Title: Surfshark, ExpressVPN pull out of India Over Data Retention Laws
Date Published: June 7, 2022
Excerpt: “Surfshark announced today they are shutting down its VPN (virtual private network) services in India in response to the new requirements in the country that demand all providers to keep customer logs for 180 days. VPN services aim to provide privacy to internet users by encrypting their network traffic and hiding their actual IP addresses behind those assigned to servers hosted at providers worldwide. This allows customers to select a country of their choice and route their traffic, so it appears as if they are in that country.”
Title: China-linked Threat Actors have Breached Telcos and Network Service Providers
Date Published: June 8, 2022
https://securityaffairs.co/wordpress/132042/apt/us-warns-china-linked-threat-actors.html
Excerpt: “US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers. The nation-state actors exploit publicly known vulnerabilities to compromise the target infrastructure. The attackers also targeted Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices to use them as additional access points to route command and control (C2) traffic and midpoints to carry out attacks on other entities.”
Title: Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw
Date Published: June 7, 2022
https://threatpost.com/public-exploits-atlassian-confluence-flaw/179887/
Excerpt: “Threat actors are using public exploits to pummel a critical zero-day remote code execution (RCE) flaw that affects all versions of a popular collaboration tool used in cloud and hybrid server environments and allows for complete host takeover. Researchers from Volexity uncovered the flaw in Atlassian Confluence Server and Data Center software over the Memorial Day weekend after they detected suspicious activity on two internet-facing web servers belonging to a customer running the software, they said in a blog post published last week.”
Title: Qbot – Known Channel for Ransomware – Delivered via Phishing and Follina Exploit
Date Published: June 8, 2022
https://www.helpnetsecurity.com/2022/06/08/qbot-follina-exploit/
Excerpt: “More than a week has passed since Microsoft acknowledged the existence of the “Follina” vulnerability (CVE-2022-30190), after reports of it being exploited in the wild began to crop up here and there. Since then, other state-backed threat actors have started exploiting it, but now one of the most active Qbot (QakBot) malware affiliates has also been spotted leveraging Follina.”
Title: FBI Seizes ‘SSNDOB’ ID Theft Service for Selling Personal Info of 24 Million People
Date Published: June 7, 2022
https://thehackernews.com/2022/06/fbi-seizes-ssndob-id-theft-service-for.html
Excerpt: “An illicit online marketplace known as SSNDOB was taken down in operation led by U.S. law enforcement agencies, the Department of Justice (DoJ) announced Tuesday. SSNDOB trafficked in personal information such as names, dates of birth, credit card numbers, and Social Security numbers of about 24 million individuals in the U.S., generating its operators $19 million in sales revenue.”
Title: Data for 2 Million Patients Stolen in Largest Healthcare Breach so far of 2022
Date Published: June 7, 2022
Excerpt: “Two million patients from nearly 60 healthcare providers were recently informed that their data was stolen after the hack of a third-party vendor, Shields Health Care Group. Shields Health provides MRI, PET/CT, and outpatient surgical services for covered entities. The breach tally makes it the largest healthcare data breach reported so far this year.
Title: An Emerging Threat: Attacking 5G Via Network Slices
Date Published: June 7, 2022
https://www.darkreading.com/threat-intelligence/an-emerging-threat-attacking-5g-via-network-slices
Excerpt: “RSA CONFERENCE — San Francisco — While 5G security is not new as a topic of conversation, emerging attack vectors continue to come to the fore. Deloitte & Touche researchers have uncovered a potential avenue of attack targeting network slices, a fundamental part of 5G’s architecture. The stakes are high: Not just a faster 4G, next-generation 5G networks are expected to serve as the communications infrastructure for an array of mission-critical environments, such as public safety, military services, critical infrastructure, and the Industrial Internet of Things (IIoT). They also play a role in supporting latency-sensitive future applications like automated cars and telesurgery. A cyberattack on that infrastructure could have significant implications for public health and national security, and impact a range of commercial services for individual enterprises.”
Title: New SVCReady Malware Loads from Word Doc Properties
Date Published: June 7, 2022
https://www.bleepingcomputer.com/news/security/new-svcready-malware-loads-from-word-doc-properties/
Excerpt: “A previously unknown malware loader named SVCReady has been discovered in phishing attacks, featuring an unusual way of loading the malware from Word documents onto compromised machines. More specifically, it uses VBA macro code to execute shellcode stored in the properties of a document that arrives on the target as an email attachment.”
Title: Black Basta ransomware now Supports Encrypting VMware ESXi Servers
Date Published: June 8, 2022
https://securityaffairs.co/wordpress/132037/hacking/black-basta-ransomware-vmware-esxi.html
Excerpt: “The Black Basta ransomware gang now supports encryption of VMware ESXi virtual machines (VMs) running on Linux servers. Researchers from Uptycs first reported the discovery of the new Black Basta ransomware variant that supports encryption of VMWare ESXi servers. The move aims at expanding potential targets, the support for VMware ESXi was already implemented by many ransomware families, including LockBit, HelloKitty, BlackMatter, and REvil.”
Title: Paying Ransomware Paints Bigger Bullseye on Target’s Back
Date Published: June 8, 2022
https://threatpost.com/paying-ransomware-bullseye-back/179915/
Excerpt: “Paying ransomware attackers doesn’t pay off and often paints a bigger target on a victim’s back. Eighty percent of ransomware victims that paid their attackers were hit a second time by the malware scourge. New ransomware numbers come from a Cybereason’s April ransomware survey of 1,456 cybersecurity professionals. According to the gated report (registration required), victims that were successfully extorted were not only targeted a second time, but frequently data encrypted by criminals later became unusable during the decryption process because of corruption issues.”