraine blames Russia for hack on military drills, Iran pins train disruption on Mossad cyberattack, more
Stay on top of developments throughout the day by following us on Twitter!
Following a series of disruptive ransomware attacks culminating in the infection of software provider Kaseya, President Biden told Russian President Vladimir Putin in a phone call that the United States will take “any necessary action” to defend U.S. infrastructure.
“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Biden said. (Ellen Nakashima and Eugene Scott / Washington Post)
Related: Business Insider, WRAL Tech Wire, Fox Business, WashingtonExaminer.com, Investor's Business Daily, TechCrunch, TODAYonline, Reuters, Washington Examiner, The Sun, AOL, POLITICO, Vox, RT USA, Business Insider, Mercury News, Chicago Sun-Times - All, Vox, Malay Mail - All, WGRZ - News, Bloomberg, UPI.com, WSJ.com: World News, The Hill: Cybersecurity, CNN.com, Deutsche Welle, TASS, Channel News Asia, New York Times, Daily Mail, IT Pro, Financial Times, WSJ.com: World News, Washington Post Politics, New York Daily News, AP Top News, CTVNews.ca, TribLIVE, The Independent, Capital Gazette, News: NPR, CNBC, Euronews, Sputnik News, iNews, NYT > Politics, CBSNews.com, TechSpot, The Korea Times News, SecurityWeek, Axios
Employees at software provider Kaseya, which became the victim of Russian ransomware gang REvil, say they warned supervisors for years of security flaws in the firm’s software and IT security practices to no avail, five former employees say.
For years the employees reportedly warned that Kaseya used outdated code, implemented poor encryption, and didn’t routinely patch its software and servers. They claim they specially warned of vulnerabilities in its antiquated Virtual System Administrator software. A zero-day flaw in this software is what allowed REvil to launch its ransomware attack. One employee said he sent Kaseya executives a 40-page memo outlining his security concerns. (Ryan Gallagher and Andrew Martin / Bloomberg)
Leading U.S. insurance company CNA Financial Corporation informed customers of a data breach following a Phoenix CryptoLocker ransomware attack that hit its systems in March.
The data breach reported by CNA, which occurred between March 5 and March 21, affected 75,349 individuals, according to breach information filed with the office of Maine's Attorney General. The breach affected mostly current and former employees, contract workers, and their dependents. The exposed data included personal information including name, Social Security number, and in some instances, information related to health benefits for certain individuals. (Sergiu Gatlan / Bleeping Computer)
Heshmatollah Falahatpisheh, formerly the head of the Iranian parliament’s committee for national security and foreign affairs, said that cyberattacks that disrupted Iran last week resulted from actions taken against Iran by the Israeli Mossad spy agency.
Trains in Iran were disrupted after a notice on electronic boards at stations asked travelers to call a number that belonged to the office of Supreme Leader Ayatollah Ali Khamenei. (Elad Benari / Arutz Sheva)
Related: Jerusalem Post, PerthNow, Gizmodo, Algemeiner.com, Just Security, Guardian, The Times of Israel, DAILYSABAH, Channel News Asia, JewishPress.com, Associated Press Technology, The Independent, SecurityWeek, Reuters: World News, Haaretz.com, Al Bawaba, Security Affairs, The Hindu - News, Business Standard, NDTV Gadgets360.com, TechXplore, Security Week, Presstv, Algemeiner.com
Ukraine's defense ministry said that hackers linked to the Russian authorities attacked the website of the Ukrainian Naval Forces and published fake reports about the international Sea Breeze-2021 military drills.
The military exercises, which Russia opposes, involve more than 30 countries in the Black Sea. (Natalia Zinets / Reuters)
In what Germany's Federal Office for Information Security (BSI) declare’s the country’s first "cyber-catastrophe,” the district of Anhalt-Bitterfeld in the eastern German state of Saxony-Anhalt says it was the victim of a cyberattack and has formally declared disaster after hackers infiltrated its computer systems.
Anhalt-Bitterfeld will likely be forced to remain offline for at least a week, leaving it unable to fulfill its duties such as pay out welfare benefits to recipients or finance youth programs. (Deutsche Welle)
Researchers at Trend Micro say that a new remote access trojan (RAT) dubbed BIOPASS uses the popular OBS Studio live-streaming app to record and broadcast the screen of its victims to attackers.
The RAT has targeted online gambling companies in China and has been disguised inside legitimate installers for Adobe Flash Player or Microsoft Silverlight, two technologies still being used in China, despite reaching EOL (end-of-life). (Catalin Cimpanu / The Record)
Mobile carrier Mint Mobile disclosed a data breach after an unauthorized person gained access to subscribers' account information and ported phone numbers to another carrier.
According to an email sent to affected customers, between June 8th and June 10th, a threat actor ported the phone numbers for a "small" number of Mint Mobile subscribers to another carrier without authorization. (Lawrence Abrams / Bleeping Computer)
Microsoft said it had awarded $13.6M in bug bounties to more than 340 security researchers across 58 countries over the past year.
The largest award was $200K under the Hyper-V Bounty Program. The average award was more than $10,000 across all programs. (Catalin Cimpanu / The Record)
A new personal project of Jack Cable, a Stanford University student and security researcher for the Krebs Stamos Group, dubbed Ransomwhere, seeks to create a crowdfunded, free, and open database of past ransomware payments to expand visibility into the broader picture of the ransomware ecosystem.
The site allows victims of ransomware attacks or cybersecurity professionals to submit a copy of a ransom note, along with the size of the ransom demand and the Bitcoin address where victims made the payment, which would then be indexed in a public database. (Catalin Cimpanu / The Record)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory that Philips Clinical Collaboration Platform Portal (aka Vue PACS) suffers from multiple vulnerabilities, some of which could be exploited by an adversary to take control of an affected system.
Philips fixed some of the shortcomings as part of its updates shipped in June 2020 and May 2021 and is expected to patch the rest of the security issues in version 15 of Speech, MyVue, and PACS, currently in development and set for release in Q1 2022. In the meantime, CISA urges entities to minimize network exposure for all control system devices and ensure that they are not accessible from the Internet, segment control system networks and remote devices behind firewalls, and use virtual private networks (VPNs) for secure remote access. (Ravie Lakshmanan / The Hacker News)
The Cyberspace Administration of China said that all companies holding personal data on at least one million users must apply for a cybersecurity review, similar to the one that marred the U.S. stock market debut of Didi Global Inc. last week.
On Friday, China’s cyber watchdog ordered mobile app stores to remove 25 apps operated by Didi’s China arm and banned websites and platforms from providing access to Didi-linked services in the country. (Keith Zhai and Frances Yoon / Wall Street Journal)
Sources say that Microsoft has agreed to acquire digital threat management firm RiskIQ for $500 million.
The deal is expected to be announced in the next few days. (Katie Roof and Dina Bass / Bloomberg)