This week’s Cyber Security Headlines – Week in Review, June 7-11, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Robert Wood, CISO, Centers for Medicare & Medicaid Services

Cyber Security Headlines – Week in Review is live every Thursday at 4pm PT/7pm ET. Join us each week by registering for the open discussion.

Ransomware backup provider Exagrid pays $2.6m to ransomware attackers

The ransom was paid in bitcoin on May 13. Accession to the ransomware attacker’s demands was made more embarrassing when the backup appliance supplier – which makes a big play of its strengths against ransomware – accidentally deleted the decryption tool and had to ask for it again. The ransomware group, Conti, who had lurked inside the Exagrid network for over a month, revealed they had over 800 gigabytes of personal data of clients and employees, commercial contracts, NDA forms, financial data, tax returns and source code. The initial ransom demanded was $7,480,000 but was negotiated down to $2.6 million.

(ComputerWeekly)

TikTok quietly updates its privacy policy to collect users’ biometric data

The change allows it to automatically collect information such as faceprints and voiceprints from the content its users post on the platform. The company’s privacy policy notes that it may collect information about “the nature of the audio, and the text of the words spoken in your User Content” for, among other things, content moderation, demographic classification, for content and ad recommendations, and for other non-personally-identifying operations.” Unless a user’s state of country has pre-existing laws preventing such collection, users are seen as consenting by agreeing to the app’s terms of service.

(The Hacker News)

US recovers millions in cryptocurrency paid to Colonial Pipeline ransomware hackers

This follows the attack which prompted the shutdown of the key East Coast pipeline last month. The Justice Department is expected on Monday to announce details of the operation led by the FBI with the cooperation of the Colonial Pipeline operator, people briefed on the matter said. Though paying the ransom to restore operations, behind the scenes, the company had taken steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia. CNN earlier reported that federal agencies are adept at tracing currency used to pay ransomware groups, but its ability to effectively do so “situationally dependent” and relies a great deal on how the ransomware organizations manage their operational network.  

(CNN)

StackOverflow, Twitch, Reddit, others down in Fastly CDN outage

A Who’s Who of major websites around the world also including Amazon, CNN, Shopify, Hulu, Quora, the BBC and many others went down or slowed yesterday. Browsers received a “503 Service Unavailable” notice or CSS-free web pages as content failed to arrive. The outage was traced to San Francisco-based Fastly, a popular content delivery network. Fastly calls the occurrence, which lasted just an hour, a “global CDN disruption.”

(Bleeping Computer and TechCrunch)


Thanks to our episode sponsor, Trend Micro

Banner: Trend Micro
Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register.

(Bleeping Computer and TechCrunch)

47% phishing increase in first quarter of 2021

PhishLabs identified 47% more phishing sites in Q1 of 2021 than there were in Q1 of 2020. This trend is continuing as Q2 attacks are also up significantly year-over-year. Social media, especially messaging apps, topped the list for the first time, suggesting that threat actors are increasingly drawn to the massive reach and often careless user attitudes toward the security of their social media accounts. Accounts used for single sign-on (SSO) were also heavily targeted in Q1, accounting for 40% of overall phishing volume.

(Phishlabs)

Survey finds many workers don’t know emergency procedures

Rave Mobile Safety issued the results of its 2021 Workplace Safety and Preparedness Survey, which indicates that employers remain challenged with how to best protect and communicate with employees both on-site and remotely in a year of unprecedented change. Key findings revealed only 28% of traveling and remote workers are involved with safety drills. A third of respondents said they were unsure of emergency plans related to active shooter, cyberattacks/system outages and workplace violence. Finally, survey results showed that email and in-person alerting were the most common communication methods utilized by employers, even though respondents in the 30-44 and 45-60 age groups say their preferred method of communication is mass text message.

(Security Magazine and Rave Mobile Security)

US brokerage firms warned of ongoing phishing scam leveraging penalty threats

U.S. securities industry regulator, FINRA, has warned brokerage firms of an ongoing phishing campaign threatening recipients with late submission penalties unless they provide the information requested by the attackers. The tactic is designed to induce a sense of urgency, in hopes that victims will respond before validating the legitimacy of the emails. The market regulator, which supervises over 620,000 brokers across the U.S, stated on Monday, “FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from FINRA and using the domain name @gateway-finra.org.”

(Bleeping Computer)

Google fixes sixth Chrome zero-day exploited in the wild this year

Few details regarding today’s fixed zero-day vulnerability are currently available other than that it is a type confusion bug in V8, Google’s open-source and C++ WebAssembly and JavaScript engine. his zero-day was utilized by the same threat actors using the Windows CVE-2021-33742 zero-day fixed yesterday by Microsoft. In addition to these vulnerabilities, news broke yesterday of a threat actor group known as Puzzlemaker that is chaining together Google Chrome zero-day bugs to escape the browser’s sandbox and install malware in Windows.

(Bleeping Computer)