Cyber-attack disrupts NYC Law Department

The New York Police Department and FBI Cyber Task Force are investigating an intrusion into the New York City Law Department’s IT systems which could potentially have exposed sensitive information belonging to more than a thousand department employees. On Monday, the city government confirmed the incident and restricted admission into affected systems, preventing government lawyers from accessing documents. Though the access restrictions have disrupted some court filings, a Law Department spokesperson indicated that the agency was taking steps to minimize the impact to cases. The incident comes just days after the Metropolitan Transportation Authority confirmed an intrusion by hackers into its databases.

(Infosecurity Magazine)

Amazon successfully presses to omit consumer protections from Senate China bill

On Tuesday, the Senate passed legislation aimed at countering China’s growing economic power, however, after aggressive lobbying led by Amazon, it excluded a measure designed to protect online shoppers from counterfeit and dangerous products. The measure, known as the Inform Consumers Act, would have required online marketplaces to bolster identification procedures for third-party merchants who sell on their sites, in order to better weed out counterfeit, stolen and unsafe products from rogue sellers. The bill would have been enforced by the Federal Trade Commission, and violations would have been subject to civil penalties.

(The Washington Post)

Intel fixes high severity vulnerabilities with June 2021 platform update

Intel has issued fixes addressing 73 security vulnerabilities as part of the June 2021 Patch Tuesday. According to Intel’s Director of Communications, Jerry Bryant, over half of the vulnerabilities were discovered through Intel’s internal research.  Security updates of note include five high severity vulnerabilities impacting the Intel Virtualization Technology for Directed I/o products, the BIOS firmware for some Intel processors, and the Intel Security Library. Intel detailed the security flaws in security advisories published on Wednesday on its Product Security Center.

(Bleeping Computer and Intel Product Security Center)

Computer memory producer ADATA bit by Ragnar Locker ransomware

The Taiwanese memory manufacturer, ADATA, confirmed on Tuesday, that it suffered a ransomware attack on May 23. Upon detecting the intrusion, ADATA was able to isolate the attack and quickly restore its operations, and then contacted international authorities to assist with tracking down the attackers. Over the weekend, the Ragnar Locker group claimed responsibility for the attack and alleges to have stolen 1.5 TB of sensitive data from ADATA’s network before deploying ransomware payloads. The ransomware gang has posted some screen shots of files as proof and has threatened to leak the stolen information if ADATA refuses to pay the ransom.

(Bleeping Computer)

Thanks to our episode sponsor, Trend Micro

Banner: Trend Micro
Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register.

Spain’s Ministry of Labor and Social Economy hit by cyber-attack

The Spanish Ministry of Labor and Social Economy is working on restoring services after being hit by a cyber-attack on Wednesday. The ministerial department, which has an annual budget of almost €39 million, is responsible for coordinating and supervising Spain’s employment, social economy, and corporate social responsibility policies. While the ministry’s website is still up after the attack, both the communications office and the multimedia room are down. The ministry’s media office stated, “The technical managers of the Ministry and the National Cryptological Center are working together to determine the origin and restore normality as soon as possible.”

(Bleeping Computer)

Huawei unveils security framework with launch of transparency centre

In parallel with opening its newest transparency centre in Dongguan, China, Huawei Technologies has kicked its PR efforts into high gear by releasing their “security baseline framework” which the company has adopted for its products. The framework, which aims to facilitate compliance with legal and regulatory mandates, includes 54 requirements across 15 categories including backdoor prevention, access channel control, encryption, application security, and secure compilation. Huawei has indicated that it spends 5% of its overall R&D budget on cybersecurity and privacy. Huawei’s chairman Ken Hu said, “Governments, standards organisations, and technology providers need to work closer together to develop a unified understanding of cybersecurity challenges. This must be an international effort.”

(ZDNet)

US brokerage firms warned of ongoing phishing scam leveraging penalty threats

U.S. securities industry regulator, FINRA, has warned brokerage firms of an ongoing phishing campaign threatening recipients with late submission penalties unless they provide the information requested by the attackers. The tactic is designed to induce a sense of urgency, in hopes that victims will respond before validating the legitimacy of the emails. The market regulator, which supervises over 620,000 brokers across the U.S, stated on Monday, “FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name @gateway-finra.org.”

(Bleeping Computer)

Survey finds many workers don’t know emergency procedures

Rave Mobile Safety issued the results of its 2021 Workplace Safety and Preparedness Survey, which indicates that employers remain challenged with how to best protect and communicate with employees both on-site and remotely in a year of unprecedented change. Key findings revealed only 28% of traveling and remote workers are involved with safety drills. A third of respondents said they were unsure of emergency plans related to active shooter, cyberattacks/system outages and workplace violence. Finally, survey results showed that email and in-person alerting were the most common communication methods utilized by employers, even though respondents in the 30-44 and 45-60 age groups say their preferred method of communication is mass text message.

(Security Magazine and Rave Mobile Security)