Russia's Nobelium Threat Group Continues to Target Governments and Enterprises Worldwide
Life360 sells location data on children and families, Microsoft seizes 42 domains used by Chinese espionage group, Israel imposes new restrictions on export of cyber "warfare" tools, more
Check out my latest CSO column, which provides a deeper look into Cyber Command’s admission of targeting malware operators.
Researchers at Mandiant say the Russian threat group Microsoft calls Nobelium, that is also known as APT29, The Dukes, or Cozy Bear and is believed to be the hacking division of the Russian Foreign Intelligence Service (SVR), continues to breach government and enterprise networks worldwide by targeting their cloud and managed service providers and using a new custom "Ceeloader" malware.
The researchers say that Nobelium actors continue to breach cloud providers and MSPs as a way to gain initial access to their downstream customer's network environment. Mandiant warns that the activity of Nobelium is heavily focused on the collection of intelligence. (Bill Toulas / Bleeping Computer)
Related: CTV News, Associated Press Technology, The Independent, AOL, Al Arabiya, Cyberscoop, Ars Technica, Bleeping Computer, The Hacker News, Security Week, Dark Reading, The Hill, Threatpost. Mandiant
Life360, a popular family safety app used by 33 million people worldwide and promoted to parents as a good way to track their children, has been selling data on the location of children and families to approximately a dozen data brokers who have sold data to virtually anyone who wants to buy it.
Two former company employees say that Life360 fails to take necessary precautions to ensure that location histories cannot be traced back to individuals. The company CEO says that “Some of our data partners receive hashed data and some do not based on how the data will be used.” Life360 announced on November 22 it plans to buy Tile, a tracking device company that helps find lost items. (Jon Keegan and Alfred Ng / The Markup)
Microsoft's legal team obtained a court warrant that allowed it to seize 42 domains used by a Chinese cyber-espionage group it calls Nickel but is also called APT15, Mirage, or Vixen Panda, Ke3Chang. The group has been active in recent operations that targeted organizations in the US and 28 other countries.
The group’s victims had been hacked using compromised third-party virtual private network (VPN) suppliers or stolen credentials obtained from spear-phishing campaigns. (Catalin Cimpanu / The Record)
Related: Security News | Tech Times, Teller Report, Chinanews.net, The Register - Security, Business Standard, OpIndia, Reddit - cybersecurity, Candid.Technology, Ars Technica, Techradar, The Hacker News, ZDNet, Microsoft, Microsoft, Silicon Angle, SC Magazine, Cyberscoop
The Israeli Defense Ministry imposed new restrictions on the export of cyber warfare tools following the global backlash over the use of surveillance software made by the country’s NSO Group against journalists, activists, and political rivals by human rights violators worldwide.
The Defense Ministry’s Defense Export Control Agency released an updated version of its “end use/user certificate,” which more clearly defines what does and does not amount to terrorism and serious crimes. The new definition of terrorism could be used to limit the export of NSO Group software. (Judah Ari Gross / Times of Israel)
Ransomware group LockBit has targeted Abiom, a technology firm that handles sensitive documents for Dutch police, emergency services, and security.
A total of 39,000 documents, including ID documents, were leaked after Albion refused to pay LockBit’s demanded ransom. (DutchNews.nl)
Related: NL Times
Huib Modderkolk @huibmodderkolkC2000-leverancier Abiom, die communicatie levert voor oa brandweer, politie en Defensie, is gehackt. Vertrouwelijke data zijn door LockBit online gezet en ingezien door de Volkskrant: https://t.co/oWR5Qomz6U
More than 300 SPAR supermarket chain stores in Northern England were forced to close or accept only cash following a weekend cyberattack.
The stores remain affected, and the UK's national cybersecurity center (NCSC) said it is investigating. (Alexander Martin / Sky News)
Related: Evening Standard, The Sun, The Independent, The Register - Security, Bleeping Computer, Euro Weekly News Spain, Malware News, ZDNet Security, The Guardian, Infosecurity Magazine, Security - Computing, Silicon UK
Blockchain bridge protocol organization BadgerDAO is pleading with a hacker that stole 2,100 BTC ($118,500,000) and 151 ETH ($679,000) worth of cryptocurrency tokens to please return the funds.
BadgerDAO said in a statement, “You have taken funds that do not belong to you, but we are willing to work with you and compensate you for identifying this vulnerability in the systems.” (Lorenzo Franceschi-Bicchierai / Motherboard)
Researchers at Red Canary say that threat actors are distributing altered installers for KMSPico, a popular Microsoft Windows and Office product activator that emulates a Windows Key Management Services (KMS) server to activate licenses fraudulently. The altered installers are designed to infect Windows devices with malware that steals cryptocurrency wallets.
KMSPico is commonly distributed through pirated software and cracks sites that wrap the tool in installers containing adware and malware. Red Canary says that it has observed several IT departments using KMSPico instead of legitimate Microsoft licenses to activate systems. (Bill Toulas / Bleeping Computer)
The Canadian government is urging organizations to take the threat of ransomware more seriously, both through pleas for action and the release of free anti-ransomware resources.
The country’s Communications Security Establishment (CSE) said it's aware of 235 ransomware incidents against Canadian victims from Jan. 1 to Nov. 16 of this year. More than half of those targets were critical infrastructure providers, including energy, health, and manufacturing sectors. (Catharine Tunney / CBC)
Facebook-owned messaging app WhatsApp announced that it had expanded the privacy control features with default disappearing messages for all newly initiated chats.
Users can enable the disappearing messages by default. However, any user who wants to permanently have access to one of their chats in the future has to switch back to standard chats where disappearing messages are not enabled. (Sergiu Gatlan / Bleeping Computer)
Bot protection technology company Kasada announced it had raised $23 million in a Series C funding round.
StepStone Group led the round with participation from existing investors Ten Eleven Ventures, Main Sequence Ventures, Reinventure (Westpac’s venture capital arm), Our Innovation Fund, and Turnbull & Partners. (Kyle Alspach / Venture Beat)
Git cybersecurity start-up GitGuardian SAS has announced that it has raised $44 million in a Series B venture funding round.
Eurazeo led the Series B round with participation from Sapphire, Balderton, BPI, and Fly Ventures. (Duncan Riley / Silicon Angle)
Related: Security Week
Cloud security start-up CloudSEK announced it had raised $7 million in a Series A venture funding round.
MassMutual Ventures led the round with participation from Omidyar Network India, 100X Entrepreneur, individual investors Firoz Meeran and Navas Meeran (Eastern Group), and CRED founder Kunal Naresh Shah’s QED Innovation Labs, along with investments from pre-Series A investors Exfinity Venture Partners, IDFC Parampara, and Aaruha Technology Fund. (Binu Mathew / Telecom Live)
Related: Economic Times