NYC transportation authority hacked using Pulse Secure zero-day

Back in April, Chinese-backed threat actors breached the network of New York City’s Metropolitan Transportation Authority (MTA) by exploiting a Pulse Secure zero-day vulnerability. According to MTA’s Chief Technology Officer, Rafail Portnoy, while the attackers successfully hacked into MTA computer systems, they were not able to gain access to employee or customer information which Portnoy attributed to the MTA’s layered security controls. MTA mitigated the vulnerability on April 21, one day after Pulse Secure issued an advisory.

(Bleeping Computer)

Cybercriminals hold contest to find new cryptocurrency exploits

On April 20th, a prevalent Russian-speaking underground forum initiated a “contest” calling for its community to submit new methods of attacking cryptocurrency and offering a $115,000 prize to the winner. According to Intel 471’s Senior Vice President of Global Intelligence, Michael DeBolt, some of the top ideas so far are generating a fake blockchain front-end website to steal info such as private keys and balances, creating a new cryptocurrency blockchain from scratch, increasing the hash rate speed of mining farms and botnets, and building custom tools to parse cryptocurrency logs from victim machines. The contest, which is expected to run through September1, is a reminder that criminals continue to collaborate and explore cutting-edge techniques to help further their motives.

(The Hacker News)

FBI confirms REvil as JBS ransomware attacker

The FBI confirmed on Wednesday that the Russian cybercriminal group REvil is responsible for the ongoing ransomware attack targeting JBS, the world’s largest meatpacking company. The FBI issued a statement indicating they are, “working diligently to bring the threat actors to justice.” REvil is notorious for pushing the boundaries of the ransomware-as-a-service industry and targeting high-profile victims, including former president Donald Trump and Lady Gaga, with attempted extorsion schemes. The attacks will be a likely focal point of discussions between US President Joe Biden and Russian President Vladimir Putin who are scheduled to meet later this month in Geneva.

(The Record)

Are cyber insurance policies to blame for surge in ransomware?

According to research from Coalition, in the first half of 2020, ransomware attacks accounted for 41 percent of all cyber-insurance claims filed. There are a plethora of ransom payment examples in recent years, including aluminum giant Norsk Hydro who was forced in 2019 to draw over $20 million from its insurer, AIG, as well as the attack last month on the Colonial Pipeline resulting in a ransom payment of nearly $5 million, though it is not clear yet as to whether that payment was funded by the pipeline’s insurer. CISO at Netenrich, Brandon Hoffman, stated, “building in ransomware payments to insurance policies will only promote the use of ransomware further and simultaneously disincentivize organizations from taking the proper steps to avoid ransomware fallout.” In response to this alarming trend, many cyber insurers are building constraints, known as “sub-limits” and nation-state exclusions into their ransomware coverage.

(Threatpost)

Thanks to our episode sponsor, ReversingLabs

Recent supply chain attacks and executive orders have left 1000’s scrambling for guidance. Join ReversingLabs as they take their exclusive supply chain roadshow to your local region virtually. Hear from app sec specialists and security execs, as they discuss lessons learned, and innovative approaches, that will move your supply chain security and compliance program forward. For more information, visit reversinglabs.com.

Amazon’s Ring to require police to publicly request user videos

Beginning next week, Amazon’s Ring will start requiring the police to publicly request home security footage captured by the company’s doorbells and cameras via the company’s Neighbors app. Ring, which is the leading producer of internet-connected doorbells, has been broadly criticized by civil liberties groups for its snug relationship with law enforcement. While the added measure improves transparency of the data it shares, Ring appears to have no plans to sever ties with law enforcement, stating on Thursday on its blog, “We believe transparency and accountability are crucial to safer, better communities.”

(Bloomberg)

Researchers uncover critical bugs impacting Realtek wi-fi module

New critical vulnerabilities have been discovered in Realtek’s RTL8170C Wi-Fi module that an attacker could abuse to gain elevated privileges and hijack wireless communications. The Realtek technology underpins the Ameba programmable platform which is used in IoT applications across numerous commercial sectors and in smart home devices. Adversaries must either be on the same Wi-Fi network or know the network’s pre-shared key (PSK) in order to exploit the bugs. Israeli IoT security firm Vdoo indicates that firmware versions released after January 11, 2021 mitigate the issues and also recommends Wi-Fi users implement strong WPA2 passphrases.

(The Hacker News)

Fujifilm shuts down computer systems in response to apparent ransomware intrusion

Fujifilm Corporation is just the latest multinational company to be hamstrung by ransomware indicating earlier this week, that it has “taken measures to suspend all affected systems in coordination with our various global entities.” The multi-billion dollar a year company, perhaps best known for its photography equipment, also makes a range of medical products such as CT Scan and Xray devices. Fujifilm’s recovery efforts from the security incident are ongoing and a notice posted to its U.S. website on Thursday indicates that there would be significant impact to email and phone communications for some of its business entities.

(CyberScoop)

Many businesses remain concerned about remote work-related security risks

As organizations continue to shift to hybrid or full-remote working models as a result of the Coronavirus pandemic, the 2021 Thales Global Data Threat Report highlights that 82% of businesses are concerned about the security risks of employees working remotely. While malware is the leading source of security attacks, followed closely by ransomware and then phishing, the report clearly shows that internal threats and human error are still of great concern. Also many organizations indicated their security infrastructure was not prepared to handle risks resulting from the pandemic. Roughly three quarters of respondents indicated that they are now relying to some degree on a Zero Trust security design to help address these concerns.

(Security Magazine and Thales)