The Colonial Pipeline ransomware saga continues to unfold before our eyes. This week, company CEO Joseph Blount admitted to paying $4.4 million in ransom to cybercriminals following the attack that shut down the largest fuel pipeline in the U.S. In an interview with the Wall Street Journal, Blount says he made the decision to pay the ransom within hours of the attack. “I know that’s a highly controversial decision. I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this… but it was the right thing to do for the country.” The company learned of the attack on May 7th after an employee found a ransom note on a control room computer. That evening, Blount decided to pay because he was unsure how badly the breach… Read more
Original release date: May 27, 2021
CISA has updated Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities to include new threat actor techniques, tactics, and procedures (TTPs), indicators of compromise (IOCs), and updated mitigations.
CISA encourages users and administrators to review AA21-110A and the following resources for more information:
• Re-Checking Your Pulse
• Ivanti KB44755 – Pulse Connect Secure (PCS) Integrity Assurance
• Ivanti Security Advisory SA44784
• Emergency Directive 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities
The future is full of innovation potential with no-code and low-code systems. It will help developers as well as citizen developers who don’t know any programming languages
The attacks have targeted US healthcare and first responder networks with ransom demands as high as $25 million, says the FBI.
Researchers at Cisco Talos warn that the threat actor known as APT36 is using new spoofed, 100%-cloned websites combined with malicious documents to deliver Remote Access Trojans and compromise networks.
“Our latest research confirms that the group continues to create malicious domains mimicking defense-related entities as a core component of their operations,” the researchers write.
Cisco Talos also notes that the threat actor is targeting more verticals than usual in the latest campaign. “While military and defense personnel continue to be the group’s primary targets, APT36 is increasingly targeting diplomatic entities, defense contractors, research organizations, and conference attendees, indicating that the group is expanding its targeting,” the researchers write.
The researchers add that APT36 is putting more effort into making its phishing lures more convincing. “The actors recently deviated from the CrimsonRAT infection chains to make their ObliqueRAT phishing maldocs appear more legitimate,” the researchers write.
“For example, attackers leveraging ObliqueRAT started hosting their malicious payloads on compromised websites instead of embedding the malware in the maldoc. APT36 also used HTTrack, a website copying tool, to create identical duplicates of legitimate sites.
“These examples highlight APT36 heavy reliance on social engineering as a core TTP and the group’s efforts to make their operations appear as legitimate as possible,” the researchers conclude.
These types of attacks happen all over the world, often by state-sponsored hacking groups. You absolutely need a strong human firewall as your last line of defense to block social engineering attacks like this.
Satya Nadella’s keynote centered the speed of digital transformation and the role of developers in the process, but he also dropped a hint about the biggest update to Windows “in over a decade.”
It’s all over the news! The bug you can’t fix! Fortunately, you don’t need to. We explain why.
With cryptocurrencies gaining traction, it should come as no surprise that governments are beginning to use them as well. Tom Merritt lists five facts about government digital coins.