REvil web sites mysteriously shut down

While it is not unheard of for REvil sites to lose connectivity for some time,for all sites to shut down simultaneously is unusual. Furthermore, the decoder[.]re clear website is no longer resolvable by DNS queries, possibly indicating the DNS records for the domain have been pulled or that backend DNS infrastructure has been shut down. At this point, it is not clear if the shutdown of these servers is simply a technical issue, if the gang closed down their operation, if a law enforcement operation took place or even if there is a connection to the ransomware related talks between President Biden and President Putin.

(CSO Online)

New BIOPASS malware livestreams victim’s computer screen

Hackers are compromising gambling sites to deliver a new remote access trojan called BIOPASS that allows others to watch a victim’s computer screen in real time by abusing popular live-streaming software. The malware can also steal private data from web browsers and instant messaging applications. The operators of the Python-based BIOPASS seem to target visitors of Chinese online gambling sites, injecting malware laded JavaScript code disguised as installers for Adobe Flash Player or Microsoft Silverlight.

(Bleeping Computer)

New CISA director confirmed, White House gains cyber-director

The U.S. has made a key move to shore up its cybersecurity strategy, with the confirmation of Jen Easterly as the director of the Cybersecurity and Infrastructure Security Agency (CISA) on Monday. She fills the position left empty by Chris Krebs, who was fired from the post under then-President Trump in 2020. Easterly comes to the role fresh from the private sector: She was most recently responsible for Morgan Stanley’s resilience strategy. Before that, she worked to set up the U.S. Cyber Command. Monday also saw the swearing in of Chris Inglis as the first White House national cyber-director. Inglis, a former NSA deputy director, will be responsible for communicating and coordinating cybersecurity policy across Congress, federal agencies and the White House.

(ThreatPost)

SolarWinds issues hotfix for zero-day flaw under active attack

SolarWinds has issued a hotfix for a zero-day remote code execution (RCE) vulnerability already under active, yet limited, attack on some of the company’s customers. Microsoft alerted the company to the flaw, which affects its Serv-U Managed File Transfer Server and Serv-U Secured FTP products. Specifically, the vulnerability exists in the latest Serv-U version 15.2.3 HF1 released on May 5 of this year, as well as all prior versions, the company said in a security advisory posted over the weekend. SolarWinds does not currently know many customers may be directly affected by the flaw, nor has it identified the ones who were targeted. The company is recommending that all customers using the affected products update now, which can be done by accessing the company’s customer portal.

(ThreatPost)

Thanks to our episode sponsor,
Varonis

The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at varonis.com/risk

Microsoft’s July Patch Tuesday: 117 vulnerabilities, Pwn2Own Exchange Server bug fixed

Microsoft released 117 security fixes yesterday including a remote code execution (RCE) vulnerability in Exchange Server found by participants of the Pwn2Own competition. Other products impacted include Microsoft Office, SharePoint, Excel, Microsoft Exchange Server, Windows Defender, Windows Kernel, and Windows SMB. The latest round of patches comes just a week after an emergency fix was issued by Microsoft to rectify a security flaw nicknamed “PrintNightmare.”

(ZDNet)

Bank of England to crack down on ‘secretive’ cloud computing services

The Bank of England (BoE) stated yesterday that regulators need to act to avoid banks’ reliance on a handful of outside cloud computing providers, which they claim can be secretive and a threat to financial stability. Though not naming companies specifically, British banks and other financial firms are known to outsource key cloud services to Amazon, Microsoft, and Google, to improve efficiency and cut costs. The BoE said cloud computing could sometimes be more reliable than banks hosting all their servers themselves, but big providers could dictate terms and conditions – as well as prices.

(Reuters)

European privacy regulators take aim at corporate cybersecurity failures

European privacy regulators are increasingly cracking down on cybersecurity lapses that expose personal information, highlighting the legal and financial risks that come with how companies secure data. While recent high-profile cyberattacks have highlighted the potential fallout from a damaging hack, privacy experts say, executives often overlook the possibility of additional scrutiny from regulators. From Croatia to Norway, companies are being fined for incidents or oversights that leave customers’ information exposed in contravention to the GDPR, with attention being given to breaches relating to security failures were deemed entirely preventable. 

(Wall Street Journal)

Iranian hackers posing as scholars target professors and writers in Middle-East

A sophisticated social engineering attack undertaken by an Iranian-state aligned actor targeted think tanks, journalists, and professors with an aim to solicit sensitive information by masquerading as scholars with the University of London’s School of Oriental and African Studies (SOAS). Security firm Proofpoint attributed the campaign to TA453, which is also known as APT35, Charming Kitten, and Phosphorous. The government cyber warfare group is suspected to carry out intelligence efforts on behalf of the Islamic Revolutionary Guard Corps (IRGC). The group posed as British scholars to entice the targets into clicking on a registration link to an online conference.

(The Hacker News)