Cybersecurity News Roundup: Week of June 20, 2022

0

Hello,

We took a break for a few weeks, but now our blog is back. Here are the latest top stories in cybersecurity.

Let’s start with Germany, where the country’s Green Party announced that it was the victim of a recent cyberattack that affected email accounts belonging to Foreign Minister Annalena Baerbock and Economy Minister Robert Habeck. The cyberattack was first reported last Saturday by German weekly Der Spiegel. While the number of email accounts actually affected was very low – just 14 – party leaders Ricarda Lang and Omid Nouripour were among those compromised in such a way that some emails were forwarded to addresses outside the country. left.

In the UK, logistics giant Yodel was also hit by what they call a cyber ‘incident’, which caused a service disruption earlier in the week. The UK delivery company posted an update to its site saying: “We are working to restore our operations as quickly as possible, but at this time order tracking remains unavailable and packages may arrive later than expected” . Although the company does not hold any customer payment information, it is currently investigating whether other personally identifiable information (PII) was taken.

Elsewhere in Europe, Europol said on Tuesday that police had busted a cybercrime group that was making millions from phishing and other types of schemes. The law enforcement operation was carried out by police in Belgium and the Netherlands, with the support of Europol. Dutch police arrested nine individuals – eight men and one woman, aged between 25 and 36 – and raided 24 homes in the country. Police say the suspects were involved in phishing and other internet scams that earned them millions of dollars.

Then in India, logistics service provider Grab is denying claims circulated by a group of Malaysian hacktivists that it was a victim of the group’s hacking attack. DragonForce Malaysia says it stole details of Grab’s delivery staff. They announced it via social media and shared a spreadsheet with names and other data. A spokesperson for Grab told Information Security Media Group that the spreadsheet contains references for motorcycle delivery drivers from a third-party vendor, and it appears that none of Grab’s systems have been directly targeted.

In the United States, Microsoft and Outlook customers were the targets of a voicemail-themed phishing campaign that hit specific vertical markets across the country. According to Zscaler’s ThreatLabz analysis, a highly targeted offensive began in May, targeting specific verticals, including software security, US military, security vendors, healthcare/pharma, and blockchain. manufacturing supply.

On Tuesday, President Biden signed into law three bills, two of which relate to improving government cybersecurity. Bill S. 1097, the Federal Rotational Cyber ​​Workforce Program Act of 2021, establishes an employee rotation program within the Federal Cyber ​​Workforce. The law establishes that “certain federal employees may be itemized among rotating cyber-workforce positions at other agencies” and authorizes agencies to determine which employees are eligible for the program. Bill S. 2520, the State and Local Government Cybersecurity Act of 2021, will require the Department of Homeland Security to enhance collaboration among state, local, tribal, and territorial government entities as well as “corporations, associations, and the general public, regarding cybersecurity.”

Also this week, major US lender Flagstar Bank announced a security compromise that took place last year. A statement released by the Maine Attorney General explained that Flagstar was hit between April and December 2021. The bank estimates that at least the names and Social Security numbers of more than 1.5 million of its customers were stolen on its computers in December. According to BankInfoSecurity, an unidentified malicious actor gained unauthorized access to the bank’s systems around December 4 or 5 last year. It was not until June 2, after “an extensive forensic investigation and manual review of documents,” that bank officials uncovered the breach.

It’s all for this week. Thank you for passing by our blog.

Amy

Top Global Security News

safety week (June 22, 2022) Belgian and Dutch police dismantle cybercrime group

Europol announced on Tuesday that police had busted a cybercrime group that was earning millions of euros through phishing and other types of schemes.

The law enforcement operation was carried out by police in Belgium and the Netherlands, with the support of Europol. Dutch police arrested nine individuals – eight men and one woman, aged between 25 and 36 – and raided 24 homes in the country.

Police seized firearms, electronic devices, jewelry, cash and cryptocurrency from the suspects. The investigation has been opened by the Belgian authorities and the individuals arrested in the Netherlands will be handed over to Belgium.
Police say the suspects were involved in phishing and other internet scams that earned them millions of dollars.

READ MORE

InfoSecurity (June 22, 2022) Yodel Cyber ​​Incident Disrupts UK Deliveries

Logistics giant Yodel has confirmed it is experiencing a cyber ‘incident’ which is disrupting service.

The UK delivery company posted an update to its site saying: “We are working to restore our operations as quickly as possible, but at this time order tracking remains unavailable and packages may arrive later than expected” .

Although the company does not hold any customer payment information, it is currently investigating whether other personally identifiable information (PII) was taken.

READ MORE

dark reading (June 22, 2022) Microsoft 365 users in the US face rampaging wave of attacks

A voicemail-themed phishing campaign is hitting specific verticals across the country, determined to harvest credentials that can be used for a variety of nefarious purposes.

Microsoft 365 and Outlook customers in the US are in the crosshairs of a successful credential theft campaign that uses voicemail-themed emails as phishing lures. The flood of malicious emails anchoring the threat is emblematic of the broader problem of securing Microsoft 365 environments, researchers say.

According to analysis by Zscaler’s ThreatLabz, a highly targeted offensive has been underway since May, targeting specific verticals, including software security, US military, security vendors, healthcare/pharma, and blockchain. manufacturing supply.

READ MORE

CBS (June 21, 2022) Biden signs two bills to improve government cybersecurity

President Joe Biden on Tuesday signed three bills into a new law, two of which aim to strengthen government cybersecurity, according to a White House press release.

Bill S. 1097, the Federal Rotational Cyber ​​Workforce Program Act of 2021, establishes an employee rotation program within the Federal Cyber ​​Workforce. The workforce is a “diverse group of practitioners who govern, design, defend, analyze, administer, operate and maintain our nation’s data, systems and networks,” according to the CIO Council.

The law establishes that “certain federal employees may be itemized among rotating cyber-workforce positions at other agencies” and authorizes agencies to determine which employees are eligible for the program.

READ MORE

The register (June 21, 2022) Info on 1.5 million people robbed from US bank in cyberattack

A US bank said at least the names and social security numbers of more than 1.5 million of its customers were stolen from its computers in December.

In a statement to the Maine Attorney General’s office this month, Flagstar Bank said it was compromised between December and April 2021. The organization’s system administrators, however, said they had no fully understood what data was stolen and what was taken. , so far. On June 2, they concluded that the criminals had “accessed and/or acquired” files containing personal information of 1,547,169 people.

“Flagstar has experienced a cyber incident involving unauthorized access to our network,” the bank said in a statement emailed to The Register.

READ MORE

BankInfoSecurity (June 21, 2022) India-based Grab denies DragonForce Malaysia cyberattack allegation

Indian hyperlocal logistics provider Grab is denying claims circulated by a Malaysian hacktivist group that it was the victim of a hacking attack.

Hacktivist group DragonForce Malaysia claims to have stolen the details of Grab delivery staff, posting a spreadsheet on social media platforms Twitter and Telegram last Saturday containing names and other data.

A spokesperson for Grab told Information Security Media Group that the spreadsheet contains references for motorcycle delivery drivers from a third-party vendor. No Grab systems were directly targeted, according to the company.

READ MORE

ABC News (June 18, 2022) German Green Party says email system hit by cyberattack

Germany’s Green Party, part of the country’s governing coalition, says its computer system was hit by a cyberattack last month that affected email accounts belonging to Foreign Minister Annalena Baerbock and the Minister of Economics Robert Habeck.

The party confirmed a report by German weekly Der Spiegel on Saturday, but said the two had not actively used their party’s accounts since January.

A total of 14 accounts – including those of party leaders Ricarda Lang and Omid Nouripour – were compromised such that some emails were forwarded to addresses outside the party, the Greens said.

READ MORE

Other stimulating stories

Icefall: 56 flaws impact thousands of exposed industrial devices – Bleeping Computer

Capital One Attacker Exploited Misconfigured AWS Databases – Dark Reading

Fake air raid sirens in Israel could be triggered by Iranian cyberattack – SecurityWeek

Latin American governments top ransomware targets due to lack of resources, analysis finds – CyberScoop

Desjardins of Canada settles $155 million data breach lawsuit – BankInfoSecurity

Illinois man behind DDoS attack service sentenced to 2 years in prison – The Record

Jacuzzi customer details could be exposed by SmartTub web bugs, says claims researcher – Portswigger

2 Texas hospitals infected with malicious code may be exposed to PHI – HealthITSecurity

Department of Energy Rethinks Cyber ​​Resilience in Its Network Securing Strategy – Cybersecurity Dive

Voicemail phishing emails steal Microsoft credentials – The Register

Inside a large-scale phishing campaign targeting millions of Facebook users – HelpNetSecurity

Share.

About Author

Comments are closed.