SBN

Cybersecurity News Round-Up: Week of June 14, 2021 2

Cybersecurity News Round-Up: Week of June 14, 2021 2

Hello and welcome to another cybersecurity news round up here on the GlobalSign blog.

With all the rash of ransomware attacks, this week’s meeting between U.S. President Joe Biden and Russian President Vladimir Putin couldn’t have been better timed.

On Wednesday, Biden told Putin that certain critical infrastructure should be “off-limits” to cyberattacks. Putin’s response to the idea wasn’t immediately clear but at a separate press conference, he said the two leaders had agreed to “begin consultations” on cybersecurity issues but didn’t directly refer to Biden’s proposal.

Russian officials have repeatedly denied carrying out or tolerating cyberattacks such as December’s Solar Winds hack and more recently, the attack at global meat processor, JBS.

As for new hacks, US nuclear weapons contractor Sol Oriens announced it was the victim of a cyberattack, allegedly at the hands of the REvil ransomware gang. On Monday, the company released a statement saying it had become aware of a serious breach last month, and that it had appointed a technology forensic firm to investigate the incident. Upon learning of the breach, the company’s computer system was quickly secured, and any compromised documents were to be placed under review.

Also, this week, pharmacy giant CVS Health announced that over a billion records belonging to users have been exposed online.

WebsitePlanet and researcher Jeremiah Fowler revealed the discovery of an online database belonging to CVS Health that was not password-protected. It also had no form of authentication in place to prevent unauthorized entry.

The database, 204GB in size, contained event and configuration data including production records of visitor IDs, session IDs, device access information.

Speaking of user data, a week after Volkswagen Group of America, Inc disclosed a data breach that began back in 2019, Audi and Volkswagen revealed that customer data is being sold on a hacking forum after allegedly being stolen from an exposed Azure BLOB container.

“The data included some or all of the following contact information about you: first and last name, personal or business mailing address, email address, or phone number,” disclosed VWGoA in a data breach notification.

In some positive news, Ukrainian police have charged six people alleged to be part of the CLOP ransomware group. The gang is alleged to have extorted more than half a billion dollars from victims, including Stanford University Medical School, the University of California, and the University of Maryland.

That is all for this week. Wishing you a great, cybersafe weekend!

Top Global Cybersecurity News

Computing UK (June 17, 2021) Biden to Putin: Critical infrastructure should be “off-limits”

US President Joe Biden has told Russia’s Vladimir Putin that critical infrastructure should be off-limits to cyber attacks, and that he expects Russia to act against ransomware groups operating within its territory.

Addressing reporters at a news conference in Geneva following the US-Russia summit, Biden said his talks with the Russian president were ‘good’ and ‘positive’.

“I talked about the proposition that certain critical infrastructure should be off limits to attack, period,” Biden told reporters. The President added that he gave Putin a list of 16 entities – an apparent reference to 16 sectors, including energy, water systems, telecommunications, healthcare and food, that are defined as critical infrastructure under the US policy.

READ MORE

Bleeping Computer (June 17, 2021) Audi, Volkswagen customer data being sold on a hacking forum

Audi and Volkswagen customer data is being sold on a hacking forum after allegedly being stolen from an exposed Azure BLOB container.

Last week, the Volkswagen Group of America, Inc. (VWGoA) disclosed a data breach after a vendor left customer data unsecured on the Internet between August 2019 and May 2021.

“The data included some or all of the following contact information about you: first and last name, personal or business mailing address, email address, or phone number,” disclosed VWGoA in a data breach notification.

READ MORE

ZDNet (June 16, 2021) Over a billion records belonging to CVS Health exposed online

In another example of misconfigured cloud services impacting security, over a billion records belonging to CVS Health have been exposed online.

On Thursday, WebsitePlanet, together with researcher Jeremiah Fowler, revealed the discovery of an online database belonging to CVS Health. The database was not password-protected and had no form of authentication in place to prevent unauthorized entry.

Upon examination of the database, the team found over one billion records that were connected to the US healthcare and pharmaceutical giant, which owns brands including CVS Pharmacy and Aetna.

The database, 204GB in size, contained event and configuration data including production records of visitor IDs, session IDs, device access information — such as whether visitors to the firm’s domains used an iPhone or Android handset — as well as what the team calls a “blueprint” of how the logging system operated from the backend.

READ MORE

Krebs on Security (June 16, 2021) Ukrainian Police Nab Six Tied to CLOP Ransomware

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group, a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOP’s victims this year alone include Stanford University Medical School, the University of California, and University of Maryland.

UkraineNabsTesla.png A still shot from a video showing Ukrainian police seizing a Tesla, one of many high-end vehicles seized in this week’s raids on the Clop gang.

According to a statement and videos released today, the Ukrainian Cyber Police charged six defendants with various computer crimes linked to the CLOP gang, and conducted 21 searches throughout the Kyiv region.

First debuting in early 2019, CLOP is one of several ransomware groups that hack into organizations, launch ransomware that encrypts files and servers, and then demand an extortion payment in return for a digital key needed to unlock access.

READ MORE

Bleeping Computer (June 14, 2021) REvil ransomware hits US nuclear weapons contractor

US nuclear weapons contractor Sol Oriens has suffered a cyberattack allegedly at the hands of the REvil ransomware gang, which claims to be auctioning data stolen during the attack.

Sol Oriens describes itself as helping the “Department of Defense and Department of Energy Organizations, Aerospace Contractors, and Technology Firms carry out complex programs.”

However, job postings first spotted by CNBC correspondent Eamon Javers provide some insight into Sol Orien’s operations, who are seeking program managers, consultants, and a ‘Nuclear Weapon System Subject Matter Expert’ to work with the National Nuclear Security Administration (NNSA).

“Sol Oriens LLC currently has an opening for a Senior Nuclear Weapon System Subject Matter. Expert with more than 20 years of experience with nuclear weapons like the W80-4. This. Subject Matter Expert works with NNSA Federal and other Contractor personnel to organize,. coordinate, implement, and manage technical program activities for the W80-4 Life Extension. Program.,” says one of the job postings.

READ MORE

Other Industry News

IAB Tech Lab Accused of “World’s Largest Data Breach” – Infosecurity Magazine

Accellion breach raises notification concerns – SearchSecurity

Fujifilm Restores Services Following Ransomware Attack – SecurityWeek

Travel and retail industries facing wave of credential stuffing attacks – ZDNet

Chip shortages lead to more counterfeit chips and devices – Ars Technica

MSPs: ‘We Need More Bodies To Help’ Win Ransomware ‘War’- CRN

Puerto Rico’s Power Distributor Suffered a Cyberattack Hours Before a Devastating Fire – Wall Street Journal (subscription required)

The Colorado Privacy Act: How Does it Stack Up Against the GDPR? – Lexology

Strong Customer Authentication Makes Waves in the EU Payments Industry – Payments Journal

 

Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.

Share this Post

*** This is a Security Bloggers Network syndicated blog from Blog Feed authored by Blog Feed. Read the original post at: https://www.globalsign.com/en/blog/cybersecurity-news-round-week-june-14-2021