CrowdStrike says “significant number” back up and running
CrowdStrike reports that of the estimated 8.5 million Window’s devices impacted last Friday, “a significant number” are back in operation. In case you went off to a deserted island over the last 72 hours, CrowdStrike says a defective software update was to blame for critical outages affecting airlines, hospital systems, and other infrastructure nationwide. In a blog post, CrowdStrike released a new technique they claim will accelerate remediation efforts. The effects of the outage are still being felt; on Monday, 800 flights were canceled in addition to the thousands over the weekend. CrowdStrike has admitted fault for the incident, and The Record reports that dozens of companies already plan to file insurance claims to cover any financial losses.
Russian cyber criminals sanctioned for infrastructure attacks
Two key members of the Russian hacktivist group, Cyber Army Russia Reborn (CARR), have been sanctioned by the U.S. Department of Treasury for targeting U.S. critical infrastructure. CARR launched operations in 2022, initially using distributed denial of service (DDoS) attacks on Ukraine, then escalating to targeting water and energy treatment facilities in the U.S. and Europe. Most recently, they claimed responsibility for compromising the SCADA system of a U.S. energy firm. Despite their actions causing disruptions to these critical entities, major damage has been avoided due to the group’s “lack of technical sophistication.”
(Dark Reading), (Bleeping Computer), (U.S. Treasury)
Ransomware attack shuts down largest trial court in U.S.
All 36 of the Los Angeles County Superior Courts were forced to close their doors following a ransomware attack on Friday. The superior court released a statement saying that both internal and external systems, as well as every internet-connected device, were impacted, and that the malware was able to infiltrate “every electronic platform containing court data.” The court system plans to return to normal operations on Tuesday.
(The Register), (Superior Court of Los Angeles)
Play Ransomware targets VMware with New Linux Locker
Play ransomware is the latest gang to deploy a dedicated Linux locker for encrypting VMware ESXi virtual machines, expanding its attacks across the Linux platform. Cybersecurity firm Trend Micro reports this new variant checks for an ESXi environment before executing, suggesting a broader attack strategy. This trend follows other ransomware groups targeting ESXi VMs due to their efficiency in data storage and hosting critical applications.
Huge thanks to our sponsor, Vanta
FCC cracks down on API vulnerabilities
The FCC has reached a $16 million settlement with Tracfone Wireless over privacy and cybersecurity lapses, marking the first FCC settlement with conditions specifically targeting API security. The settlement follows three data breaches between January 2021 and January 2023 that exploited API vulnerabilities, exposing sensitive customer information. As part of the settlement, Tracfone must secure API vulnerabilities per industry standards, undergo external security assessments, and provide privacy and security training to its personnel.
Zero-day exploit discovered in Telegram for Android
Researchers at ESET discovered a zero-day exploit, dubbed EvilVideo, in Telegram’s Android app that allowed attackers to send malicious payloads disguised as legitimate video files. The vulnerability, present in versions prior to 10.14.5, exploited Telegram’s default media auto-download setting, potentially compromising devices if users interacted with the disguised files. Telegram patched the exploit earlier this month, which meant threat actors had about five weeks to exploit the zero-day, ESET found the exploit being sold on an underground forum, it’s unclear if it was actively used in the wild.
DDoS global takedown
Global law enforcement has shut down DigitalStress.su, a DDoS-for-hire platform described by the UK’s National Crime Agency (NCA) as the most prolific operator in the field. The operation, dubbed Operation Power Off, involved the NCA, the Police Service of Northern Ireland (PSNI), and the FBI, leading to the arrest of the platform’s suspected admin on July 2. This takedown is part of a broader effort to disrupt cybercriminal activities and includes typical law enforcement tactics like splash pages and direct messages to the platform’s users, primarily the good old message of “we are watching you.”
Chinese cybercrime group advertising at European football stadiums
Turns out you can witness organized crime in plain sight if you go to a football game in Europe. A new report from Infoblox reveals that a Chinese cybercrime syndicate, dubbed Vigorish Viper, is behind a network of illegal online gambling sites advertised at European sporting events. This syndicate provides technology for mobile betting apps linked to an illegal global gambling empire worth $1.7 trillion. That same gambling company is tied to cyber fraud-related human trafficking in Southeast Asia. The vice president of Infoblox threat intelligence, said in a release, “We can now see that organized crime is executing a cunning strategy that uses unwitting European clubs to fuel their criminal cycle.”