Corporate Execs Fear SEC's SolarWinds Probe Will Expose Unreported Cybersecurity Incidents

Ransomware leaks expose sensitive data on nation's children, Hackers stole troves of data from U.N., Apple's bug bounty program slammed by researchers, Man sentenced for laundering NK money, more

According to sources, the U.S. Securities and Exchange Commission’s (SEC) investigation into the SolarWinds Russian hacking operation has dozens of corporate executives fearful that information unearthed in the expanding probe will expose them to liability.

The fears center on a possible revelation of unreported cyber incidents unrelated to the Russian espionage campaign, giving the SEC a rare level of insight into previously unknown incidents that the companies likely never intended to disclose. (Christopher Bing and Chris Prentice, Joseph Menn / Reuters)

An investigation by NBC News, informed by assistance from Brett Callow, a ransomware analyst at Emsisoft, revealed that ransomware gangs published data from more than 1,200 American K-12 schools and exposed school children's personal information.

Some of the data is highly sensitive, such as medical conditions or family financial statuses. Other data, such as Social Security numbers or birthdays, are permanent indicators of who they are, and their theft can set up a child for a lifetime of potential identity theft. (Kevin Collier / NBC News)

Cybersecurity firm Resecurity discovered that hackers used the stolen username and password of a UN employee purchased off the dark web to breach the United Nations' computer networks at some point between April 5 and August 27 and steal troves of data.

The hackers also sought to map out more information about how the UN's computer networks are built and compromise 53 UN accounts. Users across at least three dark web marketplaces were selling these same credentials as recently as July 5. (William Turton and Kartikay Mehrotra / Bloomberg)

Related: Courthouse News ServiceBloomberg NewsThe Straits Times Tech NewsTIME, Sputnik News, IT Pro, DataBreaches.net, Cybereason Blog, The Hill: Cybersecurity, The Hill: Cybersecurity, IT Pro, Washington Post, CNN.com, Exploit One, Big News Network

Security researchers are fed up with Apple’s bug bounty program because the Cupertino tech giant is slow to fix reported bugs, communicates poorly with researchers, and does not always pay hackers what they believe they’re owed, according to sources familiar with the program.

Apple’s problems in dealing with bug bounties have prompted some researchers to sell their discoveries to “gray market” customers like government agencies or companies that sell sophisticated hacking services or go public without notifying Apple. Apple says its bug bounty program is a “work in progress.” (Reed Albergotti / The Washington Post)

Related: Security News | Tech Times, iPhone in Canada Blog, iPhone Hacks, Ars Technica, Cybersecurity, Cybersecurity, The Mac Observer, The Mac Observer, AppleInsider, Becker's Hospital Review, The Loop, iPhone Hacks, AppleInsider, PogoWasRight.org, The Mac Observer

Ghaleb Alaumary from Mississauga, Ontario, pleaded guilty to two counts of conspiracy to commit money laundering for his role in a global hacking and money laundering scheme allegedly spearheaded by North Korean cyber criminals.

Alaumary was sentenced to 140 months in federal prison and to pay more than $30 million in restitution. (Jeff Stone / Cyberscoop)

Related: EngadgetTechNaduThe Record, Security Week, Justice.gov

A ransomware attacker known as “darkrypt” leaked hundreds of thousands of documents and lists containing personal details of students and lecturers at Bar Ilan University in Israel.

The university negotiated but did not pay the attacker’s ransom at the recommendation of the Shin Bet security agency and the National Cyber Directorate. Some students are planning to sue the university after their details were leaked and their online passwords were changed, locking them out of some systems. (The Times of Israel)

Related: Israel Hayom, DataBreaches.net

Following a melee over alleged COVID-19 quarantine breaches that broke out at last weekend's World Cup qualifier in Sao Paulo, Brazil, miscreants this week defaced the website of Brazil's Health Regulatory Agency, ANVISA, to include an Argentina flag and a provocative message,

The site was out of service for around 90 minutes, but none of the regulator's other systems were affected. (AFP)

National Cyber Director Chris Inglis expects his newly created office to be fully staffed and up and running by Fall 2022.

Speaking at a Reagan Institute event, Inglis said, “So I expect that by this time next year, we'll have, you know, a full-featured kind of set of folks who are helping us get those things done working collaboratively with the other players in this space, both in the private and the public sector.” (Mariam Baksh / Nextgov)

Related: FCW, DataBreachToday.com, Dark Reading, Cyberscoop, The Record

A coalition of researchers from McAfee, Intel 471, and Coveware say that the ransomware gang known as Groove, which emerged in July, likely split off from the Babuk gang, typical of the trend of turmoil within extortion groups that use the ransomware-as-a-service (RaaS) model.

Evidence also suggests that Groove has worked with another ransomware gang, BlackMatter, that also recently emerged. (Tim Starks / Cyberscoop)

Related: DataBreachToday.com, McAfee

Researchers at Symantec say that the novel backdoor technique called SideWalk, tied to the China-linked Grayfly espionage group, has been deployed in recent Grayfly campaigns against organizations in Taiwan, Vietnam, the US, and Mexico.

Despite the U.S. indictment of related Chinese threat actors in 2020, the SideWalk campaign suggests that the arrests and the publicity can’t have made much of a dent in Chinese threat actor activity. (Lisa Vaas / Threatpost)

Related: Reddit - cybersecurity, Dark Reading, The Hacker News, Symantec

Russian security firm Qrator labs discovered that a new botnet consisting of an estimated 250,000 malware-infected devices dubbed Mērisfor, the Latvian word for “plague,” was behind some of the biggest DDoS attacks over the summer.

“In the last couple of weeks, we have seen devastating attacks towards New Zealand, United States, and Russia, which we all attribute to this botnet species,” the company researchers said. (Catalin Cimpanu / The Record)

Related: SecureNews, Exploit One, Security Affairs, Qrator Labs

A new internet threat group called CoomingProject claimed responsibility for a data breach at the South African National Space Agency (SANSA) after a file containing SANSA information was found in the public domain.

SANSA confirmed the data and said that the file contained personal information of previous students at SANSA. SANSA also noted that it had issued take-down requests to the sites and domains hosting the data, but the data might still appear on certain websites. (Storm Simpson / The South African)

Related:  ITWeb.co.za latest newsEnca.com, Cybersecurity| Reuters.com, DataBreaches.net, SANSA

Jay Leiderman, a California defense attorney known for his whistleblower advocacy and defense of political dissidents and hackers, died of an apparent heart attack in Ventura County at age 50.

Dubbed the Hacktivist’s advocate, Leiderman gained national attention for his pro-bono work for clients accused of crashing corporate and government websites, including members of the group Anonymous. (Dell Cameron / Gizmodo)

In a letter to Deputy Defense Secretary Kathleen Hicks, the Information Technology Industry Council, National Defense Industrial Association, and Professional Services Council demanded more transparency and communication from the Pentagon on the status of its Cybersecurity Maturity Model Certification program.

"The lack of clarity during the review process has increased uncertainty throughout the [defense industry base] and among commercial vendors seeking to provide covered commercial items,” the groups said. (Lauren C. Williams / FCW)

Related: InsideCyberSecurity.com, ITIC

Mastercard announced it had acquired cryptocurrency tracking firm CipherTrace to provide "additional transparency and support" for the emerging ecosystem of digital assets.

CipherTrace specializes in cryptocurrency-focused anti-money laundering, forensics, and blockchain threat intelligence solutions, with an analytics platform that enables the tracking and deanonymization of crypto transactions. (Steve Graves / Decrypt)

Related: CNBC Technology, MarketScreener.com, Digital Transactions, Business Wire Technology News, Security Week, Finextra, Invezz, Slashdot, Bitcoin News