Morgan Stanley Was Compromised in Accellion Breach

Microsoft says PrintNightmare patch works, new phishing technique stealthily downloads Zloader, Leonardtown crippled by Kaseya ransomware attack, Espionage campaign targets Latin America, more

Please consider helping Metacurity to survive and thrive by becoming a premium subscriber. You’ll be helping yourself, too, by gaining access to our archives and premium-only content. Thank you.

Investment banking firm Morgan Stanley told the New Hampshire Attorney General that the personal information of some customers was compromised through a third-party vendor that was using the Accellion FTA service.

The firm said that one of the organizations affected by the FTA incident is Guidehouse, informed them in May 2021 that some threat actors had exploited Accellion FTA to access Morgan Stanley documents that included personal information of StockPlan Connect participants. Even though the stolen files were encrypted, the adversary gained the encryption key during the attack and “was able to obtain the decryption key during the security incident, due to the Accellion FTA vulnerability.” (Ionut Arghire / Security Week)

Related: IT ProSecurity News | Tech TimesHeimdal Security BlogEconomic TimesReddit - cybersecuritySecureReadingSecurityWeek, DOJ.NH.gov, Silicon Angle

Despite security researchers’ reports that Microsoft’s out-of-band patch for the PrintNightmare flaw could be bypassed in specific scenarios, Microsoft says that their security update from earlier this week correctly patches the PrintNightmare Print Spooler vulnerability for all supported Windows versions and urges users to start applying the updates as soon as possible.

Microsoft has updated the PrintNightmare patch guidance and is now encouraging customers to update as soon as possible. (Sergiu Gatlan / Bleeping Computer)

Related: SlashGear » securityThe Register - SecuritygHacksSoftpedia NewsThe Register - SecurityTechJuiceHeimdal Security BlogBleeping ComputerMicrosoft Security Response CenterHelp Net Security, Security Affairs

Researchers at McAfee have discovered a new phishing technique that involves using a sequence of chained commands to hide malicious content and make email attachments appear harmless to filters.

Once a phishing email containing a seemingly innocuous Word attachment is opened, victims download the payload for the infamous banking and data exfiltration malware, known as Zloader. (Keumars Afifi-Sabet / IT Pro)

Related: McAfeeIT Pro, Security Affairs, The Hacker News

France's intelligence agency, the DGSI, has launched its first website to demystify the agency's activities to millions.

The website also offers practical advice on how online users can protect themselves from cyberattacks and warns citizens of the unscrupulous methods used by foreign spy agencies to recruit sources and collect sensitive information. (Amanda Morrow / RFI)

Related: ParisGuardian

An IT management company called JustTech was affected during the Kaseya ransomware attack, which ultimately crippled Leonardtown, Maryland, one of its customers.

JustTech told Leonardtown that the ransom demand was $45,000 per computer, but the town refused to pay and is instead restoring its systems from backup. In the meantime, the city staff of 15 and others are working without computers in the near term. (Chris Velazco and Rachel Lerman / Washington Post)

Related: Southern Maryland News, The Hill

Researchers at ESET say that a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, using an upgraded variant of Bandook malware, is spying on its victims.

The latest attack chain commences with prospective victims receiving malicious emails with a PDF attachment that contains a dropper that ultimately decodes and injects Bandook into an Internet Explorer process. (Ravie Lakshmanan / The Hacker News)

Related: ESET

In 2010, planned coordinated police raids in Ukraine, Russia, the United Kingdom, and the United States called Operation Trident Breach aimed at cybercrime organizations in Easter Europe went sideways when Russian and Ukrainian corruption allowed the targets to go free.

Today the FBI offers a $3 million reward for information leading to the arrest of Evgeniy Bogachev, a prolific hacker who is one of the operation’s top targets. It’s a small fraction of the total amount he’s stolen but the second-highest reward for a hacker ever. (Patrick Howell O'Neill / MIT Technology Review)

Vice’s Motherboard obtained and analyzed an Anom phone used as a honeypot by the FBI to capture cybercriminals last month via message monitoring. The publication got the device from a source who unknowingly bought one on a classified ads site last month.

When booting up the phone, it displays a logo for an operating system called "ArcaneOS,” about which little is known. Among the phone’s other interesting features are that it appears to have no setting for turning on or off location tracking. It offers “PIN scrambling,” where the PIN entry screen will randomly rearrange the digits, potentially stopping third parties from figuring out the device's passcode. (Joseph F. Cox / Motherboard)

Kurt Sanger, a Marine lieutenant colonel serving as general counsel at U.S. Cyber Command, and Peter Pascucci, a judge advocate with the rank of commander in the Navy, argue in a Lawfare article that the disruptions from ransomware and other criminal hacking threat groups have become so harmful to national security that using cyber-related military force against them is justified.

"Transnational crimes, of varying scale and sophistication, can surpass the capacity of U.S. federal law enforcement to take immediate action. ... Operational opportunities often must be seized immediately by whatever entity is best positioned to do so,” they write in their personal, and not governmental, capacities. (Ken Dilanian / NBC News)

Related: The Hill: CybersecurityLawfare

OT and IoT device-level protection and management platform company NanoLock Security has raised $11 million in a Series B funding round.

Investors in the round include OurCrowd, HIVE2040 (by Avnon Group), and Atlantica Group, and current investors AWZ Ventures, a private investment group that includes former Canadian Prime Minister Stephen Harper. (Meir Orbach / CTECH)

Related: SecurityWeek

Photo by Icc1977, CC BY-SA 4.0 via Wikimedia Commons