Cloudstar – real estate, finance and insurance IT provider – hit by ransomware • The Register

0
19


In a nutshell Cloud-based IT provider Cloudstar was attacked by ransomware that shut down its systems. He stated that he is currently in talks with scammers who have infected his computers.

“On Friday, July 16, Cloudstar discovered that it was the victim of a very sophisticated ransomware attack,” the Florida-based company warned over the weekend.

“Due to the nature of this attack, our systems are currently unavailable, and although we are on a 24/7 basis, we do not have a final recovery schedule. Our Office 365 mailing services, email encryption offerings and some support services are not available. Still fully operational. condition.

“Cloudstar has brought in third-party Tetra Defense forensic experts to assist us in our recovery efforts and has also informed law enforcement. Negotiations with the attacker are ongoing. We are working hard to resolve this issue as quickly as possible and will keep our stakeholders informed. .. “

Cloudstar is said to provide technology for hundreds of title companies and lenders. It offers remote virtual desktops, cloud software and storage, and IT security for real estate, finance, insurance, and petrochemical companies in the Americas.

“This is an incredibly difficult time for Cloudstar, but more importantly, for our customers, whose trust we value so much,” the company added. Web site

Cloudflare code execution error detected, fixed

A critical bug in the Cloudflare service, which is said to be used by 12.7% of all websites, could have been compromised by a user-controlled malicious package to potentially compromise a large number of web pages.

Service in question cdnjswhich contains the JavaScript and CSS libraries of people and serves them from the content delivery network. Bug hunter RyotaK, investigating supply chain attacks, found a traversal bug that could have been exploited by a carefully crafted JS / CSS library Sent by to cdnjs via its GitHub repository for inclusion on a CDN.

This library will be able to overwrite files and execute commands in the context of the cdnjs backend while processing the upload, and can get the secret GitHub API keys from Cloudflare. An attacker could potentially use this position to modify the JavaScript and CSS passed to these websites using cdnjs.

Interestingly, when RyotaK tried out an exploit for this vulnerability, GitHub sent a warning to Cloudflare that its credentials had been compromised and that API keys had been quickly revoked and recovered by staff. We were told that RyotaK, which participated in the Cloudflare Bug Bounty Program, submitted a vulnerability report shortly thereafter in early April and the issue was fully resolved by early June.

“While this vulnerability can be exploited without any special skills, it can affect many websites,” RyotaK said this month. “Given that there are many vulnerabilities in the supply chain that are easy to exploit but have a lot of impact, I feel this is very scary.”

The head of CISA finally appeared in America

Jen Easterly has been approved by Congress as the new director of the US Cyber ​​and Infrastructure Security Agency (CISA).

Ex-president dismissed previous CISA head Chris Krebs tweeted after the director said Joe Biden’s 2020 election was “the safest in American history.” Easterly is the name that got up early to the top post in the US government on cybersecurity, although political controversy has delayed her official directive.

Easterly is highly respected in the industry: she is a Rhodes Fellow, attended Oxford and served 20 years in the US Army, creating her first first cyber battalion, and was a key player in shaping today’s US Cyber ​​Command. She served at the NSA as head of its Tailored Access Operations infiltration team and as a national security adviser to Presidents Bush and Obama.

Easterly’s confirmation was delayed in June when Senator Rick Scott (R-FL) delay until Biden descended to the US-Mexico border. Later that month, when the ban was lifted, the Senate could not do without it, because two week break was held.

Boffins drew attention to the security of Telegram

Cryptographers from ETH Zurich and Royal Holloway College at the University of London investigated a homemade encrypted Telegram chat protocol and said an attacker could use it to, among other things, change the order of messages sent and potentially reveal the plaintext of some messages in exceptional circumstances.

“In this case, our work was motivated by another study examining the use of technology by participants in large-scale protests, such as the 2019/2020 Hong Kong protests.” said Professor Royal Holloway Martin Albrecht. “We found that the protesters relied critically on Telegram to coordinate their activities, but Telegram did not pass security checks from cryptographers.”

“None of the changes were critical,” Telegram said in a statement referring to software updates released in response to the scientists’ findings.

Iranians Accused of Academic Phishing Attack

A group identified as working with the Islamic Revolutionary Guard Corps (IRGC) is conducting a phishing campaign aimed at gathering information from academics, policymakers, think tanks and journalists covering the Middle East.

Campaign, dubbed SpoofedScholars by Proofpoint, sent out a phishing email posing as a senior lecturer at the University of London’s School of Oriental and African Studies (SOAS). Recipients were asked to speak at a webinar on “US Security Challenges in the Middle East,” and the URL led to the hacked website of the University of London’s SOAS radio.

This site asked people to log in using their Google, Yahoo, Microsoft, iCloud, AOL, mail.ru, or Facebook account credentials, which might have been collected by phishers. A few months later, the same tactic was tried again, using the name of another SOAS scientist and inviting people to a “DIPS conference”.

“Proofpoint recommends investigating network traffic on soasradio[.]org, specifically URIs starting with hxxps: // soasradio[.]org / connect /? mbelemailid =, “reported in report”. Also, emails from hanse.kendel4[@]gmail.com, hannse.kendel4[@]gmail.com and t.sinmazdemir32[@]gmail.com should be considered suspicious and investigated. “

Ring E2EE is now publicly available

After the beta testing phase, Amazon officially launches its end-to-end encryption for its latest internet-connected cameras and spotlights. You can get a complete list of devices that support the system here… ®



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here